{"@odata.context":"https://api.msrc.microsoft.com/sug/v2.0/sugodata/v2.0/us-EN/$metadata#vulnerability","@odata.count":19697,"value":[{"id":"00000000-0000-0000-0000-00008c5f1159","releaseDate":"2026-05-18T07:00:00-07:00","cveNumber":"CVE-2026-42822","cveTitle":"Azure Local Disconnected Operations (ALDO) Elevation of Privilege Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-18T07:00:00-07:00","description":"

Improper authentication in Azure Local Disconnected Operations allows an unauthorized attacker to elevate privileges over a network.

\n","cweList":["CWE-287: Improper Authentication"],"cweDetailsListForSearch":["cwe: CWE-287: Improper Authentication","cweUrl: https://cwe.mitre.org/data/definitions/287.html"],"unformattedDescription":"Improper authentication in Azure Local Disconnected Operations allows an unauthorized attacker to elevate privileges over a network.","mitreText":"CVE-2026-42822","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-42822","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":1,"latestSoftwareRelease":"Exploitation More Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Azure Local Disconnected Operations","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"10.0","temporalScore":"8.7","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-287: Improper Authentication","https://cwe.mitre.org/data/definitions/287.html"]}],"articles":[{"title":"Azure Local Disconnected Operations Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Improper authentication in Azure Local Disconnected Operations allows an unauthorized attacker to elevate privileges over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

How do I protect myself from this vulnerability?

\n

For Azure Resource Manager (ARM) customers:

\n

Microsoft has deployed a mitigation for this vulnerability across Microsoft\u2011operated Azure environments. Customers using Azure services hosted by Microsoft are already protected. There is no customer action to take.

\n

For Azure Local Disconnected Operations (ALDO) customers:

\n

To protect against this vulnerability, customers must update their Azure Local Disconnected Operations (ALDO) environment to the latest available release (version 2604 or later). Updates are not available as standalone patches and must be applied as a full system update through the Azure portal. ALDO is a restricted offering, and updates are only available to approved customers via allow-listing.

\n

Customers should follow Microsoft guidance to obtain access and apply the update, using the following documentation:

\n

How to deploy Disconnected Operations for Azure Local

\n

How to update Disconnected Operations for Azure Local

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?

\n

An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities.

\n","ordinal":10002},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited the vulnerability?

\n

An attacker could gain elevated privileges beyond those normally available to them, allowing actions such as accessing restricted information or performing operations that are typically limited to more highly privileged users or administrators.

\n","ordinal":10000},{"articleType":"FAQ","description":"

How could an attacker exploit this vulnerability?

\n

The most realistic exploitation scenario involves a malicious or compromised insider with existing access to the customer\u2019s environment.

\n

An attacker could exploit this vulnerability if they:

\n\n

Because an insider or compromised internal identity already satisfies many of the environmental and authentication requirements, they may bypass several of the barriers that would otherwise make exploitation more difficult.

\n

In external attacker scenarios, exploitation is significantly more constrained. An attacker would first need to:

\n\n

Additionally, Azure Local Disconnected Operations is designed to operate in a disconnected and isolated configuration, limiting direct external exposure and reducing the likelihood of opportunistic remote exploitation.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-42822","version":1,"revisionDate":"2026-05-18T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a61e50c8-7e45-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-000037033c42","releaseDate":"2026-05-16T01:05:06-07:00","cveNumber":"CVE-2026-42946","cveTitle":"NGINX ngx_http_scgi_module and ngx_http_uwsgi_module vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-17T14:41:58-07:00","cweList":["CWE-789: Memory Allocation with Excessive Size Value"],"cweDetailsListForSearch":["cwe: CWE-789: Memory Allocation with Excessive Size Value","cweUrl: https://cwe.mitre.org/data/definitions/789.html"],"mitreText":"CVE-2026-42946","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-42946","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"f5","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"6.5","temporalScore":"6.5","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L","vectorStringSource":"f5","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-789: Memory Allocation with Excessive Size Value","https://cwe.mitre.org/data/definitions/789.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-42946","version":1,"revisionDate":"2026-05-16T01:05:06-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e6e22b42-c350-f111-93fb-000d3afbc7d7"},{"cveNumber":"CVE-2026-42946","version":2,"revisionDate":"2026-05-17T14:41:58-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"7de2118c-fe51-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00000861322a","releaseDate":"2026-05-16T01:05:01-07:00","cveNumber":"CVE-2026-42945","cveTitle":"NGINX ngx_http_rewrite_module vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-17T14:41:45-07:00","cweList":["CWE-122: Heap-based Buffer Overflow"],"cweDetailsListForSearch":["cwe: CWE-122: Heap-based Buffer Overflow","cweUrl: https://cwe.mitre.org/data/definitions/122.html"],"mitreText":"CVE-2026-42945","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-42945","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"f5","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"8.1","temporalScore":"8.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","vectorStringSource":"f5","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-122: Heap-based Buffer Overflow","https://cwe.mitre.org/data/definitions/122.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-42945","version":1,"revisionDate":"2026-05-16T01:05:01-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c9e22b42-c350-f111-93fb-000d3afbc7d7"},{"cveNumber":"CVE-2026-42945","version":2,"revisionDate":"2026-05-17T14:41:45-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"feb9ab85-fe51-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000074ec8a87","releaseDate":"2026-05-16T01:04:55-07:00","cveNumber":"CVE-2026-42934","cveTitle":"NGINX ngx_http_charset_module vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-17T14:41:33-07:00","cweList":["CWE-125: Out-of-bounds Read"],"cweDetailsListForSearch":["cwe: CWE-125: Out-of-bounds Read","cweUrl: https://cwe.mitre.org/data/definitions/125.html"],"mitreText":"CVE-2026-42934","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-42934","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"f5","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"4.8","temporalScore":"4.8","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L","vectorStringSource":"f5","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-125: Out-of-bounds Read","https://cwe.mitre.org/data/definitions/125.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-42934","version":1,"revisionDate":"2026-05-16T01:04:55-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"17cfdf3b-c350-f111-93fb-000d3afbc7d7"},{"cveNumber":"CVE-2026-42934","version":2,"revisionDate":"2026-05-17T14:41:33-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"17a31c7f-fe51-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000005f10d2","releaseDate":"2026-05-16T01:04:50-07:00","cveNumber":"CVE-2026-40701","cveTitle":"NGINX ngx_http_ssl_module vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-17T14:41:19-07:00","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"mitreText":"CVE-2026-40701","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-40701","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"f5","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"4.8","temporalScore":"4.8","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L","vectorStringSource":"f5","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-40701","version":1,"revisionDate":"2026-05-16T01:04:50-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"00cfdf3b-c350-f111-93fb-000d3afbc7d7"},{"cveNumber":"CVE-2026-40701","version":2,"revisionDate":"2026-05-17T14:41:19-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"750b7f78-fe51-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000102908c0","releaseDate":"2026-05-16T01:04:45-07:00","cveNumber":"CVE-2026-40460","cveTitle":"NGINX ngx_quic_module vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-17T14:41:07-07:00","cweList":["CWE-290: Authentication Bypass by Spoofing"],"cweDetailsListForSearch":["cwe: CWE-290: Authentication Bypass by Spoofing","cweUrl: https://cwe.mitre.org/data/definitions/290.html"],"mitreText":"CVE-2026-40460","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-40460","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"f5","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"6.5","temporalScore":"6.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L","vectorStringSource":"f5","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-290: Authentication Bypass by Spoofing","https://cwe.mitre.org/data/definitions/290.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-40460","version":1,"revisionDate":"2026-05-16T01:04:45-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b30edf35-c350-f111-93fb-000d3afbc7d7"},{"cveNumber":"CVE-2026-40460","version":2,"revisionDate":"2026-05-17T14:41:07-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"6e5f456c-fe51-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000200500ac","releaseDate":"2026-05-16T01:04:39-07:00","cveNumber":"CVE-2026-6479","cveTitle":"PostgreSQL SSL/GSS init causes denial of service, via uncontrolled recursion","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-17T14:40:54-07:00","cweList":["CWE-674: Uncontrolled Recursion"],"cweDetailsListForSearch":["cwe: CWE-674: Uncontrolled Recursion","cweUrl: https://cwe.mitre.org/data/definitions/674.html"],"mitreText":"CVE-2026-6479","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-6479","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"PostgreSQL","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"7.5","temporalScore":"7.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","vectorStringSource":"PostgreSQL","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-674: Uncontrolled Recursion","https://cwe.mitre.org/data/definitions/674.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-6479","version":1,"revisionDate":"2026-05-16T01:04:39-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a20edf35-c350-f111-93fb-000d3afbc7d7"},{"cveNumber":"CVE-2026-6479","version":2,"revisionDate":"2026-05-17T14:40:54-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"6e234e66-fe51-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00002a0500ac","releaseDate":"2026-05-16T01:04:33-07:00","cveNumber":"CVE-2026-6477","cveTitle":"PostgreSQL libpq lo_* functions let server superuser overwrite client stack memory","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-19T01:02:03-07:00","cweList":["CWE-242: Use of Inherently Dangerous Function"],"cweDetailsListForSearch":["cwe: CWE-242: Use of Inherently Dangerous Function","cweUrl: https://cwe.mitre.org/data/definitions/242.html"],"mitreText":"CVE-2026-6477","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-6477","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"PostgreSQL","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"8.8","temporalScore":"8.8","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","vectorStringSource":"PostgreSQL","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-242: Use of Inherently Dangerous Function","https://cwe.mitre.org/data/definitions/242.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-6477","version":3,"revisionDate":"2026-05-19T01:02:03-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"2f7b1c55-1e53-f111-939d-000d3ac5fb71"},{"cveNumber":"CVE-2026-6477","version":1,"revisionDate":"2026-05-16T01:04:33-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"6ed7e52f-c350-f111-93fb-000d3afbc7d7"},{"cveNumber":"CVE-2026-6477","version":2,"revisionDate":"2026-05-17T14:40:42-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"8d713960-fe51-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000080326221","releaseDate":"2026-05-16T01:04:28-07:00","cveNumber":"CVE-2026-6637","cveTitle":"PostgreSQL refint allows stack buffer overflow and SQL injection","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-17T14:40:29-07:00","cweList":["CWE-121: Stack-based Buffer Overflow"],"cweDetailsListForSearch":["cwe: CWE-121: Stack-based Buffer Overflow","cweUrl: https://cwe.mitre.org/data/definitions/121.html"],"mitreText":"CVE-2026-6637","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-6637","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"PostgreSQL","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"8.8","temporalScore":"8.8","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","vectorStringSource":"PostgreSQL","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-121: Stack-based Buffer Overflow","https://cwe.mitre.org/data/definitions/121.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-6637","version":1,"revisionDate":"2026-05-16T01:04:28-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"5ed7e52f-c350-f111-93fb-000d3afbc7d7"},{"cveNumber":"CVE-2026-6637","version":2,"revisionDate":"2026-05-17T14:40:29-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"0db9fa59-fe51-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000250500ac","releaseDate":"2026-05-16T01:04:23-07:00","cveNumber":"CVE-2026-6472","cveTitle":"PostgreSQL CREATE TYPE does not check multirange schema CREATE privilege","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-17T14:40:16-07:00","cweList":["CWE-862: Missing Authorization"],"cweDetailsListForSearch":["cwe: CWE-862: Missing Authorization","cweUrl: https://cwe.mitre.org/data/definitions/862.html"],"mitreText":"CVE-2026-6472","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-6472","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"PostgreSQL","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"5.4","temporalScore":"5.4","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","vectorStringSource":"PostgreSQL","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-862: Missing Authorization","https://cwe.mitre.org/data/definitions/862.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-6472","version":1,"revisionDate":"2026-05-16T01:04:23-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ac70ee29-c350-f111-93fb-000d3afbc7d7"},{"cveNumber":"CVE-2026-6472","version":2,"revisionDate":"2026-05-17T14:40:16-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"47406353-fe51-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00002b0500ac","releaseDate":"2026-05-16T01:04:17-07:00","cveNumber":"CVE-2026-6474","cveTitle":"PostgreSQL timeofday() can disclose portions of server memory","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-17T14:39:58-07:00","cweList":["CWE-134: Use of Externally-Controlled Format String"],"cweDetailsListForSearch":["cwe: CWE-134: Use of Externally-Controlled Format String","cweUrl: https://cwe.mitre.org/data/definitions/134.html"],"mitreText":"CVE-2026-6474","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-6474","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"PostgreSQL","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"4.3","temporalScore":"4.3","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","vectorStringSource":"PostgreSQL","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-134: Use of Externally-Controlled Format String","https://cwe.mitre.org/data/definitions/134.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-6474","version":1,"revisionDate":"2026-05-16T01:04:17-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"9f70ee29-c350-f111-93fb-000d3afbc7d7"},{"cveNumber":"CVE-2026-6474","version":2,"revisionDate":"2026-05-17T14:39:58-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"46be0547-fe51-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00002c0500ac","releaseDate":"2026-05-16T01:04:11-07:00","cveNumber":"CVE-2026-6475","cveTitle":"PostgreSQL pg_basebackup and pg_rewind can overwrite unrelated files of origin superuser choice","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-17T14:39:45-07:00","cweList":["CWE-61: UNIX Symbolic Link (Symlink) Following"],"cweDetailsListForSearch":["cwe: CWE-61: UNIX Symbolic Link (Symlink) Following","cweUrl: https://cwe.mitre.org/data/definitions/61.html"],"mitreText":"CVE-2026-6475","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-6475","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"PostgreSQL","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"8.8","temporalScore":"8.8","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","vectorStringSource":"PostgreSQL","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-61: UNIX Symbolic Link (Symlink) Following","https://cwe.mitre.org/data/definitions/61.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-6475","version":1,"revisionDate":"2026-05-16T01:04:11-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f55eef23-c350-f111-93fb-000d3afbc7d7"},{"cveNumber":"CVE-2026-6475","version":2,"revisionDate":"2026-05-17T14:39:45-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"5c88ed40-fe51-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000071326221","releaseDate":"2026-05-16T01:04:06-07:00","cveNumber":"CVE-2026-6638","cveTitle":"PostgreSQL REFRESH PUBLICATION allows SQL injection via table name","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-17T14:39:32-07:00","cweList":["CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"],"cweDetailsListForSearch":["cwe: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","cweUrl: https://cwe.mitre.org/data/definitions/89.html"],"mitreText":"CVE-2026-6638","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-6638","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"PostgreSQL","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"3.7","temporalScore":"3.7","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N","vectorStringSource":"PostgreSQL","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","https://cwe.mitre.org/data/definitions/89.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-6638","version":1,"revisionDate":"2026-05-16T01:04:06-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d766751d-c350-f111-93fb-000d3afbc7d7"},{"cveNumber":"CVE-2026-6638","version":2,"revisionDate":"2026-05-17T14:39:32-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"05ee7834-fe51-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000260500ac","releaseDate":"2026-05-16T01:04:00-07:00","cveNumber":"CVE-2026-6473","cveTitle":"PostgreSQL server undersizes allocations, via integer wraparound","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-19T01:02:09-07:00","cweList":["CWE-190: Integer Overflow or Wraparound"],"cweDetailsListForSearch":["cwe: CWE-190: Integer Overflow or Wraparound","cweUrl: https://cwe.mitre.org/data/definitions/190.html"],"mitreText":"CVE-2026-6473","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-6473","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"PostgreSQL","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"8.8","temporalScore":"8.8","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","vectorStringSource":"PostgreSQL","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-190: Integer Overflow or Wraparound","https://cwe.mitre.org/data/definitions/190.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-6473","version":3,"revisionDate":"2026-05-19T01:02:09-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"bc6aa45b-1e53-f111-939d-000d3ac5fb71"},{"cveNumber":"CVE-2026-6473","version":1,"revisionDate":"2026-05-16T01:04:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c266751d-c350-f111-93fb-000d3afbc7d7"},{"cveNumber":"CVE-2026-6473","version":2,"revisionDate":"2026-05-17T14:39:18-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"8f04512d-fe51-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00001f0500ac","releaseDate":"2026-05-16T01:03:55-07:00","cveNumber":"CVE-2026-6478","cveTitle":"PostgreSQL discloses MD5-hashed passwords via covert timing channel","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-17T14:39:05-07:00","cweList":["CWE-385: Covert Timing Channel"],"cweDetailsListForSearch":["cwe: CWE-385: Covert Timing Channel","cweUrl: https://cwe.mitre.org/data/definitions/385.html"],"mitreText":"CVE-2026-6478","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-6478","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"PostgreSQL","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"6.5","temporalScore":"6.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","vectorStringSource":"PostgreSQL","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-385: Covert Timing Channel","https://cwe.mitre.org/data/definitions/385.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-6478","version":1,"revisionDate":"2026-05-16T01:03:55-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e3d6c116-c350-f111-93fb-000d3afbc7d7"},{"cveNumber":"CVE-2026-6478","version":2,"revisionDate":"2026-05-17T14:39:05-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"822c1d27-fe51-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000e488b3f3","releaseDate":"2026-05-15T17:21:35-07:00","cveNumber":"CVE-2026-8587","cveTitle":"Chromium: CVE-2026-8587 Use after free in Extensions","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T17:21:35-07:00","description":"

This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome\u00a0Releases for more information

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome\u00a0Releases](https://chromereleases.googleblog.com/2025) for more information","mitreText":"CVE-2026-8587","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8587","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.7005/15/2026148.0.7778.168
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8587","version":1,"revisionDate":"2026-05-15T17:21:35-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"f9f24184-8250-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000e588b3f3","releaseDate":"2026-05-15T17:21:34-07:00","cveNumber":"CVE-2026-8586","cveTitle":"Chromium: CVE-2026-8586 Inappropriate implementation in Chromoting","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T17:21:34-07:00","description":"

This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome\u00a0Releases for more information

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome\u00a0Releases](https://chromereleases.googleblog.com/2025) for more information","mitreText":"CVE-2026-8586","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8586","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.7005/15/2026148.0.7778.168
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8586","version":1,"revisionDate":"2026-05-15T17:21:34-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"e6f24184-8250-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000e688b3f3","releaseDate":"2026-05-15T17:21:33-07:00","cveNumber":"CVE-2026-8585","cveTitle":"Chromium: CVE-2026-8585 Inappropriate implementation in Media","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T17:21:33-07:00","description":"

This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome\u00a0Releases for more information

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome\u00a0Releases](https://chromereleases.googleblog.com/2025) for more information","mitreText":"CVE-2026-8585","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8585","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.7005/15/2026148.0.7778.168
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8585","version":1,"revisionDate":"2026-05-15T17:21:33-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"d4f24184-8250-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000e788b3f3","releaseDate":"2026-05-15T17:21:32-07:00","cveNumber":"CVE-2026-8584","cveTitle":"Chromium: CVE-2026-8584 Inappropriate implementation in Views","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T17:21:32-07:00","description":"

This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome\u00a0Releases for more information

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome\u00a0Releases](https://chromereleases.googleblog.com/2025) for more information","mitreText":"CVE-2026-8584","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8584","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.7005/15/2026148.0.7778.168
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8584","version":1,"revisionDate":"2026-05-15T17:21:32-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"1b3d487e-8250-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000e188b3f3","releaseDate":"2026-05-15T17:21:30-07:00","cveNumber":"CVE-2026-8582","cveTitle":"Chromium: CVE-2026-8582 Object lifecycle issue in Dawn","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T17:21:30-07:00","description":"

This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome\u00a0Releases for more information

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome\u00a0Releases](https://chromereleases.googleblog.com/2025) for more information","mitreText":"CVE-2026-8582","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8582","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.7005/15/2026148.0.7778.168
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8582","version":1,"revisionDate":"2026-05-15T17:21:30-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"f53c487e-8250-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000e288b3f3","releaseDate":"2026-05-15T17:21:29-07:00","cveNumber":"CVE-2026-8581","cveTitle":"Chromium: CVE-2026-8581 Use after free in GPU","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T17:21:29-07:00","description":"

This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome\u00a0Releases for more information

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome\u00a0Releases](https://chromereleases.googleblog.com/2025) for more information","mitreText":"CVE-2026-8581","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8581","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.7005/15/2026148.0.7778.168
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8581","version":1,"revisionDate":"2026-05-15T17:21:29-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"e23c487e-8250-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000e388b3f3","releaseDate":"2026-05-15T17:21:28-07:00","cveNumber":"CVE-2026-8580","cveTitle":"Chromium: CVE-2026-8580 Use after free in Mojo","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T17:21:28-07:00","description":"

This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome\u00a0Releases for more information

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome\u00a0Releases](https://chromereleases.googleblog.com/2025) for more information","mitreText":"CVE-2026-8580","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8580","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.7005/15/2026148.0.7778.168
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8580","version":1,"revisionDate":"2026-05-15T17:21:28-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"d03c487e-8250-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-000075fd5a96","releaseDate":"2026-05-15T17:21:27-07:00","cveNumber":"CVE-2026-8579","cveTitle":"Chromium: CVE-2026-8579 Insufficient validation of untrusted input in Skia","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T17:21:27-07:00","description":"

This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome\u00a0Releases for more information

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome\u00a0Releases](https://chromereleases.googleblog.com/2025) for more information","mitreText":"CVE-2026-8579","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8579","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.7005/15/2026148.0.7778.168
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8579","version":1,"revisionDate":"2026-05-15T17:21:27-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"be3c487e-8250-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-000076fd5a96","releaseDate":"2026-05-15T17:21:26-07:00","cveNumber":"CVE-2026-8578","cveTitle":"Chromium: CVE-2026-8578 Out of bounds read in GPU","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T17:21:26-07:00","description":"

This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome\u00a0Releases for more information

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome\u00a0Releases](https://chromereleases.googleblog.com/2025) for more information","mitreText":"CVE-2026-8578","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8578","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.7005/15/2026148.0.7778.168
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8578","version":1,"revisionDate":"2026-05-15T17:21:26-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"ac3c487e-8250-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00007ffd5a96","releaseDate":"2026-05-15T17:21:25-07:00","cveNumber":"CVE-2026-8577","cveTitle":"Chromium: CVE-2026-8577 Integer overflow in Fonts","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T17:21:25-07:00","description":"

This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome\u00a0Releases for more information

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome\u00a0Releases](https://chromereleases.googleblog.com/2025) for more information","mitreText":"CVE-2026-8577","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8577","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.7005/15/2026148.0.7778.168
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8577","version":1,"revisionDate":"2026-05-15T17:21:25-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"993c487e-8250-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-000080fd5a96","releaseDate":"2026-05-15T17:21:24-07:00","cveNumber":"CVE-2026-8576","cveTitle":"Chromium: CVE-2026-8576 Inappropriate implementation in CORS","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T17:21:24-07:00","description":"

This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome\u00a0Releases for more information

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome\u00a0Releases](https://chromereleases.googleblog.com/2025) for more information","mitreText":"CVE-2026-8576","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8576","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.7005/15/2026148.0.7778.168
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8576","version":1,"revisionDate":"2026-05-15T17:21:24-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"863c487e-8250-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-000081fd5a96","releaseDate":"2026-05-15T17:21:23-07:00","cveNumber":"CVE-2026-8575","cveTitle":"Chromium: CVE-2026-8575 Use after free in UI","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T17:21:23-07:00","description":"

This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome\u00a0Releases for more information

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome\u00a0Releases](https://chromereleases.googleblog.com/2025) for more information","mitreText":"CVE-2026-8575","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8575","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.7005/15/2026148.0.7778.168
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8575","version":1,"revisionDate":"2026-05-15T17:21:23-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"743c487e-8250-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00007bfd5a96","releaseDate":"2026-05-15T17:21:22-07:00","cveNumber":"CVE-2026-8573","cveTitle":"Chromium: CVE-2026-8573 Integer overflow in Codecs","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T17:21:22-07:00","description":"

This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome\u00a0Releases for more information

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome\u00a0Releases](https://chromereleases.googleblog.com/2025) for more information","mitreText":"CVE-2026-8573","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8573","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.7005/15/2026148.0.7778.168
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8573","version":1,"revisionDate":"2026-05-15T17:21:22-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"02d45078-8250-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00007cfd5a96","releaseDate":"2026-05-15T17:21:21-07:00","cveNumber":"CVE-2026-8572","cveTitle":"Chromium: CVE-2026-8572 Insufficient policy enforcement in Network","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T17:21:21-07:00","description":"

This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome\u00a0Releases for more information

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome\u00a0Releases](https://chromereleases.googleblog.com/2025) for more information","mitreText":"CVE-2026-8572","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8572","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.7005/15/2026148.0.7778.168
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8572","version":1,"revisionDate":"2026-05-15T17:21:21-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"eed35078-8250-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00007dfd5a96","releaseDate":"2026-05-15T17:21:20-07:00","cveNumber":"CVE-2026-8571","cveTitle":"Chromium: CVE-2026-8571 Insufficient policy enforcement in GPU","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T17:21:20-07:00","description":"

This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome\u00a0Releases for more information

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome\u00a0Releases](https://chromereleases.googleblog.com/2025) for more information","mitreText":"CVE-2026-8571","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8571","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.7005/15/2026148.0.7778.168
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8571","version":1,"revisionDate":"2026-05-15T17:21:20-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"dad35078-8250-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00007efd5a96","releaseDate":"2026-05-15T17:21:19-07:00","cveNumber":"CVE-2026-8570","cveTitle":"Chromium: CVE-2026-8570 Type Confusion in V8","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T17:21:19-07:00","description":"

This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome\u00a0Releases for more information

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome\u00a0Releases](https://chromereleases.googleblog.com/2025) for more information","mitreText":"CVE-2026-8570","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8570","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.7005/15/2026148.0.7778.168
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8570","version":1,"revisionDate":"2026-05-15T17:21:19-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"c6d35078-8250-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-000010720239","releaseDate":"2026-05-15T17:21:18-07:00","cveNumber":"CVE-2026-8569","cveTitle":"Chromium: CVE-2026-8569 Out of bounds write in Codecs","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T17:21:18-07:00","description":"

This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome\u00a0Releases for more information

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome\u00a0Releases](https://chromereleases.googleblog.com/2025) for more information","mitreText":"CVE-2026-8569","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8569","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.7005/15/2026148.0.7778.168
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8569","version":1,"revisionDate":"2026-05-15T17:21:18-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"b3d35078-8250-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-000011720239","releaseDate":"2026-05-15T17:21:16-07:00","cveNumber":"CVE-2026-8568","cveTitle":"Chromium: CVE-2026-8568 Insufficient policy enforcement in AI","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T17:21:16-07:00","description":"

This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome\u00a0Releases for more information

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome\u00a0Releases](https://chromereleases.googleblog.com/2025) for more information","mitreText":"CVE-2026-8568","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8568","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.7005/15/2026148.0.7778.168
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8568","version":1,"revisionDate":"2026-05-15T17:21:16-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"9ed35078-8250-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00001b720239","releaseDate":"2026-05-15T17:21:15-07:00","cveNumber":"CVE-2026-8566","cveTitle":"Chromium: CVE-2026-8566 Insufficient policy enforcement in Payments","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T17:21:15-07:00","description":"

This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome\u00a0Releases for more information

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome\u00a0Releases](https://chromereleases.googleblog.com/2025) for more information","mitreText":"CVE-2026-8566","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8566","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.7005/15/2026148.0.7778.168
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8566","version":1,"revisionDate":"2026-05-15T17:21:15-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"73d35078-8250-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00001a720239","releaseDate":"2026-05-15T17:21:15-07:00","cveNumber":"CVE-2026-8567","cveTitle":"Chromium: CVE-2026-8567 Integer overflow in ANGLE","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T17:21:15-07:00","description":"

This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome\u00a0Releases for more information

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome\u00a0Releases](https://chromereleases.googleblog.com/2025) for more information","mitreText":"CVE-2026-8567","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8567","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.7005/15/2026148.0.7778.168
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8567","version":1,"revisionDate":"2026-05-15T17:21:15-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"88d35078-8250-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00001c720239","releaseDate":"2026-05-15T17:21:14-07:00","cveNumber":"CVE-2026-8565","cveTitle":"Chromium: CVE-2026-8565 Inappropriate implementation in Downloads","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T17:21:14-07:00","description":"

This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome\u00a0Releases for more information

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome\u00a0Releases](https://chromereleases.googleblog.com/2025) for more information","mitreText":"CVE-2026-8565","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8565","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.7005/15/2026148.0.7778.168
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8565","version":1,"revisionDate":"2026-05-15T17:21:14-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"5ed35078-8250-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-000016720239","releaseDate":"2026-05-15T17:21:11-07:00","cveNumber":"CVE-2026-8563","cveTitle":"Chromium: CVE-2026-8563 Insufficient policy enforcement in IFrame Sandbox","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T17:21:11-07:00","description":"

This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome\u00a0Releases for more information

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome\u00a0Releases](https://chromereleases.googleblog.com/2025) for more information","mitreText":"CVE-2026-8563","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8563","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.7005/15/2026148.0.7778.168
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8563","version":1,"revisionDate":"2026-05-15T17:21:11-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"85d15472-8250-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-000017720239","releaseDate":"2026-05-15T17:21:10-07:00","cveNumber":"CVE-2026-8562","cveTitle":"Chromium: CVE-2026-8562 Side-channel information leakage in Navigation","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T17:21:10-07:00","description":"

This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome\u00a0Releases for more information

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome\u00a0Releases](https://chromereleases.googleblog.com/2025) for more information","mitreText":"CVE-2026-8562","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8562","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.7005/15/2026148.0.7778.168
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8562","version":1,"revisionDate":"2026-05-15T17:21:10-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"6bd15472-8250-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-000018720239","releaseDate":"2026-05-15T17:21:09-07:00","cveNumber":"CVE-2026-8561","cveTitle":"Chromium: CVE-2026-8561 Incorrect security UI in Fullscreen","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T17:21:09-07:00","description":"

This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome\u00a0Releases for more information

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome\u00a0Releases](https://chromereleases.googleblog.com/2025) for more information","mitreText":"CVE-2026-8561","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8561","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.7005/15/2026148.0.7778.168
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8561","version":1,"revisionDate":"2026-05-15T17:21:09-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"54d15472-8250-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-000019720239","releaseDate":"2026-05-15T17:21:08-07:00","cveNumber":"CVE-2026-8560","cveTitle":"Chromium: CVE-2026-8560 Heap buffer overflow in SwiftShader","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T17:21:08-07:00","description":"

This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome\u00a0Releases for more information

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome\u00a0Releases](https://chromereleases.googleblog.com/2025) for more information","mitreText":"CVE-2026-8560","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8560","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.7005/15/2026148.0.7778.168
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8560","version":1,"revisionDate":"2026-05-15T17:21:08-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"3dd15472-8250-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000abe6a9db","releaseDate":"2026-05-15T17:21:07-07:00","cveNumber":"CVE-2026-8559","cveTitle":"Chromium: CVE-2026-8559 Integer overflow in Internationalization","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T17:21:07-07:00","description":"

This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome\u00a0Releases for more information

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome\u00a0Releases](https://chromereleases.googleblog.com/2025) for more information","mitreText":"CVE-2026-8559","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8559","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.7005/15/2026148.0.7778.168
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8559","version":1,"revisionDate":"2026-05-15T17:21:07-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"27d15472-8250-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000ace6a9db","releaseDate":"2026-05-15T17:21:06-07:00","cveNumber":"CVE-2026-8558","cveTitle":"Chromium: CVE-2026-8558 Out of bounds write in Fonts","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T17:21:06-07:00","description":"

This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome\u00a0Releases for more information

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome\u00a0Releases](https://chromereleases.googleblog.com/2025) for more information","mitreText":"CVE-2026-8558","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8558","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.7005/15/2026148.0.7778.168
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8558","version":1,"revisionDate":"2026-05-15T17:21:06-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"10d15472-8250-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000b5e6a9db","releaseDate":"2026-05-15T17:21:05-07:00","cveNumber":"CVE-2026-8557","cveTitle":"Chromium: CVE-2026-8557 Use after free in Accessibility","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T17:21:05-07:00","description":"

This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome\u00a0Releases for more information

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome\u00a0Releases](https://chromereleases.googleblog.com/2025) for more information","mitreText":"CVE-2026-8557","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8557","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.7005/15/2026148.0.7778.168
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8557","version":1,"revisionDate":"2026-05-15T17:21:05-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"f7d05472-8250-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000b7e6a9db","releaseDate":"2026-05-15T17:21:04-07:00","cveNumber":"CVE-2026-8555","cveTitle":"Chromium: CVE-2026-8555 Use after free in GTK","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T17:21:04-07:00","description":"

This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome\u00a0Releases for more information

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome\u00a0Releases](https://chromereleases.googleblog.com/2025) for more information","mitreText":"CVE-2026-8555","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8555","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.7005/15/2026148.0.7778.168
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8555","version":1,"revisionDate":"2026-05-15T17:21:04-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"c9d05472-8250-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000b6e6a9db","releaseDate":"2026-05-15T17:21:04-07:00","cveNumber":"CVE-2026-8556","cveTitle":"Chromium: CVE-2026-8556 Inappropriate implementation in ANGLE","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T17:21:04-07:00","description":"

This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome\u00a0Releases for more information

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome\u00a0Releases](https://chromereleases.googleblog.com/2025) for more information","mitreText":"CVE-2026-8556","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8556","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.7005/15/2026148.0.7778.168
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8556","version":1,"revisionDate":"2026-05-15T17:21:04-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"e0d05472-8250-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000b8e6a9db","releaseDate":"2026-05-15T17:21:03-07:00","cveNumber":"CVE-2026-8554","cveTitle":"Chromium: CVE-2026-8554 Type Confusion in ANGLE","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T17:21:03-07:00","description":"

This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome\u00a0Releases for more information

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome\u00a0Releases](https://chromereleases.googleblog.com/2025) for more information","mitreText":"CVE-2026-8554","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8554","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.7005/15/2026148.0.7778.168
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8554","version":1,"revisionDate":"2026-05-15T17:21:03-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"b3d05472-8250-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000b1e6a9db","releaseDate":"2026-05-15T17:21:02-07:00","cveNumber":"CVE-2026-8553","cveTitle":"Chromium: CVE-2026-8553 Use after free in GPU","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T17:21:02-07:00","description":"

This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome\u00a0Releases for more information

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome\u00a0Releases](https://chromereleases.googleblog.com/2025) for more information","mitreText":"CVE-2026-8553","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8553","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.7005/15/2026148.0.7778.168
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8553","version":1,"revisionDate":"2026-05-15T17:21:02-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"4a26566c-8250-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000b2e6a9db","releaseDate":"2026-05-15T17:21:01-07:00","cveNumber":"CVE-2026-8552","cveTitle":"Chromium: CVE-2026-8552 Heap buffer overflow in GPU","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T17:21:01-07:00","description":"

This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome\u00a0Releases for more information

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome\u00a0Releases](https://chromereleases.googleblog.com/2025) for more information","mitreText":"CVE-2026-8552","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8552","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.7005/15/2026148.0.7778.168
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8552","version":1,"revisionDate":"2026-05-15T17:21:01-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"3126566c-8250-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000b3e6a9db","releaseDate":"2026-05-15T17:21:00-07:00","cveNumber":"CVE-2026-8551","cveTitle":"Chromium: CVE-2026-8551 Use after free in Downloads","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T17:21:00-07:00","description":"

This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome\u00a0Releases for more information

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome\u00a0Releases](https://chromereleases.googleblog.com/2025) for more information","mitreText":"CVE-2026-8551","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8551","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.7005/15/2026148.0.7778.168
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8551","version":1,"revisionDate":"2026-05-15T17:21:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"1b26566c-8250-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000b4e6a9db","releaseDate":"2026-05-15T17:20:59-07:00","cveNumber":"CVE-2026-8550","cveTitle":"Chromium: CVE-2026-8550 Use after free in Google Lens","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T17:20:59-07:00","description":"

This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome\u00a0Releases for more information

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome\u00a0Releases](https://chromereleases.googleblog.com/2025) for more information","mitreText":"CVE-2026-8550","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8550","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.7005/15/2026148.0.7778.168
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8550","version":1,"revisionDate":"2026-05-15T17:20:59-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"0426566c-8250-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000465b517e","releaseDate":"2026-05-15T17:20:58-07:00","cveNumber":"CVE-2026-8549","cveTitle":"Chromium: CVE-2026-8549 Use after free in Media","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T17:20:58-07:00","description":"

This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome\u00a0Releases for more information

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome\u00a0Releases](https://chromereleases.googleblog.com/2025) for more information","mitreText":"CVE-2026-8549","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8549","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.7005/15/2026148.0.7778.168
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8549","version":1,"revisionDate":"2026-05-15T17:20:58-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"ed25566c-8250-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000475b517e","releaseDate":"2026-05-15T17:20:56-07:00","cveNumber":"CVE-2026-8548","cveTitle":"Chromium: CVE-2026-8548 Out of bounds write in Media","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T17:20:56-07:00","description":"

This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome\u00a0Releases for more information

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome\u00a0Releases](https://chromereleases.googleblog.com/2025) for more information","mitreText":"CVE-2026-8548","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8548","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.7005/15/2026148.0.7778.168
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8548","version":1,"revisionDate":"2026-05-15T17:20:56-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"d425566c-8250-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000505b517e","releaseDate":"2026-05-15T17:20:55-07:00","cveNumber":"CVE-2026-8547","cveTitle":"Chromium: CVE-2026-8547 Insufficient policy enforcement in Passwords","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T17:20:55-07:00","description":"

This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome\u00a0Releases for more information

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome\u00a0Releases](https://chromereleases.googleblog.com/2025) for more information","mitreText":"CVE-2026-8547","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8547","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.7005/15/2026148.0.7778.168
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8547","version":1,"revisionDate":"2026-05-15T17:20:55-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"bc25566c-8250-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000515b517e","releaseDate":"2026-05-15T17:20:54-07:00","cveNumber":"CVE-2026-8546","cveTitle":"Chromium: CVE-2026-8546 Out of bounds read in GPU","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T17:20:54-07:00","description":"

This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome\u00a0Releases for more information

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome\u00a0Releases](https://chromereleases.googleblog.com/2025) for more information","mitreText":"CVE-2026-8546","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8546","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.7005/15/2026148.0.7778.168
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8546","version":1,"revisionDate":"2026-05-15T17:20:54-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"a425566c-8250-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000525b517e","releaseDate":"2026-05-15T17:20:53-07:00","cveNumber":"CVE-2026-8545","cveTitle":"Chromium: CVE-2026-8545 Object corruption in Compositing","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T17:20:53-07:00","description":"

This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome\u00a0Releases for more information

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome\u00a0Releases](https://chromereleases.googleblog.com/2025) for more information","mitreText":"CVE-2026-8545","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8545","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.7005/15/2026148.0.7778.168
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8545","version":1,"revisionDate":"2026-05-15T17:20:53-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"8e25566c-8250-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000535b517e","releaseDate":"2026-05-15T17:20:52-07:00","cveNumber":"CVE-2026-8544","cveTitle":"Chromium: CVE-2026-8544 Use after free in Media","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T17:20:52-07:00","description":"

This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome\u00a0Releases for more information

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome\u00a0Releases](https://chromereleases.googleblog.com/2025) for more information","mitreText":"CVE-2026-8544","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8544","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.7005/15/2026148.0.7778.168
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8544","version":1,"revisionDate":"2026-05-15T17:20:52-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"918f5666-8250-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00004c5b517e","releaseDate":"2026-05-15T17:20:51-07:00","cveNumber":"CVE-2026-8543","cveTitle":"Chromium: CVE-2026-8543 Out of bounds read in FileSystem","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T17:20:51-07:00","description":"

This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome\u00a0Releases for more information

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome\u00a0Releases](https://chromereleases.googleblog.com/2025) for more information","mitreText":"CVE-2026-8543","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8543","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.7005/15/2026148.0.7778.168
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8543","version":1,"revisionDate":"2026-05-15T17:20:51-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"7a8f5666-8250-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00004d5b517e","releaseDate":"2026-05-15T17:20:50-07:00","cveNumber":"CVE-2026-8542","cveTitle":"Chromium: CVE-2026-8542 Use after free in Core","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T17:20:50-07:00","description":"

This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome\u00a0Releases for more information

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome\u00a0Releases](https://chromereleases.googleblog.com/2025) for more information","mitreText":"CVE-2026-8542","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8542","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.7005/15/2026148.0.7778.168
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8542","version":1,"revisionDate":"2026-05-15T17:20:50-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"638f5666-8250-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00004e5b517e","releaseDate":"2026-05-15T17:20:49-07:00","cveNumber":"CVE-2026-8541","cveTitle":"Chromium: CVE-2026-8541 Out of bounds read in UI","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T17:20:49-07:00","description":"

This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome\u00a0Releases for more information

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome\u00a0Releases](https://chromereleases.googleblog.com/2025) for more information","mitreText":"CVE-2026-8541","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8541","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.7005/15/2026148.0.7778.168
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8541","version":1,"revisionDate":"2026-05-15T17:20:49-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"4c8f5666-8250-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00004f5b517e","releaseDate":"2026-05-15T17:20:48-07:00","cveNumber":"CVE-2026-8540","cveTitle":"Chromium: CVE-2026-8540 Type Confusion in V8","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T17:20:48-07:00","description":"

This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome\u00a0Releases for more information

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome\u00a0Releases](https://chromereleases.googleblog.com/2025) for more information","mitreText":"CVE-2026-8540","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8540","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.7005/15/2026148.0.7778.168
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8540","version":1,"revisionDate":"2026-05-15T17:20:48-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"368f5666-8250-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000e1cff820","releaseDate":"2026-05-15T17:20:47-07:00","cveNumber":"CVE-2026-8539","cveTitle":"Chromium: CVE-2026-8539 Script injection in SanitizerAPI","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T17:20:47-07:00","description":"

This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome\u00a0Releases for more information

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome\u00a0Releases](https://chromereleases.googleblog.com/2025) for more information","mitreText":"CVE-2026-8539","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8539","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.7005/15/2026148.0.7778.168
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8539","version":1,"revisionDate":"2026-05-15T17:20:47-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"1f8f5666-8250-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000e2cff820","releaseDate":"2026-05-15T17:20:46-07:00","cveNumber":"CVE-2026-8538","cveTitle":"Chromium: CVE-2026-8538 Insufficient validation of untrusted input in GPU","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T17:20:46-07:00","description":"

This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome\u00a0Releases for more information

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome\u00a0Releases](https://chromereleases.googleblog.com/2025) for more information","mitreText":"CVE-2026-8538","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8538","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.7005/15/2026148.0.7778.168
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8538","version":1,"revisionDate":"2026-05-15T17:20:46-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"068f5666-8250-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000ebcff820","releaseDate":"2026-05-15T17:20:45-07:00","cveNumber":"CVE-2026-8537","cveTitle":"Chromium: CVE-2026-8537 Insufficient policy enforcement in ViewTransitions","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T17:20:45-07:00","description":"

This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome\u00a0Releases for more information

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome\u00a0Releases](https://chromereleases.googleblog.com/2025) for more information","mitreText":"CVE-2026-8537","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8537","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.7005/15/2026148.0.7778.168
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8537","version":1,"revisionDate":"2026-05-15T17:20:45-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"ef8e5666-8250-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000eccff820","releaseDate":"2026-05-15T17:20:44-07:00","cveNumber":"CVE-2026-8536","cveTitle":"Chromium: CVE-2026-8536 Insufficient validation of untrusted input in ReadingMode","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T17:20:44-07:00","description":"

This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome\u00a0Releases for more information

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome\u00a0Releases](https://chromereleases.googleblog.com/2025) for more information","mitreText":"CVE-2026-8536","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8536","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.7005/15/2026148.0.7778.168
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8536","version":1,"revisionDate":"2026-05-15T17:20:44-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"d88e5666-8250-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000edcff820","releaseDate":"2026-05-15T17:20:43-07:00","cveNumber":"CVE-2026-8535","cveTitle":"Chromium: CVE-2026-8535 Out of bounds read in Media","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T17:20:43-07:00","description":"

This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome\u00a0Releases for more information

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome\u00a0Releases](https://chromereleases.googleblog.com/2025) for more information","mitreText":"CVE-2026-8535","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8535","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.7005/15/2026148.0.7778.168
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8535","version":1,"revisionDate":"2026-05-15T17:20:43-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"c18e5666-8250-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000eecff820","releaseDate":"2026-05-15T17:20:42-07:00","cveNumber":"CVE-2026-8534","cveTitle":"Chromium: CVE-2026-8534 Integer overflow in GPU","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T17:20:42-07:00","description":"

This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome\u00a0Releases for more information

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome\u00a0Releases](https://chromereleases.googleblog.com/2025) for more information","mitreText":"CVE-2026-8534","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8534","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.7005/15/2026148.0.7778.168
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8534","version":1,"revisionDate":"2026-05-15T17:20:42-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"555f5e60-8250-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000e7cff820","releaseDate":"2026-05-15T17:20:41-07:00","cveNumber":"CVE-2026-8533","cveTitle":"Chromium: CVE-2026-8533 Use after free in Accessibility","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T17:20:41-07:00","description":"

This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome\u00a0Releases for more information

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome\u00a0Releases](https://chromereleases.googleblog.com/2025) for more information","mitreText":"CVE-2026-8533","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8533","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.7005/15/2026148.0.7778.168
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8533","version":1,"revisionDate":"2026-05-15T17:20:41-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"3f5f5e60-8250-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000e8cff820","releaseDate":"2026-05-15T17:20:40-07:00","cveNumber":"CVE-2026-8532","cveTitle":"Chromium: CVE-2026-8532 Integer overflow in XML","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T17:20:40-07:00","description":"

This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome\u00a0Releases for more information

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome\u00a0Releases](https://chromereleases.googleblog.com/2025) for more information","mitreText":"CVE-2026-8532","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8532","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.7005/15/2026148.0.7778.168
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8532","version":1,"revisionDate":"2026-05-15T17:20:40-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"295f5e60-8250-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000e9cff820","releaseDate":"2026-05-15T17:20:39-07:00","cveNumber":"CVE-2026-8531","cveTitle":"Chromium: CVE-2026-8531 Heap buffer overflow in WebML","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T17:20:39-07:00","description":"

This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome\u00a0Releases for more information

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome\u00a0Releases](https://chromereleases.googleblog.com/2025) for more information","mitreText":"CVE-2026-8531","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8531","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.7005/15/2026148.0.7778.168
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8531","version":1,"revisionDate":"2026-05-15T17:20:39-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"125f5e60-8250-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000eacff820","releaseDate":"2026-05-15T17:20:38-07:00","cveNumber":"CVE-2026-8530","cveTitle":"Chromium: CVE-2026-8530 Use after free in Network","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T17:20:38-07:00","description":"

This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome\u00a0Releases for more information

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome\u00a0Releases](https://chromereleases.googleblog.com/2025) for more information","mitreText":"CVE-2026-8530","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8530","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.7005/15/2026148.0.7778.168
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8530","version":1,"revisionDate":"2026-05-15T17:20:38-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"fc5e5e60-8250-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00007c44a0c3","releaseDate":"2026-05-15T17:20:37-07:00","cveNumber":"CVE-2026-8529","cveTitle":"Chromium: CVE-2026-8529 Heap buffer overflow in Codecs","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T17:20:37-07:00","description":"

This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome\u00a0Releases for more information

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome\u00a0Releases](https://chromereleases.googleblog.com/2025) for more information","mitreText":"CVE-2026-8529","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8529","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.7005/15/2026148.0.7778.168
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8529","version":1,"revisionDate":"2026-05-15T17:20:37-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"e65e5e60-8250-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00007d44a0c3","releaseDate":"2026-05-15T17:20:36-07:00","cveNumber":"CVE-2026-8528","cveTitle":"Chromium: CVE-2026-8528 Insufficient validation of untrusted input in SiteIsolation","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T17:20:36-07:00","description":"

This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome\u00a0Releases for more information

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome\u00a0Releases](https://chromereleases.googleblog.com/2025) for more information","mitreText":"CVE-2026-8528","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8528","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.7005/15/2026148.0.7778.168
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8528","version":1,"revisionDate":"2026-05-15T17:20:36-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"cd5e5e60-8250-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00008644a0c3","releaseDate":"2026-05-15T17:20:35-07:00","cveNumber":"CVE-2026-8527","cveTitle":"Chromium: CVE-2026-8527 Insufficient validation of untrusted input in Downloads","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T17:20:35-07:00","description":"

This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome\u00a0Releases for more information

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome\u00a0Releases](https://chromereleases.googleblog.com/2025) for more information","mitreText":"CVE-2026-8527","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8527","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.7005/15/2026148.0.7778.168
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8527","version":1,"revisionDate":"2026-05-15T17:20:35-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"b75e5e60-8250-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00008744a0c3","releaseDate":"2026-05-15T17:20:34-07:00","cveNumber":"CVE-2026-8526","cveTitle":"Chromium: CVE-2026-8526 Out of bounds write in WebRTC","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T17:20:34-07:00","description":"

This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome\u00a0Releases for more information

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome\u00a0Releases](https://chromereleases.googleblog.com/2025) for more information","mitreText":"CVE-2026-8526","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8526","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.7005/15/2026148.0.7778.168
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8526","version":1,"revisionDate":"2026-05-15T17:20:34-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"9f5e5e60-8250-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00008844a0c3","releaseDate":"2026-05-15T17:20:33-07:00","cveNumber":"CVE-2026-8525","cveTitle":"Chromium: CVE-2026-8525 Heap buffer overflow in ANGLE","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T17:20:33-07:00","description":"

This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome\u00a0Releases for more information

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome\u00a0Releases](https://chromereleases.googleblog.com/2025) for more information","mitreText":"CVE-2026-8525","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8525","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.7005/15/2026148.0.7778.168
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8525","version":1,"revisionDate":"2026-05-15T17:20:33-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"895e5e60-8250-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00008944a0c3","releaseDate":"2026-05-15T17:20:32-07:00","cveNumber":"CVE-2026-8524","cveTitle":"Chromium: CVE-2026-8524 Out of bounds write in WebAudio","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T17:20:32-07:00","description":"

This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome\u00a0Releases for more information

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome\u00a0Releases](https://chromereleases.googleblog.com/2025) for more information","mitreText":"CVE-2026-8524","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8524","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.7005/15/2026148.0.7778.168
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8524","version":1,"revisionDate":"2026-05-15T17:20:32-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"46f9595a-8250-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00008244a0c3","releaseDate":"2026-05-15T17:20:31-07:00","cveNumber":"CVE-2026-8523","cveTitle":"Chromium: CVE-2026-8523 Use after free in Mojo","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T17:20:31-07:00","description":"

This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome\u00a0Releases for more information

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome\u00a0Releases](https://chromereleases.googleblog.com/2025) for more information","mitreText":"CVE-2026-8523","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8523","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.7005/15/2026148.0.7778.168
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8523","version":1,"revisionDate":"2026-05-15T17:20:31-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"33f9595a-8250-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-000017b94766","releaseDate":"2026-05-15T17:20:27-07:00","cveNumber":"CVE-2026-8519","cveTitle":"Chromium: CVE-2026-8519 Integer overflow in ANGLE","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T17:20:27-07:00","description":"

This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome\u00a0Releases for more information

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome\u00a0Releases](https://chromereleases.googleblog.com/2025) for more information","mitreText":"CVE-2026-8519","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8519","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.7005/15/2026148.0.7778.168
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8519","version":1,"revisionDate":"2026-05-15T17:20:27-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"e2f8595a-8250-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-000018b94766","releaseDate":"2026-05-15T17:20:26-07:00","cveNumber":"CVE-2026-8518","cveTitle":"Chromium: CVE-2026-8518 Use after free in Blink","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T17:20:26-07:00","description":"

This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome\u00a0Releases for more information

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome\u00a0Releases](https://chromereleases.googleblog.com/2025) for more information","mitreText":"CVE-2026-8518","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8518","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.7005/15/2026148.0.7778.168
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8518","version":1,"revisionDate":"2026-05-15T17:20:26-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"cef8595a-8250-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-000021b94766","releaseDate":"2026-05-15T17:20:25-07:00","cveNumber":"CVE-2026-8517","cveTitle":"Chromium: CVE-2026-8517 Object lifecycle issue in WebShare","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T17:20:25-07:00","description":"

This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome\u00a0Releases for more information

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome\u00a0Releases](https://chromereleases.googleblog.com/2025) for more information","mitreText":"CVE-2026-8517","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8517","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.7005/15/2026148.0.7778.168
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8517","version":1,"revisionDate":"2026-05-15T17:20:25-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"b9f8595a-8250-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-000022b94766","releaseDate":"2026-05-15T17:20:24-07:00","cveNumber":"CVE-2026-8516","cveTitle":"Chromium: CVE-2026-8516 Insufficient validation of untrusted input in DataTransfer","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T17:20:24-07:00","description":"

This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome\u00a0Releases for more information

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome\u00a0Releases](https://chromereleases.googleblog.com/2025) for more information","mitreText":"CVE-2026-8516","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8516","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.7005/15/2026148.0.7778.168
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8516","version":1,"revisionDate":"2026-05-15T17:20:24-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"a4f8595a-8250-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-000024b94766","releaseDate":"2026-05-15T17:20:23-07:00","cveNumber":"CVE-2026-8514","cveTitle":"Chromium: CVE-2026-8514 Use after free in Aura","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T17:20:23-07:00","description":"

This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome\u00a0Releases for more information

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome\u00a0Releases](https://chromereleases.googleblog.com/2025) for more information","mitreText":"CVE-2026-8514","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8514","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.7005/15/2026148.0.7778.168
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8514","version":1,"revisionDate":"2026-05-15T17:20:23-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"78f8595a-8250-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-000023b94766","releaseDate":"2026-05-15T17:20:23-07:00","cveNumber":"CVE-2026-8515","cveTitle":"Chromium: CVE-2026-8515 Use after free in HID","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T17:20:23-07:00","description":"

This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome\u00a0Releases for more information

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome\u00a0Releases](https://chromereleases.googleblog.com/2025) for more information","mitreText":"CVE-2026-8515","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8515","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.7005/15/2026148.0.7778.168
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8515","version":1,"revisionDate":"2026-05-15T17:20:23-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"92f8595a-8250-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00001db94766","releaseDate":"2026-05-15T17:20:22-07:00","cveNumber":"CVE-2026-8513","cveTitle":"Chromium: CVE-2026-8513 Use after free in Input","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T17:20:22-07:00","description":"

This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome\u00a0Releases for more information

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome\u00a0Releases](https://chromereleases.googleblog.com/2025) for more information","mitreText":"CVE-2026-8513","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8513","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.7005/15/2026148.0.7778.168
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8513","version":1,"revisionDate":"2026-05-15T17:20:22-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"512f6054-8250-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00001eb94766","releaseDate":"2026-05-15T17:20:21-07:00","cveNumber":"CVE-2026-8512","cveTitle":"Chromium: CVE-2026-8512 Use after free in FileSystem","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T17:20:21-07:00","description":"

This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome\u00a0Releases for more information

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome\u00a0Releases](https://chromereleases.googleblog.com/2025) for more information","mitreText":"CVE-2026-8512","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8512","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.7005/15/2026148.0.7778.168
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8512","version":1,"revisionDate":"2026-05-15T17:20:21-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"302f6054-8250-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00001fb94766","releaseDate":"2026-05-15T17:20:20-07:00","cveNumber":"CVE-2026-8511","cveTitle":"Chromium: CVE-2026-8511 Use after free in UI","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T17:20:20-07:00","description":"

This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome\u00a0Releases for more information

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome\u00a0Releases](https://chromereleases.googleblog.com/2025) for more information","mitreText":"CVE-2026-8511","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8511","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.7005/15/2026148.0.7778.168
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8511","version":1,"revisionDate":"2026-05-15T17:20:20-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"1a2f6054-8250-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-000020b94766","releaseDate":"2026-05-15T17:20:18-07:00","cveNumber":"CVE-2026-8510","cveTitle":"Chromium: CVE-2026-8510 Integer overflow in Skia","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T17:20:18-07:00","description":"

This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome\u00a0Releases for more information

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome\u00a0Releases](https://chromereleases.googleblog.com/2025) for more information","mitreText":"CVE-2026-8510","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8510","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.7005/15/2026148.0.7778.168
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8510","version":1,"revisionDate":"2026-05-15T17:20:18-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"072f6054-8250-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000b22def08","releaseDate":"2026-05-15T17:20:15-07:00","cveNumber":"CVE-2026-8509","cveTitle":"Chromium: CVE-2026-8509 Heap buffer overflow in WebML","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T17:20:15-07:00","description":"

This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome\u00a0Releases for more information

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.\u00a0\u00a0Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome\u00a0Releases](https://chromereleases.googleblog.com/2025) for more information","mitreText":"CVE-2026-8509","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8509","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.7005/15/2026148.0.7778.168
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8509","version":1,"revisionDate":"2026-05-15T17:20:15-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"e72e6054-8250-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-000063e1c292","releaseDate":"2026-05-15T07:00:00-07:00","cveNumber":"CVE-2026-45495","cveTitle":"Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T07:00:00-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-45495","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-45495","latestSoftwareReleaseId":1,"latestSoftwareRelease":"Exploitation More Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"8.8","temporalScore":"7.7","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

According to the CVSS metric, the attack vector is network (AV:N) and the attack complexity is low (AC:L). What does that mean for this vulnerability?

\n

The attack vector is Network (AV:N) because this vulnerability is remotely exploitable and can be exploited from the internet. The attack complexity is Low (AC:L) because an attacker does not require significant prior knowledge of the system and can achieve repeatable success with the payload against the vulnerable component.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.7005/15/2026148.0.7778.168
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-45495","version":1,"revisionDate":"2026-05-15T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"8f9cc815-8850-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000fe556a35","releaseDate":"2026-05-15T07:00:00-07:00","cveNumber":"CVE-2026-45494","cveTitle":"Microsoft Edge (Chromium-based) Spoofing Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T07:00:00-07:00","cweList":["CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"],"cweDetailsListForSearch":["cwe: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","cweUrl: https://cwe.mitre.org/data/definitions/79.html"],"mitreText":"CVE-2026-45494","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-45494","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":1,"latestSoftwareRelease":"Exploitation More Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000002,"severity":"Moderate","impactId":100000008,"impact":"Spoofing","langCode":"en-US","baseScore":"5.4","temporalScore":"4.7","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","https://cwe.mitre.org/data/definitions/79.html"]}],"articles":[{"articleType":"FAQ","description":"

According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L), and integrity (I:L) but lead to no loss of availability (A:N). What is the impact of this vulnerability?

\n

The Edge browser's tab-splitting feature, which allows users to browse two tabs simultaneously, only displays the domain prefix in the address bars instead of the full URL. This behavior can lead to phishing vulnerabilities, as attackers could exploit it to make malicious websites appear legitimate by mimicking trusted domain names.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

\n

The user would have to open a web page that contained a malicious iframe.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.7005/15/2026148.0.7778.168
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-45494","version":1,"revisionDate":"2026-05-15T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"c797e0cf-7e50-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000343fb97a","releaseDate":"2026-05-15T07:00:00-07:00","cveNumber":"CVE-2026-45492","cveTitle":"Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T07:00:00-07:00","description":"

Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.

\n","cweList":["CWE-20: Improper Input Validation"],"cweDetailsListForSearch":["cwe: CWE-20: Improper Input Validation","cweUrl: https://cwe.mitre.org/data/definitions/20.html"],"unformattedDescription":"Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.","mitreText":"CVE-2026-45492","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-45492","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":1,"latestSoftwareRelease":"Exploitation More Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000002,"severity":"Moderate","impactId":100000007,"impact":"Security Feature Bypass","langCode":"en-US","baseScore":"5.4","temporalScore":"4.7","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-20: Improper Input Validation","https://cwe.mitre.org/data/definitions/20.html"]}],"articles":[{"articleType":"FAQ","description":"

According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L), and integrity (I:L) but lead to no loss of availability (A:N). What is the impact of this vulnerability?

\n

An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality), make changes to disclosed information (Integrity), but cannot limit access to the resource (Availability).

\n","ordinal":10000},{"articleType":"FAQ","description":"

What kind of security feature could be bypassed by successfully exploiting this vulnerability?

\n

An authenticated local attacker can disable or enable Windows VBS without administrative privileges, resulting in bypass of platform security hardening. This does not grant direct code execution as another user but weakens system security guarantees, enabling follow\u2011on attacks.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.7005/15/2026148.0.7778.168
\n","ordinal":10000},{"title":"Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability","articleType":"100000000","description":"

Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-45492","version":1,"revisionDate":"2026-05-15T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"93c54f8b-7450-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000f9d196a3","releaseDate":"2026-05-14T07:00:00-07:00","cveNumber":"CVE-2026-41615","cveTitle":"Microsoft Authenticator Information Disclosure Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-14T07:00:00-07:00","description":"

Exposure of sensitive information to an unauthorized actor in Microsoft Authenticator allows an unauthorized attacker to disclose information over a network.

\n","cweList":["CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"],"cweDetailsListForSearch":["cwe: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor","cweUrl: https://cwe.mitre.org/data/definitions/200.html"],"unformattedDescription":"Exposure of sensitive information to an unauthorized actor in Microsoft Authenticator allows an unauthorized attacker to disclose information over a network.","mitreText":"CVE-2026-41615","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-41615","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Authenticator","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000003,"impact":"Information Disclosure","langCode":"en-US","baseScore":"9.6","temporalScore":"8.3","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-200: Exposure of Sensitive Information to an Unauthorized Actor","https://cwe.mitre.org/data/definitions/200.html"]}],"articles":[{"articleType":"FAQ","description":"

According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?

\n

An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities.

\n","ordinal":10002},{"articleType":"FAQ","description":"

What type of information could be disclosed by this vulnerability?

\n

This vulnerability could expose a sign-in access token for a user\u2019s work account. If disclosed, that token could allow access to data and services that the user is authorized to use, potentially including sensitive organizational information.

\n","ordinal":10000},{"articleType":"FAQ","description":"

How could an attacker exploit this vulnerability?

\n

An attacker could attempt to trick a user into interacting with a malicious request that appears legitimate. When the user approves the request, the attacker could cause the app to obtain an access token on the user\u2019s behalf and send it to a location controlled by the attacker, without the user being clearly informed about what access is being granted.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Do users need to take any action to receive the fix for the Authenticator app issue on Android?

\n

Users who have automatic app updates enabled on their Android device will receive the fix without any action required. Users who do not have auto-update enabled must manually update the Microsoft Authenticator app to the latest version via the Google Play Store to ensure they receive the fix.

\n","ordinal":10000},{"title":"Microsoft Authenticator Information Disclosure Vulnerability","articleType":"100000000","description":"

Exposure of sensitive information to an unauthorized actor in Microsoft Authenticator allows an unauthorized attacker to disclose information over a network.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-41615","version":1,"revisionDate":"2026-05-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"cb8541ee-c644-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-000054bd0741","releaseDate":"2026-05-14T07:00:00-07:00","cveNumber":"CVE-2026-42897","cveTitle":"Microsoft Exchange Server Spoofing Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-18T07:00:00-07:00","description":"

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

\n","cweList":["CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"],"cweDetailsListForSearch":["cwe: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","cweUrl: https://cwe.mitre.org/data/definitions/79.html"],"unformattedDescription":"Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.","mitreText":"CVE-2026-42897","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-42897","publiclyDisclosed":"No","exploited":"Yes","latestSoftwareReleaseId":0,"latestSoftwareRelease":"Exploitation Detected","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Exchange Server","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000008,"impact":"Spoofing","langCode":"en-US","baseScore":"8.1","temporalScore":"7.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","https://cwe.mitre.org/data/definitions/79.html"]}],"articles":[{"title":"Microsoft Exchange Server Spoofing Vulnerability","articleType":"100000000","description":"

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

\n","ordinal":10000},{"title":"FAQ-Reference - CVE-2026-42897","articleType":"FAQ","description":"

How could an attacker exploit this vulnerability?

\n

An attacker could exploit this issue by sending a specially crafted email to a user. If the user opens the email in Outlook Web Access and certain interaction conditions are met, arbitrary JavaScript can be executed in the browser context.

\n

How do I protect my Exchange Server from this vulnerability?

\n

The Exchange Emergency Mitigation Service will provide mitigation automatically, and is on by default. If it is not already enabled on your Exchange Server, you need to enable Exchange Emergency Mitigation Service. You can find more information and instruction in the Exchange blog here.

\n

Am I protected from this vulnerability if I am running Internet Explorer or Edge with Internet Explorer Mode?

\n

No, because Content Security Policy (CSP) is not supported by Internet Explorer nor Microsoft Edge using Internet Explorer Mode. To stay protected, please make sure to not use Internet Explorer (Mode) to access OWA.

\n

Why are there no links to updates in the Security Update Table?

\n

Microsoft is supplying a temporary mitigation for this vulnerability through the Exchange Emergency Mitigation Service. We are working on developing and testing a more permanent fix which we will provide when it meets our quality standards.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-42897","version":1,"revisionDate":"2026-05-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"60ddd49c-054b-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-42897","version":1.1,"revisionDate":"2026-05-18T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Updated FAQ information. This is an informational change only.

\n","unformattedDescription":"Updated FAQ information. This is an informational change only.","notificationNeeded":true,"notificationSent":false,"sourceId":"e0a5c1b4-d952-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000e8ea69b6","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-42893","cveTitle":"Microsoft Outlook for iOS Tampering Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to perform tampering over a network.

\n","cweList":["CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')"],"cweDetailsListForSearch":["cwe: CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')","cweUrl: https://cwe.mitre.org/data/definitions/77.html"],"unformattedDescription":"Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to perform tampering over a network.","mitreText":"CVE-2026-42893","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-42893","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"M365 Copilot","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000009,"impact":"Tampering","langCode":"en-US","baseScore":"7.4","temporalScore":"6.4","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')","https://cwe.mitre.org/data/definitions/77.html"]}],"articles":[{"title":"M365 Copilot Tampering Vulnerability","articleType":"100000000","description":"

Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to perform tampering over a network.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-42893","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"4e7fa352-504a-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00009a1c1d78","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2025-54518","cveTitle":"AMD: CVE-2025-54518 CPU OP Cache Corruption","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

This vulnerability was found and addressed by AMD. We are documenting it in the Security Update Guide to encourage customers to install the May 2026 version of Windows as soon as possible.

\n

The vulnerability assigned to this CVE is in certain processor models offered by AMD. The mitigation for this vulnerability requires a Windows update. This CVE is being documented in the Security Update Guide to announce that the latest builds of Windows enable the mitigation and provide protection against the vulnerability. Please see the following for more information:

\n\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This vulnerability was found and addressed by AMD. We are documenting it in the Security Update Guide to encourage customers to install the May 2026 version of Windows as soon as possible. \n\nThe vulnerability assigned to this CVE is in certain processor models offered by AMD. The mitigation for this vulnerability requires a Windows update. This CVE is being documented in the Security Update Guide to announce that the latest builds of Windows enable the mitigation and provide protection against the vulnerability. Please see the following for more information: \n\n* [AMD-SB-7052](https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7052.html)","mitreText":"CVE-2025-54518","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2025-54518","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"AMD CPU Branch","issuingCna":"AMD","issuingCnaId":100000002,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2025-54518","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"4c6d64d9-404a-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000f2ea69b6","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-42833","cveTitle":"Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-13T07:00:00-07:00","description":"

Execution with unnecessary privileges in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.

\n","cweList":["CWE-250: Execution with Unnecessary Privileges"],"cweDetailsListForSearch":["cwe: CWE-250: Execution with Unnecessary Privileges","cweUrl: https://cwe.mitre.org/data/definitions/250.html"],"unformattedDescription":"Execution with unnecessary privileges in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.","mitreText":"CVE-2026-42833","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-42833","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Dynamics 365 (on-premises)","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"9.1","temporalScore":"7.9","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-250: Execution with Unnecessary Privileges","https://cwe.mitre.org/data/definitions/250.html"]}],"articles":[{"title":"Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability","articleType":"100000000","description":"

Execution with unnecessary privileges in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

**According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability?\n**

\n

Successful exploitation of this vulnerability requires an attacker to already have a high level of access, specifically a System Administrator role in Microsoft Dynamics 365 CRM. As a result, this issue cannot be exploited by an unauthenticated or low-privilege user and would only be relevant to users who already have elevated permissions.

\n","ordinal":10000},{"articleType":"FAQ","description":"

How could an attacker exploit this vulnerability?

\n

An attacker with System Administrator privileges could modify specific data associated with background operations through the CRM web interface. When the system later processes this data, it may be deserialized without proper validation, allowing the attacker to trigger unauthorized commands on the CRM server.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?

\n

This vulnerability could lead to the attacker gaining the ability to interact with other tenant\u2019s applications and content.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-42833","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"961bf58c-cd48-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-42833","version":1.1,"revisionDate":"2026-05-13T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Updated the fixed version number. This is an informational change only.

\n","unformattedDescription":"Updated the fixed version number. This is an informational change only.","notificationNeeded":false,"notificationSent":false,"sourceId":"b9172b52-d44e-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00008d5f1159","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-42832","cveTitle":"Microsoft Office Spoofing Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Improper access control in Microsoft Office allows an unauthorized attacker to perform spoofing locally.

\n","cweList":["CWE-284: Improper Access Control"],"cweDetailsListForSearch":["cwe: CWE-284: Improper Access Control","cweUrl: https://cwe.mitre.org/data/definitions/284.html"],"unformattedDescription":"Improper access control in Microsoft Office allows an unauthorized attacker to perform spoofing locally.","mitreText":"CVE-2026-42832","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-42832","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000008,"impact":"Spoofing","langCode":"en-US","baseScore":"7.7","temporalScore":"6.7","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-284: Improper Access Control","https://cwe.mitre.org/data/definitions/284.html"]}],"articles":[{"title":"Microsoft Office Spoofing Vulnerability","articleType":"100000000","description":"

Improper access control in Microsoft Office allows an unauthorized attacker to perform spoofing locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Is the Preview Pane an attack vector for this vulnerability?

\n

No, the Preview Pane is not an attack vector.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-42832","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"31abb181-ab48-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000c348609e","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-42830","cveTitle":"Azure Monitor Agent Metrics Extension Elevation of Privilege Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Untrusted search path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-426: Untrusted Search Path"],"cweDetailsListForSearch":["cwe: CWE-426: Untrusted Search Path","cweUrl: https://cwe.mitre.org/data/definitions/426.html"],"unformattedDescription":"Untrusted search path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-42830","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-42830","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Azure Monitor Agent","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"6.5","temporalScore":"5.7","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-426: Untrusted Search Path","https://cwe.mitre.org/data/definitions/426.html"]}],"articles":[{"articleType":"FAQ","description":"

According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N) and availability (A:N), but could lead to major loss of integrity (I:H). What does that mean for this vulnerability?

\n

This primarily impacts integrity, as an attacker could execute unauthorized code and modify system behavior or trusted processes. There is no direct impact to confidentiality, as the scenario does not inherently provide access to sensitive data, and no impact to availability, as exploitation does not inherently disrupt service operation.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?

\n

An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities.

\n","ordinal":10000},{"title":"Azure Monitor Agent Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Untrusted search path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges an attacker could gain with a successful exploitation?

\n

The OpenSSL configuration auto\u2011loading behavior allows extension modules (such as MetricsExtension) to load automatically. Therefore, if an attacker was able to place a malicious DLL in a location referenced by the configuration, it could get loaded implicitly, that could result in arbitrary code execution with elevated privileges.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-42830","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"8e0eca54-0a48-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000f1ea69b6","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-42823","cveTitle":"Azure Logic Apps Elevation of Privilege Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Improper access control in Azure Logic Apps allows an authorized attacker to elevate privileges over a network.

\n","cweList":["CWE-284: Improper Access Control"],"cweDetailsListForSearch":["cwe: CWE-284: Improper Access Control","cweUrl: https://cwe.mitre.org/data/definitions/284.html"],"unformattedDescription":"Improper access control in Azure Logic Apps allows an authorized attacker to elevate privileges over a network.","mitreText":"CVE-2026-42823","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-42823","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Azure Logic Apps","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"9.9","temporalScore":"8.6","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-284: Improper Access Control","https://cwe.mitre.org/data/definitions/284.html"]}],"articles":[{"title":"Azure Logic Apps Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Improper access control in Azure Logic Apps allows an authorized attacker to elevate privileges over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What do customers do to protect themselves from the vulnerability?

\n

Customers will be notified via Azure Service Health notification if they are impacted by this vulnerability. These alerts will include specific mitigation guidance and required actions for affected Azure Logic Apps resources.

\n

Customers who have received an Azure Service Health notification for this issue can reference** Tracking ID:** 1P8-C0G in the Azure portal to review the applicable guidance and required remediation steps.

\n

The Security Updates table for this CVE will be updated as additional information becomes available.

\n

Additionally, customers who have subscribed to the Security Update Guide will be notified when this CVE is revised to reflect updated guidance or mitigation details. If you wish to be notified when updates are released, we recommend registering for security notifications to stay informed of content changes.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-42823","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"820fd8e3-9245-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00009b8d8373","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-41613","cveTitle":"Visual Studio Code Elevation of Privilege Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Session fixation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.

\n","cweList":["CWE-384: Session Fixation","CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"],"cweDetailsListForSearch":["cwe: CWE-384: Session Fixation","cweUrl: https://cwe.mitre.org/data/definitions/384.html","cwe: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","cweUrl: https://cwe.mitre.org/data/definitions/78.html"],"unformattedDescription":"Session fixation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.","mitreText":"CVE-2026-41613","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-41613","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Visual Studio Code","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"8.8","temporalScore":"7.7","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-384: Session Fixation","https://cwe.mitre.org/data/definitions/384.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","https://cwe.mitre.org/data/definitions/78.html"]}],"articles":[{"title":"Visual Studio Code Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Session fixation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited the vulnerability?

\n

A successful attacker could obtain the permissions associated with the MCP Server\u2019s managed identity. This may allow the attacker to access or perform actions on any resources that the managed identity is authorized to reach. The attacker does not gain broader tenant\u2011level or administrator permissions; only those tied to the compromised managed identity.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

\n

The user would have be enticed to open a malicious file in vscode. Users should never open anything that they do not know or trust to be safe.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-41613","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d8ed2552-c144-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000b565959d","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-41103","cveTitle":"Microsoft SSO Plugin for Jira & Confluence Elevation of Privilege Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Incorrect implementation of authentication algorithm in Microsoft SSO Plugin for Jira & Confluence allows an unauthorized attacker to elevate privileges over a network.

\n","cweList":["CWE-303: Incorrect Implementation of Authentication Algorithm"],"cweDetailsListForSearch":["cwe: CWE-303: Incorrect Implementation of Authentication Algorithm","cweUrl: https://cwe.mitre.org/data/definitions/303.html"],"unformattedDescription":"Incorrect implementation of authentication algorithm in Microsoft SSO Plugin for Jira & Confluence allows an unauthorized attacker to elevate privileges over a network.","mitreText":"CVE-2026-41103","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-41103","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":1,"latestSoftwareRelease":"Exploitation More Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft SSO Plugin for Jira & Confluence","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"9.1","temporalScore":"7.9","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-303: Incorrect Implementation of Authentication Algorithm","https://cwe.mitre.org/data/definitions/303.html"]}],"articles":[{"title":"Microsoft SSO Plugin for Jira & Confluence Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Incorrect implementation of authentication algorithm in Microsoft SSO Plugin for Jira & Confluence allows an unauthorized attacker to elevate privileges over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could bypass authentication and gain unauthorized access to Jira or Confluence as a valid user. This may allow the attacker to view or modify content and perform actions with the same permissions as the compromised account, based on the authorization levels defined for that user within the Jira or Confluence server.

\n","ordinal":10000},{"articleType":"FAQ","description":"

How could an attacker exploit the vulnerability?

\n

An attacker could exploit this vulnerability by sending a specially crafted SSO response during the login process that tricks the system into accepting a forged identity, allowing the attacker to sign in without authenticating the user through Microsoft Entra ID.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), and integrity (I:H), but could lead to no loss of availability (A:N). What does that mean for this vulnerability?

\n

This means that an attacker who successfully exploits the vulnerability could access sensitive information and modify data within Jira or Confluence based on the authorization defined for the user in those servers but availability is not impacted because the vulnerability only allows an attacker to bypass authentication and act as a legitimate user, without providing any capability to disrupt, degrade, or take down the Jira or Confluence service itself.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-41103","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"dd857975-3343-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00000c3fb8f3","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-40381","cveTitle":"Azure Connected Machine Agent Elevation of Privilege Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-284: Improper Access Control"],"cweDetailsListForSearch":["cwe: CWE-284: Improper Access Control","cweUrl: https://cwe.mitre.org/data/definitions/284.html"],"unformattedDescription":"Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-40381","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-40381","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Azure Connected Machine Agent","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-284: Improper Access Control","https://cwe.mitre.org/data/definitions/284.html"]}],"articles":[{"title":"Azure Connected Machine Agent Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

How could an attacker exploit this vulnerability?

\n

An attacker who already has access to the affected system could interfere with a local service port used by ArcProxy and respond with specially crafted authentication data. By doing this, the attacker can cause the service to access and return files that would normally only be available to a more privileged system account, potentially exposing sensitive information.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-40381","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e8534bdc-8942-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00009d7d5784","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-41097","cveTitle":"Secure Boot Security Feature Bypass Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Reliance on a component that is not updateable in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.

\n","cweList":["CWE-1329 - Reliance on Component That is Not Updateable"],"cweDetailsListForSearch":["cwe: CWE-1329 - Reliance on Component That is Not Updateable","cweUrl: https://cwe.mitre.org/data/definitions/1329.html"],"unformattedDescription":"Reliance on a component that is not updateable in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","mitreText":"CVE-2026-41097","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-41097","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Secure Boot","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000007,"impact":"Security Feature Bypass","langCode":"en-US","baseScore":"6.7","temporalScore":"5.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-1329 - Reliance on Component That is Not Updateable","https://cwe.mitre.org/data/definitions/1329.html"]}],"articles":[{"articleType":"FAQ","description":"

What kind of security feature could be bypassed by successfully exploiting this vulnerability?

\n

An attacker who successfully exploited this vulnerability could bypass Secure Boot.

\n","ordinal":10000},{"title":"Windows Secure Boot Security Feature Bypass Vulnerability","articleType":"100000000","description":"

Reliance on a component that is not updateable in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-41097","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"5978ea39-4842-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-000039f2fe26","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-41086","cveTitle":"Windows Admin Center in Azure Portal Elevation of Privilege Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network.

\n","cweList":["CWE-284: Improper Access Control"],"cweDetailsListForSearch":["cwe: CWE-284: Improper Access Control","cweUrl: https://cwe.mitre.org/data/definitions/284.html"],"unformattedDescription":"Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network.","mitreText":"CVE-2026-41086","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-41086","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Admin Center","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"8.8","temporalScore":"7.7","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-284: Improper Access Control","https://cwe.mitre.org/data/definitions/284.html"]}],"articles":[{"title":"Windows Admin Center Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

How could an attacker exploit this vulnerability?

\n

An authenticated attacker with low\u2011privileged access could exploit this vulnerability by sending a specially crafted request to the affected Windows Admin Center update API, allowing them to perform actions that their assigned permissions should not normally permit.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-41086","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e9daa6e2-ea3f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000142908c0","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-40420","cveTitle":"Microsoft Office Click-To-Run Elevation of Privilege Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Improper access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-284: Improper Access Control"],"cweDetailsListForSearch":["cwe: CWE-284: Improper Access Control","cweUrl: https://cwe.mitre.org/data/definitions/284.html"],"unformattedDescription":"Improper access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-40420","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-40420","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office Click-To-Run","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"8.8","temporalScore":"7.7","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-284: Improper Access Control","https://cwe.mitre.org/data/definitions/284.html"]}],"articles":[{"articleType":"FAQ","description":"

Is the Preview Pane an attack vector for this vulnerability?

\n

No, the Preview Pane is not an attack vector.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?

\n

This vulnerability could lead to a browser sandbox escape.

\n","ordinal":10000},{"title":"Microsoft Office Click-To-Run Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Improper access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-40420","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"412e1aba-403f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000055aa1da3","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-35436","cveTitle":"Microsoft Office Click-To-Run Elevation of Privilege Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Insufficient granularity of access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-1220: Insufficient Granularity of Access Control"],"cweDetailsListForSearch":["cwe: CWE-1220: Insufficient Granularity of Access Control","cweUrl: https://cwe.mitre.org/data/definitions/1220.html"],"unformattedDescription":"Insufficient granularity of access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-35436","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-35436","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office Click-To-Run","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"8.8","temporalScore":"7.7","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-1220: Insufficient Granularity of Access Control","https://cwe.mitre.org/data/definitions/1220.html"]}],"articles":[{"articleType":"FAQ","description":"

According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?

\n

This vulnerability could lead to a contained execution environment escape. Please refer to AppContainer Isolation for more information.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Is the Preview Pane an attack vector for this vulnerability?

\n

No, the Preview Pane is not an attack vector.

\n","ordinal":10000},{"title":"Microsoft Office Click-To-Run Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Insufficient granularity of access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-35436","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e4e0375a-403f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000efcd43d5","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-40418","cveTitle":"Microsoft Office Click-To-Run Elevation of Privilege Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-40418","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-40418","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office Click-To-Run","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"title":"Microsoft Office Click-To-Run Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Is the Preview Pane an attack vector for this vulnerability?

\n

No, the Preview Pane is not an attack vector.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-40418","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"2869cda3-2a3f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000046cb11d8","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-40413","cveTitle":"Windows TCP/IP Denial of Service Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over an adjacent network.

\n","cweList":["CWE-476: NULL Pointer Dereference"],"cweDetailsListForSearch":["cwe: CWE-476: NULL Pointer Dereference","cweUrl: https://cwe.mitre.org/data/definitions/476.html"],"unformattedDescription":"Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over an adjacent network.","mitreText":"CVE-2026-40413","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-40413","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows TCP/IP","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000001,"impact":"Denial of Service","langCode":"en-US","baseScore":"7.4","temporalScore":"6.4","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-476: NULL Pointer Dereference","https://cwe.mitre.org/data/definitions/476.html"]}],"articles":[{"title":"Windows TCP/IP Denial of Service Vulnerability","articleType":"100000000","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?

\n

In this case, a successful attack could be performed from a low privilege Hyper-V guest. The attacker could traverse the guest's security boundary to cause denial of service on the Hyper-V host environment.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS score, the attack vector is adjacent (AV:A). What does this mean for this vulnerability?

\n

This attack is limited to systems connected to the same network segment as the attacker. The attack cannot be performed across multiple networks (for example, a WAN) and would be limited to systems on the same network switch or virtual network.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-40413","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"24116540-ec3d-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000045cb11d8","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-40403","cveTitle":"Windows Graphics Component Remote Code Execution Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to execute code locally.

\n","cweList":["CWE-122: Heap-based Buffer Overflow"],"cweDetailsListForSearch":["cwe: CWE-122: Heap-based Buffer Overflow","cweUrl: https://cwe.mitre.org/data/definitions/122.html"],"unformattedDescription":"Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to execute code locally.","mitreText":"CVE-2026-40403","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-40403","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Win32K - GRFX","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"8.8","temporalScore":"7.7","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-122: Heap-based Buffer Overflow","https://cwe.mitre.org/data/definitions/122.html"]}],"articles":[{"articleType":"FAQ","description":"

According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?

\n

This vulnerability could lead to a contained execution environment escape. Please refer to AppContainer Isolation for more information.

\n","ordinal":10000},{"title":"Windows Win32K - GRFX Remote Code Execution Vulnerability","articleType":"100000000","description":"

Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to execute code locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

\n

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.\nThe vulnerable endpoint is only available over the local VM interface as all external communication is blocked. This means an attacker needs to execute code from the local machine to exploit the vulnerability.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?

\n

Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.

\n","ordinal":10000},{"articleType":"FAQ","description":"

How could an attacker exploit this vulnerability?

\n

An attacker can exploit this vulnerability by getting access to the local guest VM so they can attack the Host OS.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-40403","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"fa703a92-d23d-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000e03fb97a","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-40402","cveTitle":"Windows Hyper-V Elevation of Privilege Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally.

\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally.","mitreText":"CVE-2026-40402","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-40402","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Hyper-V","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"9.3","temporalScore":"8.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"title":"Windows Hyper-V Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Under what circumstances might this vulnerability be exploited other than as a denial of service attack against a Hyper-V host?

\n

This issue allows a guest VM to force the Hyper-V host's kernel to read from an arbitrary, potentially invalid address. The contents of the address read would not be returned to the guest VM. In most circumstances, this would result in a denial of service of the Hyper-V host (bugcheck) due to reading an unmapped address. It is possible to read from a memory mapped device register corresponding to a hardware device attached to the Hyper-V host which may trigger additional, hardware device specific side effects that could compromise the Hyper-V host's security.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?

\n

In this case, a successful attack could be performed from a low privilege Hyper-V guest. The attacker could traverse the guest's security boundary to gain access to the Hyper-V host environment.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-40402","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"1c306910-d23d-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00007bb4601d","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-40401","cveTitle":"Windows TCP/IP Denial of Service Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service locally.

\n","cweList":["CWE-476: NULL Pointer Dereference"],"cweDetailsListForSearch":["cwe: CWE-476: NULL Pointer Dereference","cweUrl: https://cwe.mitre.org/data/definitions/476.html"],"unformattedDescription":"Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service locally.","mitreText":"CVE-2026-40401","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-40401","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows TCP/IP","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000001,"impact":"Denial of Service","langCode":"en-US","baseScore":"7.1","temporalScore":"6.2","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-476: NULL Pointer Dereference","https://cwe.mitre.org/data/definitions/476.html"]}],"articles":[{"title":"Windows TCP/IP Denial of Service Vulnerability","articleType":"100000000","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?

\n

In this case, a successful attack could be performed from a low privilege Hyper-V guest. The attacker could traverse the guest's security boundary to cause denial of service on the Hyper-V host environment.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-40401","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"248a30df-d13d-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00004a6f4c66","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-40398","cveTitle":"Windows Remote Desktop Services Elevation of Privilege Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Heap-based buffer overflow in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-122: Heap-based Buffer Overflow"],"cweDetailsListForSearch":["cwe: CWE-122: Heap-based Buffer Overflow","cweUrl: https://cwe.mitre.org/data/definitions/122.html"],"unformattedDescription":"Heap-based buffer overflow in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-40398","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-40398","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":1,"latestSoftwareRelease":"Exploitation More Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Remote Desktop","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-122: Heap-based Buffer Overflow","https://cwe.mitre.org/data/definitions/122.html"]}],"articles":[{"title":"Windows Remote Desktop Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Heap-based buffer overflow in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-40398","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"1609f36e-cd3d-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00006c389858","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-32209","cveTitle":"Windows Filtering Platform (WFP) Security Feature Bypass Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Improper access control in Windows Filtering Platform (WFP) allows an authorized attacker to bypass a security feature locally.

\n","cweList":["CWE-284: Improper Access Control"],"cweDetailsListForSearch":["cwe: CWE-284: Improper Access Control","cweUrl: https://cwe.mitre.org/data/definitions/284.html"],"unformattedDescription":"Improper access control in Windows Filtering Platform (WFP) allows an authorized attacker to bypass a security feature locally.","mitreText":"CVE-2026-32209","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32209","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Filtering Platform (WFP)","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000007,"impact":"Security Feature Bypass","langCode":"en-US","baseScore":"4.4","temporalScore":"3.9","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-284: Improper Access Control","https://cwe.mitre.org/data/definitions/284.html"]}],"articles":[{"title":"Windows Filtering Platform (WFP) Security Feature Bypass Vulnerability","articleType":"100000000","description":"

Improper access control in Windows Filtering Platform (WFP) allows an authorized attacker to bypass a security feature locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What kind of security feature could be bypassed by successfully exploiting this vulnerability?

\n

Successfully exploiting this vulnerability could allow an attacker to bypass network security protections that rely on Fully Qualified Domain Name (FQDN)\u2011based rules, such as policies that block or allow network connections based on domain names. This could reduce the effectiveness of security features that depend on those domain\u2011based network controls.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L), and integrity (I:L) but lead to no loss of availability (A:N). What is the impact of this vulnerability?

\n

Successful exploitation allows limited tampering with security configuration (low integrity impact) but does not expose sensitive data or disrupt system availability. In short, the vulnerability weakens specific security enforcement controls without causing data disclosure or service outages.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32209","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"382cfd10-cb3d-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000affaa4c3","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-40397","cveTitle":"Windows Common Log File System Driver Elevation of Privilege Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Integer underflow (wrap or wraparound) in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-191: Integer Underflow (Wrap or Wraparound)"],"cweDetailsListForSearch":["cwe: CWE-191: Integer Underflow (Wrap or Wraparound)","cweUrl: https://cwe.mitre.org/data/definitions/191.html"],"unformattedDescription":"Integer underflow (wrap or wraparound) in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-40397","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-40397","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":1,"latestSoftwareRelease":"Exploitation More Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Common Log File System Driver","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-191: Integer Underflow (Wrap or Wraparound)","https://cwe.mitre.org/data/definitions/191.html"]}],"articles":[{"title":"Windows Common Log File System Driver Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Integer underflow (wrap or wraparound) in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000},{"title":"Windows Common Log File System Driver Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Integer underflow (wrap or wraparound) in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-40397","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a14656a9-ab3d-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000a7b35f96","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-40382","cveTitle":"Windows Telephony Service Elevation of Privilege Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-40382","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-40382","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Telephony Service","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"title":"Windows Telephony Service Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-40382","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c41b3ea5-9f3d-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000e6e3f308","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-40369","cveTitle":"Windows Kernel Elevation of Privilege Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-822: Untrusted Pointer Dereference"],"cweDetailsListForSearch":["cwe: CWE-822: Untrusted Pointer Dereference","cweUrl: https://cwe.mitre.org/data/definitions/822.html"],"unformattedDescription":"Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-40369","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-40369","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":1,"latestSoftwareRelease":"Exploitation More Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Kernel","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-822: Untrusted Pointer Dereference","https://cwe.mitre.org/data/definitions/822.html"]}],"articles":[{"title":"Windows Kernel Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited the vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-40369","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"daa488c2-873a-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000074ca1051","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-40370","cveTitle":"SQL Server Remote Code Execution Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

External control of file name or path in SQL Server allows an authorized attacker to execute code over a network.

\n","cweList":["CWE-73: External Control of File Name or Path"],"cweDetailsListForSearch":["cwe: CWE-73: External Control of File Name or Path","cweUrl: https://cwe.mitre.org/data/definitions/73.html"],"unformattedDescription":"External control of file name or path in SQL Server allows an authorized attacker to execute code over a network.","mitreText":"CVE-2026-40370","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-40370","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"SQL Server","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"8.8","temporalScore":"7.7","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-73: External Control of File Name or Path","https://cwe.mitre.org/data/definitions/73.html"]}],"articles":[{"title":"SQL Server Remote Code Execution Vulnerability","articleType":"100000000","description":"

External control of file name or path in SQL Server allows an authorized attacker to execute code over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

How could an attacker exploit this vulnerability?

\n

An authenticated attacker with explicit permissions could exploit the vulnerability by logging in to the SQL server and could then elevate their privileges to sysadmin.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, the attack vector is network (AV:N), and privilege required is low (PR:L). What is the target used in the context of the remote code execution?

\n

The attacker for this vulnerability could target the server accounts in an arbitrary or remote code execution. As an authenticated user, the attacker could attempt to trigger malicious code in the context of the server's account through a network call.

\n

The privilege requirement is low because the attacker needs to be authenticated as a normal user.

\n","ordinal":10000},{"articleType":"FAQ","description":"

I am running SQL Server on my system. What action do I need to take?

\n

Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates.

\n

There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?

\n\n

Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product to apply this and future security updates.

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Update NumberTitleVersionApply if current product version is\u2026This security update also includes servicing releases up through\u2026
5089899Security update for SQL Server 2025 CU4+GDR17.0.4040.117.0.4006.2 - 17.0.4035.5KB5081495 -\u00a0Previous SQL2025 RTM CU4
5091223Security update for SQL Server 2025 RTM+GDR17.0.1115.117.0.1000.7 - 17.0.1110.1KB5084814 - Previous SQL2025 RTM GDR
5089900Security update for SQL Server 2022 CU24+GDR16.0.4252.316.0.4003.1 -\u00a016.0.4250.1KB5083252 - Previous SQL2022 RTM CU24
5091158Security update for SQL Server 2022 RTM+GDR16.0.1180.116.0.1000.6 -\u00a016.0.1175.1KB5084815 - Previous SQL2022 RTM GDR
5090407Security update for SQL Server 2019 CU32+GDR15.0.4470.115.0.4003.23 - 15.0.4465.1KB 5084816 - Previous SQL2019 RTM CU32 GDR
5090408Security update for SQL Server 2019 RTM+GDR15.0.2170.115.0.2000.5 - 15.0.2165.1KB 5084817 - Previous SQL2019 RTM GDR
5090354Security update for SQL Server 2017 CU31+GDR14.0.3530.214.0.3006.16 - 14.0.3525.1KB 5084818 - Previous SQL2017 RTM CU31 GDR
5090347Security update for SQL Server 2017 RTM+GDR14.0.2110.214.0.1000.169 - 14.0.2105.1KB 5084819 - Previous SQL2017 RTM GDR
5089270Security update for SQL Server 2016 Azure Connect Feature Pack+GDR13.0.7085.113.0.7000.253 - 13.0.7080.1KB 5084820 - Previous SQL2016 Azure Connect Feature Pack\u00a0GDR
5089271Security update for SQL Server 2016 SP3+GDR13.0.6490.113.0.6300.2 - 13.0.6485.1KB 5084821 - Previous SQL2016 RTM GDR
\n

What are the GDR and CU update designations and how do they differ?

\n

The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.

\n\n

For any given baseline, either the GDR or CU updates could be options (see below).

\n\n

Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path.

\n

Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?

\n

Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-40370","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"9a4d7848-e039-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000b0faa4c3","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-40367","cveTitle":"Microsoft Word Remote Code Execution Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.

\n","cweList":["CWE-822: Untrusted Pointer Dereference"],"cweDetailsListForSearch":["cwe: CWE-822: Untrusted Pointer Dereference","cweUrl: https://cwe.mitre.org/data/definitions/822.html"],"unformattedDescription":"Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.","mitreText":"CVE-2026-40367","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-40367","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office Word","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"8.4","temporalScore":"7.3","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-822: Untrusted Pointer Dereference","https://cwe.mitre.org/data/definitions/822.html"]}],"articles":[{"title":"Microsoft Office Word Remote Code Execution Vulnerability","articleType":"100000000","description":"

Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Is the Preview Pane an attack vector for this vulnerability?

\n

Yes, the Preview Pane is an attack vector.

\n","ordinal":10000},{"articleType":"FAQ","description":"

There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?

\n

Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

\n

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-40367","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"7fff0f5a-cb39-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00007a11567e","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-40365","cveTitle":"Microsoft SharePoint Server Remote Code Execution Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Insufficient granularity of access control in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

\n","cweList":["CWE-1220: Insufficient Granularity of Access Control"],"cweDetailsListForSearch":["cwe: CWE-1220: Insufficient Granularity of Access Control","cweUrl: https://cwe.mitre.org/data/definitions/1220.html"],"unformattedDescription":"Insufficient granularity of access control in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.","mitreText":"CVE-2026-40365","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-40365","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office SharePoint","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"8.8","temporalScore":"7.7","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-1220: Insufficient Granularity of Access Control","https://cwe.mitre.org/data/definitions/1220.html"]}],"articles":[{"articleType":"FAQ","description":"

According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?

\n

Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.

\n","ordinal":10000},{"articleType":"FAQ","description":"

How could an attacker exploit the vulnerability?

\n

In a network-based attack, an authenticated attacker, as at least a Site Owner, could write arbitrary code to inject and execute code remotely on the SharePoint Server.

\n","ordinal":10000},{"articleType":"FAQ","description":"

I am running SharePoint Server 2016. Do the updates for SharePoint Enterprise Server 2016 also apply to the version I am running?

\n

Yes. The same KB number applies to both SharePoint Server 2016 and SharePoint Enterprise Server 2016. Customers running either version should install the security update to be protected from this vulnerability.

\n","ordinal":10000},{"title":"Microsoft Office SharePoint Remote Code Execution Vulnerability","articleType":"100000000","description":"

Insufficient granularity of access control in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-40365","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"0d4dd5f3-ca39-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000a9b35f96","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-40362","cveTitle":"Microsoft Excel Remote Code Execution Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

\n","cweList":["CWE-122: Heap-based Buffer Overflow"],"cweDetailsListForSearch":["cwe: CWE-122: Heap-based Buffer Overflow","cweUrl: https://cwe.mitre.org/data/definitions/122.html"],"unformattedDescription":"Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.","mitreText":"CVE-2026-40362","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-40362","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office Excel","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-122: Heap-based Buffer Overflow","https://cwe.mitre.org/data/definitions/122.html"]}],"articles":[{"title":"Microsoft Office Excel Remote Code Execution Vulnerability","articleType":"100000000","description":"

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

\n

An attacker must send a user a malicious Office file and convince them to open it.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Is the Preview Pane an attack vector for this vulnerability?

\n

No, the Preview Pane is not an attack vector.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

\n

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.

\n

For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-40362","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"4a300ba5-c939-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00000e3fb8f3","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-40361","cveTitle":"Microsoft Word Remote Code Execution Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.","mitreText":"CVE-2026-40361","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-40361","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":1,"latestSoftwareRelease":"Exploitation More Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office Word","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"8.4","temporalScore":"7.3","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"title":"Microsoft Office Word Remote Code Execution Vulnerability","articleType":"100000000","description":"

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Is the Preview Pane an attack vector for this vulnerability?

\n

Yes, the Preview Pane is an attack vector.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

\n

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.

\n

For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-40361","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a1cdeff9-c839-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000e9e3f308","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-40359","cveTitle":"Microsoft Excel Remote Code Execution Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.","mitreText":"CVE-2026-40359","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-40359","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office Excel","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"title":"Microsoft Office Excel Remote Code Execution Vulnerability","articleType":"100000000","description":"

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Is the Preview Pane an attack vector for this vulnerability?

\n

No, the Preview Pane is not an attack vector.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

\n

An attacker must send a user a malicious Office file and convince them to open it.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

\n

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.

\n

For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-40359","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"68452c33-c839-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00004e6f4c66","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-40358","cveTitle":"Microsoft Office Remote Code Execution Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.","mitreText":"CVE-2026-40358","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-40358","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"8.4","temporalScore":"7.3","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"title":"Microsoft Office Remote Code Execution Vulnerability","articleType":"100000000","description":"

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Is the Preview Pane an attack vector for this vulnerability?

\n

Yes, the Preview Pane is an attack vector.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

\n

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.

\n

For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-40358","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"4ea94612-c839-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000b3faa4c3","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-40357","cveTitle":"Microsoft SharePoint Server Remote Code Execution Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

\n","cweList":["CWE-502: Deserialization of Untrusted Data"],"cweDetailsListForSearch":["cwe: CWE-502: Deserialization of Untrusted Data","cweUrl: https://cwe.mitre.org/data/definitions/502.html"],"unformattedDescription":"Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.","mitreText":"CVE-2026-40357","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-40357","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office SharePoint","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"8.8","temporalScore":"7.7","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-502: Deserialization of Untrusted Data","https://cwe.mitre.org/data/definitions/502.html"]}],"articles":[{"articleType":"FAQ","description":"

According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?

\n

Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.

\n","ordinal":10000},{"articleType":"FAQ","description":"

I am running SharePoint Server 2016. Do the updates for SharePoint Enterprise Server 2016 also apply to the version I am running?

\n

Yes. The same KB number applies to both SharePoint Server 2016 and SharePoint Enterprise Server 2016. Customers running either version should install the security update to be protected from this vulnerability.

\n","ordinal":10000},{"articleType":"FAQ","description":"

How could an attacker exploit the vulnerability?

\n

In a network-based attack, an authenticated attacker, who has a minimum of Site Member permissions (PR:L), could execute code remotely on the SharePoint Server.

\n","ordinal":10000},{"title":"Microsoft Office SharePoint Remote Code Execution Vulnerability","articleType":"100000000","description":"

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-40357","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b8bbd164-c739-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00005b8bc64b","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-34341","cveTitle":"Windows Link-Layer Discovery Protocol (LLDP) Elevation of Privilege Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Double free in Windows Link-Layer Discovery Protocol (LLDP) allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-415: Double Free"],"cweDetailsListForSearch":["cwe: CWE-415: Double Free","cweUrl: https://cwe.mitre.org/data/definitions/415.html"],"unformattedDescription":"Double free in Windows Link-Layer Discovery Protocol (LLDP) allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-34341","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-34341","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Link-Layer Discovery Protocol (LLDP)","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.0","temporalScore":"6.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-415: Double Free","https://cwe.mitre.org/data/definitions/415.html"]}],"articles":[{"title":"Windows Link-Layer Discovery Protocol (LLDP) Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Double free in Windows Link-Layer Discovery Protocol (LLDP) allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

\n

Successful exploitation of this vulnerability requires an attacker to win a race condition.

\n","ordinal":10000},{"title":"Windows Link-Layer Discovery Protocol (LLDP) Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Double free in Windows Link-Layer Discovery Protocol (LLDP) allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-34341","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"cca669a6-9136-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000f6ff6dee","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-34340","cveTitle":"Windows Projected File System Elevation of Privilege Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Use after free in Windows Projected File System allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Windows Projected File System allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-34340","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-34340","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Projected File System","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.0","temporalScore":"6.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"title":"Windows Projected File System Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Use after free in Windows Projected File System allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

\n

Successful exploitation of this vulnerability requires an attacker to win a race condition.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-34340","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"6eb00270-9136-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00002e300261","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-34339","cveTitle":"Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Null pointer dereference in Windows LDAP - Lightweight Directory Access Protocol allows an authorized attacker to deny service locally.

\n","cweList":["CWE-476: NULL Pointer Dereference"],"cweDetailsListForSearch":["cwe: CWE-476: NULL Pointer Dereference","cweUrl: https://cwe.mitre.org/data/definitions/476.html"],"unformattedDescription":"Null pointer dereference in Windows LDAP - Lightweight Directory Access Protocol allows an authorized attacker to deny service locally.","mitreText":"CVE-2026-34339","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-34339","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows LDAP - Lightweight Directory Access Protocol","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000001,"impact":"Denial of Service","langCode":"en-US","baseScore":"5.5","temporalScore":"4.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-476: NULL Pointer Dereference","https://cwe.mitre.org/data/definitions/476.html"]}],"articles":[{"title":"Windows LDAP - Lightweight Directory Access Protocol Denial of Service Vulnerability","articleType":"100000000","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-34339","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ecb0b8a6-9036-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000c9a4a903","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-34338","cveTitle":"Windows Telephony Service Elevation of Privilege Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-34338","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-34338","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Telephony Service","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000},{"title":"Windows Telephony Service Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-34338","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"5de9752d-9036-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000b4cfd97b","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-34337","cveTitle":"Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-416: Use After Free","CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html","cwe: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","cweUrl: https://cwe.mitre.org/data/definitions/362.html"],"unformattedDescription":"Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-34337","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-34337","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Cloud Files Mini Filter Driver","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","https://cwe.mitre.org/data/definitions/362.html"]}],"articles":[{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000},{"title":"Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-34337","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"8fd8677e-8f36-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00004f44811e","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-34336","cveTitle":"Windows DWM Core Library Information Disclosure Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Buffer over-read in Windows DWM Core Library allows an authorized attacker to disclose information locally.

\n","cweList":["CWE-126: Buffer Over-read"],"cweDetailsListForSearch":["cwe: CWE-126: Buffer Over-read","cweUrl: https://cwe.mitre.org/data/definitions/126.html"],"unformattedDescription":"Buffer over-read in Windows DWM Core Library allows an authorized attacker to disclose information locally.","mitreText":"CVE-2026-34336","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-34336","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows DWM Core Library","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000003,"impact":"Information Disclosure","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-126: Buffer Over-read","https://cwe.mitre.org/data/definitions/126.html"]}],"articles":[{"title":"Windows DWM Core Library Information Disclosure Vulnerability","articleType":"100000000","description":"

Buffer over-read in Windows DWM Core Library allows an authorized attacker to disclose information locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What type of information could be disclosed by this vulnerability?

\n

An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-34336","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"44757ae8-8e36-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000852dd063","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-34334","cveTitle":"Windows TCP/IP Elevation of Privilege Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"],"cweDetailsListForSearch":["cwe: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","cweUrl: https://cwe.mitre.org/data/definitions/362.html"],"unformattedDescription":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-34334","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-34334","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows TCP/IP","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","https://cwe.mitre.org/data/definitions/362.html"]}],"articles":[{"title":"Windows TCP/IP Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-34334","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"975b98f7-8d36-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000bb161fa9","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-34332","cveTitle":"Windows Kernel-Mode Driver Remote Code Execution Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to execute code over a network.

\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to execute code over a network.","mitreText":"CVE-2026-34332","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-34332","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Kernel-Mode Drivers","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"8.0","temporalScore":"7.0","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"title":"Windows Kernel-Mode Drivers Remote Code Execution Vulnerability","articleType":"100000000","description":"

Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to execute code over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are low (PR:L). What does that mean for this vulnerability?

\n

Exploitation of this vulnerability requires an authorized attacker on the domain to wait for a user to initiate a connection to a malicious server that the attacker has set up prior to the user connecting.

\n","ordinal":10000},{"articleType":"FAQ","description":"

How could an attacker exploit the vulnerability?

\n

An attacker could exploit this vulnerability by sending a specially crafted NVMe over Fabrics (NVMe\u2011oF) response message during the connection handshake process that contains an invalid header length value.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-34332","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"fd490501-0e36-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000e5a9fd58","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-33838","cveTitle":"Windows Message Queuing (MSMQ) Elevation of Privilege Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Double free in Windows Message Queuing allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-415: Double Free"],"cweDetailsListForSearch":["cwe: CWE-415: Double Free","cweUrl: https://cwe.mitre.org/data/definitions/415.html"],"unformattedDescription":"Double free in Windows Message Queuing allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-33838","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-33838","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Message Queuing","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-415: Double Free","https://cwe.mitre.org/data/definitions/415.html"]}],"articles":[{"title":"Windows Message Queuing Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Double free in Windows Message Queuing allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-33838","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"cc0cc032-e734-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000022da91cb","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-33837","cveTitle":"Windows TCP/IP Local Elevation of Privilege Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Heap-based buffer overflow in Windows TCP/IP allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-122: Heap-based Buffer Overflow"],"cweDetailsListForSearch":["cwe: CWE-122: Heap-based Buffer Overflow","cweUrl: https://cwe.mitre.org/data/definitions/122.html"],"unformattedDescription":"Heap-based buffer overflow in Windows TCP/IP allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-33837","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-33837","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":1,"latestSoftwareRelease":"Exploitation More Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows TCP/IP","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-122: Heap-based Buffer Overflow","https://cwe.mitre.org/data/definitions/122.html"]}],"articles":[{"title":"Windows TCP/IP Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Heap-based buffer overflow in Windows TCP/IP allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

How could an attacker exploit this vulnerability?

\n

An attacker could exploit this vulnerability locally by running code with limited privileges and then interacting with the tcpip.sys kernel driver to gain elevated (kernel-level) privileges on the system.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-33837","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"261b49da-e334-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000ecf04286","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-33835","cveTitle":"Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-33835","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-33835","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":1,"latestSoftwareRelease":"Exploitation More Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Cloud Files Mini Filter Driver","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"title":"Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-33835","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"0edf5614-e034-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00008eac2f56","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-33833","cveTitle":"Azure Machine Learning Notebook Spoofing Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Improper neutralization of special elements in output used by a downstream component ('injection') in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network.

\n","cweList":["CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')"],"cweDetailsListForSearch":["cwe: CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')","cweUrl: https://cwe.mitre.org/data/definitions/74.html"],"unformattedDescription":"Improper neutralization of special elements in output used by a downstream component ('injection') in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network.","mitreText":"CVE-2026-33833","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-33833","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Azure Machine Learning","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000008,"impact":"Spoofing","langCode":"en-US","baseScore":"8.2","temporalScore":"7.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')","https://cwe.mitre.org/data/definitions/74.html"]}],"articles":[{"title":"Azure Machine Learning Spoofing Vulnerability","articleType":"100000000","description":"

Improper neutralization of special elements in output used by a downstream component ('injection') in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), and some loss of integrity (I:L), but no loss of availability (A:N). What does that mean for this vulnerability?

\n

An attacker who successfully exploited this vulnerability could view sensitive information, (Confidentiality), and make some changes to disclosed information (Integrity), but they would not be able to affect Availability.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

\n

Exploitation would require a user to open or view a maliciously crafted notebook so that the affected content is rendered.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?

\n

An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities.

\n","ordinal":10002},{"articleType":"FAQ","description":"

How could an attacker exploit this vulnerability?

\n

An attacker could create or import a specially crafted Azure ML notebook containing malicious styling content in a Markdown cell, which may be rendered when the notebook is viewed and could expose sensitive information displayed within the Azure ML web interface.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-33833","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"97721367-9834-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000054d99044","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-33112","cveTitle":"Microsoft SharePoint Server Remote Code Execution Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

\n","cweList":["CWE-502: Deserialization of Untrusted Data"],"cweDetailsListForSearch":["cwe: CWE-502: Deserialization of Untrusted Data","cweUrl: https://cwe.mitre.org/data/definitions/502.html"],"unformattedDescription":"Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.","mitreText":"CVE-2026-33112","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-33112","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office SharePoint","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"8.8","temporalScore":"7.7","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-502: Deserialization of Untrusted Data","https://cwe.mitre.org/data/definitions/502.html"]}],"articles":[{"title":"Microsoft Office SharePoint Remote Code Execution Vulnerability","articleType":"100000000","description":"

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

\n","ordinal":10000},{"title":"Microsoft SharePoint Server Remote Code Execution Vulnerability","articleType":"VulnerabilityDescription","ordinal":10000},{"articleType":"FAQ","description":"

I am running SharePoint Server 2016. Do the updates for SharePoint Enterprise Server 2016 also apply to the version I am running?

\n

Yes. The same KB number applies to both SharePoint Server 2016 and SharePoint Enterprise Server 2016. Customers running either version should install the security update to be protected from this vulnerability.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?

\n

Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.

\n","ordinal":10000},{"articleType":"FAQ","description":"

How could an attacker exploit the vulnerability?

\n

In a network-based attack, an attacker authenticated as at least a Site Owner, could write arbitrary code to inject and execute code remotely on the SharePoint Server.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-33112","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"69b8b24b-3e2d-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00001ef041ff","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-33110","cveTitle":"Microsoft SharePoint Server Remote Code Execution Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

\n","cweList":["CWE-502: Deserialization of Untrusted Data"],"cweDetailsListForSearch":["cwe: CWE-502: Deserialization of Untrusted Data","cweUrl: https://cwe.mitre.org/data/definitions/502.html"],"unformattedDescription":"Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.","mitreText":"CVE-2026-33110","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-33110","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office SharePoint","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"8.8","temporalScore":"7.7","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-502: Deserialization of Untrusted Data","https://cwe.mitre.org/data/definitions/502.html"]}],"articles":[{"title":"Microsoft SharePoint Server Remote Code Execution Vulnerability","articleType":"VulnerabilityDescription","ordinal":10000},{"articleType":"FAQ","description":"

I am running SharePoint Server 2016. Do the updates for SharePoint Enterprise Server 2016 also apply to the version I am running?

\n

Yes. The same KB number applies to both SharePoint Server 2016 and SharePoint Enterprise Server 2016. Customers running either version should install the security update to be protected from this vulnerability.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?

\n

Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.

\n","ordinal":10000},{"articleType":"FAQ","description":"

How could an attacker exploit the vulnerability?

\n

In a network-based attack, an authenticated attacker, who has a minimum of Site Member permissions (PR:L), could execute code remotely on the SharePoint Server.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, the attack vector is network (AV:N) and the attack complexity is low (AC:L). What does that mean for this vulnerability?

\n

The attack vector is Network (AV:N) because this vulnerability is remotely exploitable and can be exploited from the internet. The attack complexity is Low (AC:L) because an attacker does not require significant prior knowledge of the system and can achieve repeatable success with the payload against the vulnerable component.

\n","ordinal":10000},{"title":"Microsoft Office SharePoint Remote Code Execution Vulnerability","articleType":"100000000","description":"

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

\n","ordinal":10000},{"title":"Microsoft Office SharePoint Remote Code Execution Vulnerability","articleType":"100000000","description":"

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-33110","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e9bd6897-3d2d-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000462f7de6","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-42899","cveTitle":"ASP.NET Core Denial of Service Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Loop with unreachable exit condition ('infinite loop') in ASP.NET Core allows an unauthorized attacker to deny service over a network.

\n","cweList":["CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')"],"cweDetailsListForSearch":["cwe: CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')","cweUrl: https://cwe.mitre.org/data/definitions/835.html"],"unformattedDescription":"Loop with unreachable exit condition ('infinite loop') in ASP.NET Core allows an unauthorized attacker to deny service over a network.","mitreText":"CVE-2026-42899","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-42899","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"ASP.NET Core","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000001,"impact":"Denial of Service","langCode":"en-US","baseScore":"7.5","temporalScore":"6.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')","https://cwe.mitre.org/data/definitions/835.html"]}],"articles":[{"title":"ASP.NET Core Denial of Service Vulnerability","articleType":"100000000","description":"

Loop with unreachable exit condition ('infinite loop') in ASP.NET Core allows an unauthorized attacker to deny service over a network.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-42899","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"6dcf66a8-224b-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000e1a32489","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-42898","cveTitle":"Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-13T07:00:00-07:00","description":"

Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.

\n","cweList":["CWE-94: Improper Control of Generation of Code ('Code Injection')"],"cweDetailsListForSearch":["cwe: CWE-94: Improper Control of Generation of Code ('Code Injection')","cweUrl: https://cwe.mitre.org/data/definitions/94.html"],"unformattedDescription":"Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.","mitreText":"CVE-2026-42898","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-42898","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Dynamics 365 (on-premises)","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"9.9","temporalScore":"8.6","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-94: Improper Control of Generation of Code ('Code Injection')","https://cwe.mitre.org/data/definitions/94.html"]}],"articles":[{"title":"Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability","articleType":"100000000","description":"

Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?

\n

Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?

\n

An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities.

\n","ordinal":10002},{"articleType":"FAQ","description":"

How could an attacker exploit this vulnerability?

\n

An attacker with the required permissions could modify the saved state of a process session in Dynamics CRM and trigger the system to process that data, which could result in the server unintentionally executing malicious code.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-42898","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ed94ce68-084b-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-42898","version":1.2,"revisionDate":"2026-05-13T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Acknowledgement Updated

\n","unformattedDescription":"Acknowledgement Updated","notificationNeeded":false,"notificationSent":false,"sourceId":"3e7a6919-f54e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-42898","version":1.1,"revisionDate":"2026-05-13T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Updated the fixed version number. This is an informational change only.

\n","unformattedDescription":"Updated the fixed version number. This is an informational change only.","notificationNeeded":false,"notificationSent":false,"sourceId":"15cef065-d44e-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000ef31afe3","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-42896","cveTitle":"Windows DWM Core Library Elevation of Privilege Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-190: Integer Overflow or Wraparound","CWE-122: Heap-based Buffer Overflow"],"cweDetailsListForSearch":["cwe: CWE-190: Integer Overflow or Wraparound","cweUrl: https://cwe.mitre.org/data/definitions/190.html","cwe: CWE-122: Heap-based Buffer Overflow","cweUrl: https://cwe.mitre.org/data/definitions/122.html"],"unformattedDescription":"Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-42896","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-42896","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows DWM Core Library","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-190: Integer Overflow or Wraparound","https://cwe.mitre.org/data/definitions/190.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-122: Heap-based Buffer Overflow","https://cwe.mitre.org/data/definitions/122.html"]}],"articles":[{"title":"Windows DWM Core Library Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-42896","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"92774637-014b-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-000093a65686","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-42825","cveTitle":"Windows Telephony Service Elevation of Privilege Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-42825","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-42825","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Telephony Service","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.0","temporalScore":"6.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"title":"Windows Telephony Service Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

\n

Successful exploitation of this vulnerability requires an attacker to win a race condition.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-42825","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"2186714e-6c4a-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-000036a9fcd1","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-32175","cveTitle":".NET Core Tampering Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable system. However, an attacker would have limited control over the destination of the files and directories.

\n

To exploit the vulnerability, an attacker must send a specially crafted file to a vulnerable system.

\n

The security update fixes the vulnerability by ensuring .NET Core properly handles files.

\n","cweList":["CWE-36: Absolute Path Traversal"],"cweDetailsListForSearch":["cwe: CWE-36: Absolute Path Traversal","cweUrl: https://cwe.mitre.org/data/definitions/36.html"],"unformattedDescription":"A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable system. However, an attacker would have limited control over the destination of the files and directories.\n\nTo exploit the vulnerability, an attacker must send a specially crafted file to a vulnerable system.\n\nThe security update fixes the vulnerability by ensuring .NET Core properly handles files.","mitreText":"CVE-2026-32175","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32175","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":".NET","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000009,"impact":"Tampering","langCode":"en-US","baseScore":"4.3","temporalScore":"3.8","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-36: Absolute Path Traversal","https://cwe.mitre.org/data/definitions/36.html"]}],"articles":[{"title":".NET Tampering Vulnerability","articleType":"100000000","description":"

Absolute path traversal in .NET allows an authorized attacker to perform tampering over a network.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32175","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"5cce7765-294a-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000028d4b8fb","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-42831","cveTitle":"Microsoft Office Remote Code Execution Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

\n","cweList":["CWE-122: Heap-based Buffer Overflow"],"cweDetailsListForSearch":["cwe: CWE-122: Heap-based Buffer Overflow","cweUrl: https://cwe.mitre.org/data/definitions/122.html"],"unformattedDescription":"Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.","mitreText":"CVE-2026-42831","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-42831","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-122: Heap-based Buffer Overflow","https://cwe.mitre.org/data/definitions/122.html"]}],"articles":[{"articleType":"FAQ","description":"

According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

\n

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

\n

An attacker must send a user a malicious Office file and convince them to open it.

\n","ordinal":10000},{"title":"Microsoft Office Remote Code Execution Vulnerability","articleType":"100000000","description":"

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Is the Preview Pane an attack vector for this vulnerability?

\n

No, the Preview Pane is not an attack vector.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-42831","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"0ad882a2-9a48-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00002fa9fcd1","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-32185","cveTitle":"Microsoft Teams Spoofing Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-18T07:00:00-07:00","description":"

Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attacker to perform spoofing locally.

\n","cweList":["CWE-552: Files or Directories Accessible to External Parties"],"cweDetailsListForSearch":["cwe: CWE-552: Files or Directories Accessible to External Parties","cweUrl: https://cwe.mitre.org/data/definitions/552.html"],"unformattedDescription":"Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attacker to perform spoofing locally.","mitreText":"CVE-2026-32185","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32185","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Teams","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000008,"impact":"Spoofing","langCode":"en-US","baseScore":"5.5","temporalScore":"4.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-552: Files or Directories Accessible to External Parties","https://cwe.mitre.org/data/definitions/552.html"]}],"articles":[{"title":"Microsoft Teams Spoofing Vulnerability","articleType":"100000000","description":"

Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attacker to perform spoofing locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Are the updates for the Microsoft Teams for Android currently available?

\n

The security update for Microsoft Teams for Android are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32185","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d287aed2-9848-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-32185","version":2,"revisionDate":"2026-05-18T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

The security update for Microsoft Teams for Android is not immediately available. Customers running affected Microsoft Teams for would need to install the update to be protected from this vulnerability, once the update becomes available.

\n","unformattedDescription":"The security update for Microsoft Teams for Android is not immediately available. Customers running affected Microsoft Teams for would need to install the update to be protected from this vulnerability, once the update becomes available.","notificationNeeded":true,"notificationSent":true,"sourceId":"8e25e6be-cf52-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00003df041ff","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-32170","cveTitle":"Windows Rich Text Edit Elevation of Privilege Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T07:00:00-07:00","description":"

Double free in Windows Rich Text Edit Control allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-415: Double Free"],"cweDetailsListForSearch":["cwe: CWE-415: Double Free","cweUrl: https://cwe.mitre.org/data/definitions/415.html"],"unformattedDescription":"Double free in Windows Rich Text Edit Control allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-32170","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32170","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Rich Text Edit Control","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"6.7","temporalScore":"5.8","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-415: Double Free","https://cwe.mitre.org/data/definitions/415.html"]}],"articles":[{"articleType":"FAQ","description":"

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

\n

Successful exploitation of this vulnerability requires an attacker to win a race condition.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited the vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain administrator privileges.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability?

\n

An authorized attacker must send a victim a malicious and specially crafted file and convince them to open it.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, user interaction is required (UI:R) and privileges required is low (PR:L). What does that mean for this vulnerability?

\n

An authorized attacker must send the user a malicious file and convince the user to open it.

\n","ordinal":10000},{"title":"Windows Rich Text Edit Control Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Double free in Windows Rich Text Edit Control allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32170","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c9ed128b-9848-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-32170","version":1.1,"revisionDate":"2026-05-15T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Updated Hotpatch links. This is in informational change only.

\n","unformattedDescription":"Updated Hotpatch links. This is in informational change only.","notificationNeeded":false,"notificationSent":false,"sourceId":"9b54a559-8050-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000a17b9a5c","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-32161","cveTitle":"Windows Native WiFi Miniport Driver Remote Code Execution Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T07:00:00-07:00","description":"

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Native WiFi Miniport Driver allows an unauthorized attacker to execute code over an adjacent network.

\n","cweList":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","cweUrl: https://cwe.mitre.org/data/definitions/362.html","cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Native WiFi Miniport Driver allows an unauthorized attacker to execute code over an adjacent network.","mitreText":"CVE-2026-32161","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32161","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Native WiFi Miniport Driver","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"7.5","temporalScore":"6.5","vectorString":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","https://cwe.mitre.org/data/definitions/362.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"articleType":"FAQ","description":"

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

\n

Exploitation requires specific conditions, including particular network configurations and timing conditions, and has only been observed in limited scenarios. This means an attacker cannot reliably exploit the issue in all environments and may need favorable setup or circumstances for it to work.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS score, the attack vector is adjacent (AV:A). What does this mean for this vulnerability?

\n

This attack is limited to systems connected to the same network segment as the attacker. The attack cannot be performed across multiple networks (for example, a WAN) and would be limited to systems on the same network switch or virtual network.

\n","ordinal":10000},{"title":"Windows Native WiFi Miniport Driver Remote Code Execution Vulnerability","articleType":"100000000","description":"

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Native WiFi Miniport Driver allows an unauthorized attacker to execute code over an adjacent network.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32161","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"8b22d572-9848-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-32161","version":1.1,"revisionDate":"2026-05-15T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Updated Hotpatch links. This is in informational change only.

\n","unformattedDescription":"Updated Hotpatch links. This is in informational change only.","notificationNeeded":false,"notificationSent":false,"sourceId":"98967099-8050-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000094463e46","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-41614","cveTitle":"M365 Copilot for Desktop Spoofing Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Improper access control in M365 Copilot for Desktop allows an unauthorized attacker to perform spoofing locally.

\n","cweList":["CWE-284: Improper Access Control"],"cweDetailsListForSearch":["cwe: CWE-284: Improper Access Control","cweUrl: https://cwe.mitre.org/data/definitions/284.html"],"unformattedDescription":"Improper access control in M365 Copilot for Desktop allows an unauthorized attacker to perform spoofing locally.","mitreText":"CVE-2026-41614","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-41614","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"M365 Copilot for Desktop","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000008,"impact":"Spoofing","langCode":"en-US","baseScore":"6.2","temporalScore":"5.4","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-284: Improper Access Control","https://cwe.mitre.org/data/definitions/284.html"]}],"articles":[{"title":"M365 Copilot for Desktop Spoofing Vulnerability","articleType":"100000000","description":"

Improper access control in M365 Copilot for Desktop allows an unauthorized attacker to perform spoofing locally.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-41614","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ed4b6c60-c144-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-000036022b16","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-41612","cveTitle":"Visual Studio Code Information Disclosure Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Relative path traversal in Visual Studio Code allows an unauthorized attacker to disclose information locally.

\n","cweList":["CWE-23: Relative Path Traversal","CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"cweDetailsListForSearch":["cwe: CWE-23: Relative Path Traversal","cweUrl: https://cwe.mitre.org/data/definitions/23.html","cwe: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","cweUrl: https://cwe.mitre.org/data/definitions/22.html"],"unformattedDescription":"Relative path traversal in Visual Studio Code allows an unauthorized attacker to disclose information locally.","mitreText":"CVE-2026-41612","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-41612","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Visual Studio Code","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000003,"impact":"Information Disclosure","langCode":"en-US","baseScore":"5.5","temporalScore":"4.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-23: Relative Path Traversal","https://cwe.mitre.org/data/definitions/23.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","https://cwe.mitre.org/data/definitions/22.html"]}],"articles":[{"title":"Visual Studio Code Information Disclosure Vulnerability","articleType":"100000000","description":"

Relative path traversal in Visual Studio Code allows an unauthorized attacker to disclose information locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What type of information could be disclosed by this vulnerability?

\n

The type of information that could be disclosed if an attacker successfully exploited this vulnerability includes unauthorized access to the file system, specifically file path information.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

\n

Exploitation of this vulnerability requires that a user trigger the payload in the application.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-41612","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"326de172-a444-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-000065a4342e","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-41611","cveTitle":"Visual Studio Code Remote Code Execution Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Improper neutralization of script-related html tags in a web page (basic xss) in Visual Studio Code allows an unauthorized attacker to execute code locally.

\n","cweList":["CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)","CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')"],"cweDetailsListForSearch":["cwe: CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)","cweUrl: https://cwe.mitre.org/data/definitions/80.html","cwe: CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')","cweUrl: https://cwe.mitre.org/data/definitions/77.html"],"unformattedDescription":"Improper neutralization of script-related html tags in a web page (basic xss) in Visual Studio Code allows an unauthorized attacker to execute code locally.","mitreText":"CVE-2026-41611","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-41611","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Visual Studio Code","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)","https://cwe.mitre.org/data/definitions/80.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')","https://cwe.mitre.org/data/definitions/77.html"]}],"articles":[{"title":"Visual Studio Code Remote Code Execution Vulnerability","articleType":"100000000","description":"

Improper neutralization of script-related html tags in a web page (basic xss) in Visual Studio Code allows an unauthorized attacker to execute code locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

\n

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

\n

Exploitation of this vulnerability requires that a user trigger the payload in the application.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-41611","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"49b4cd04-a444-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00000019dcd0","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-41610","cveTitle":"Visual Studio Code Security Feature Bypass Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Improper neutralization of input during web page generation ('cross-site scripting') in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.

\n","cweList":["CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","CWE-59: Improper Link Resolution Before File Access ('Link Following')","CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"],"cweDetailsListForSearch":["cwe: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","cweUrl: https://cwe.mitre.org/data/definitions/79.html","cwe: CWE-59: Improper Link Resolution Before File Access ('Link Following')","cweUrl: https://cwe.mitre.org/data/definitions/59.html","cwe: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor","cweUrl: https://cwe.mitre.org/data/definitions/200.html"],"unformattedDescription":"Improper neutralization of input during web page generation ('cross-site scripting') in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.","mitreText":"CVE-2026-41610","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-41610","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Visual Studio Code","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000007,"impact":"Security Feature Bypass","langCode":"en-US","baseScore":"6.3","temporalScore":"5.5","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","https://cwe.mitre.org/data/definitions/79.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-59: Improper Link Resolution Before File Access ('Link Following')","https://cwe.mitre.org/data/definitions/59.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-200: Exposure of Sensitive Information to an Unauthorized Actor","https://cwe.mitre.org/data/definitions/200.html"]}],"articles":[{"title":"Visual Studio Code Security Feature Bypass Vulnerability","articleType":"100000000","description":"

Improper neutralization of input during web page generation ('cross-site scripting') in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?

\n

An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities.

\n","ordinal":10002},{"articleType":"FAQ","description":"

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

\n

Exploitation would require a user to open or view a maliciously crafted notebook so that the affected content is rendered.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-41610","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b8fc891b-a344-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000c3f31ff8","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-41109","cveTitle":"GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Improper neutralization of special elements in output used by a downstream component ('injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to bypass a security feature over a network.

\n","cweList":["CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')"],"cweDetailsListForSearch":["cwe: CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')","cweUrl: https://cwe.mitre.org/data/definitions/74.html"],"unformattedDescription":"Improper neutralization of special elements in output used by a downstream component ('injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to bypass a security feature over a network.","mitreText":"CVE-2026-41109","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-41109","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"GitHub Copilot and Visual Studio","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000007,"impact":"Security Feature Bypass","langCode":"en-US","baseScore":"8.8","temporalScore":"7.7","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')","https://cwe.mitre.org/data/definitions/74.html"]}],"articles":[{"title":"GitHub Copilot and Visual Studio Security Feature Bypass Vulnerability","articleType":"100000000","description":"

Improper neutralization of special elements in output used by a downstream component ('injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to bypass a security feature over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

\n

Exploitation of this vulnerability requires that an attacker convinces a user to open a maliciously crafted package file in Visual Studio.

\n","ordinal":10000},{"articleType":"FAQ","description":"

How could an attacker exploit this vulnerability?

\n

An attacker could exploit this vulnerability by embedding malicious instructions in user input or external content that is processed, causing it to bypass guardrails, treat those instructions as trusted, and execute unintended actions such as retrieving sensitive data..

\n","ordinal":10000},{"articleType":"FAQ","description":"

What kind of security feature could be bypassed by successfully exploiting this vulnerability?

\n

Successful exploitation could bypass the path validation safeguards that check which files may be changed and require user approval for sensitive locations, allowing changes to protected files without the user\u2019s knowledge or consent.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-41109","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"bb56c673-1f44-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00001af1edfa","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-41102","cveTitle":"Microsoft PowerPoint for Android Spoofing Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Improper access control in Microsoft Office PowerPoint allows an authorized attacker to perform spoofing locally.

\n","cweList":["CWE-284: Improper Access Control"],"cweDetailsListForSearch":["cwe: CWE-284: Improper Access Control","cweUrl: https://cwe.mitre.org/data/definitions/284.html"],"unformattedDescription":"Improper access control in Microsoft Office PowerPoint allows an authorized attacker to perform spoofing locally.","mitreText":"CVE-2026-41102","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-41102","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office PowerPoint","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000008,"impact":"Spoofing","langCode":"en-US","baseScore":"7.1","temporalScore":"6.2","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-284: Improper Access Control","https://cwe.mitre.org/data/definitions/284.html"]}],"articles":[{"articleType":"FAQ","description":"

Is the Preview Pane an attack vector for this vulnerability?

\n

No, the Preview Pane is not an attack vector.

\n","ordinal":10000},{"title":"Microsoft Office PowerPoint Spoofing Vulnerability","articleType":"100000000","description":"

Improper access control in Microsoft Office PowerPoint allows an authorized attacker to perform spoofing locally.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-41102","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"27205500-3243-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000eb4ee4e2","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-41101","cveTitle":"Microsoft Word for Android Spoofing Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Improper access control in Microsoft Office Word allows an authorized attacker to perform spoofing locally.

\n","cweList":["CWE-284: Improper Access Control"],"cweDetailsListForSearch":["cwe: CWE-284: Improper Access Control","cweUrl: https://cwe.mitre.org/data/definitions/284.html"],"unformattedDescription":"Improper access control in Microsoft Office Word allows an authorized attacker to perform spoofing locally.","mitreText":"CVE-2026-41101","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-41101","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office Word","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000008,"impact":"Spoofing","langCode":"en-US","baseScore":"7.1","temporalScore":"6.2","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-284: Improper Access Control","https://cwe.mitre.org/data/definitions/284.html"]}],"articles":[{"title":"Microsoft Office Word Spoofing Vulnerability","articleType":"100000000","description":"

Improper access control in Microsoft Office Word allows an authorized attacker to perform spoofing locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Is the Preview Pane an attack vector for this vulnerability?

\n

No, the Preview Pane is not an attack vector.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-41101","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f04628c1-3143-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-000050da3c40","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-41100","cveTitle":"Microsoft 365 Copilot for Android Spoofing Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Improper access control in M365 Copilot allows an authorized attacker to perform spoofing locally.

\n","cweList":["CWE-284: Improper Access Control"],"cweDetailsListForSearch":["cwe: CWE-284: Improper Access Control","cweUrl: https://cwe.mitre.org/data/definitions/284.html"],"unformattedDescription":"Improper access control in M365 Copilot allows an authorized attacker to perform spoofing locally.","mitreText":"CVE-2026-41100","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-41100","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"M365 Copilot","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000008,"impact":"Spoofing","langCode":"en-US","baseScore":"4.4","temporalScore":"3.9","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-284: Improper Access Control","https://cwe.mitre.org/data/definitions/284.html"]}],"articles":[{"title":"M365 Copilot Spoofing Vulnerability","articleType":"100000000","description":"

Improper access control in M365 Copilot allows an authorized attacker to perform spoofing locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L), and integrity (I:L) but lead to no loss of availability (A:N). What is the impact of this vulnerability?

\n

An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality), make changes to disclosed information (Integrity), but cannot limit access to the resource (Availability).

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-41100","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"070e2c01-3143-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-000038f2fe26","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-41096","cveTitle":"Windows DNS Client Remote Code Execution Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network.

\n","cweList":["CWE-122: Heap-based Buffer Overflow"],"cweDetailsListForSearch":["cwe: CWE-122: Heap-based Buffer Overflow","cweUrl: https://cwe.mitre.org/data/definitions/122.html"],"unformattedDescription":"Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network.","mitreText":"CVE-2026-41096","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-41096","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Windows DNS","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"9.8","temporalScore":"8.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-122: Heap-based Buffer Overflow","https://cwe.mitre.org/data/definitions/122.html"]}],"articles":[{"title":"Microsoft Windows DNS Remote Code Execution Vulnerability","articleType":"100000000","description":"

Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

How could an attacker exploit the vulnerability?

\n

An attacker could exploit this vulnerability by sending a specially crafted DNS response to a vulnerable Windows system, causing the DNS Client to incorrectly process the response and corrupt memory. In certain configurations, this could allow the attacker to run code remotely on the affected system without authentication.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-41096","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"4707fb6d-bb40-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000d366a6c9","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-41095","cveTitle":"Data Deduplication Elevation of Privilege Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Use after free in Data Deduplication allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Data Deduplication allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-41095","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-41095","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Data Deduplication","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000},{"title":"Data Deduplication Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Use after free in Data Deduplication allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-41095","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"03a6a7a2-3440-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00006edb4d6c","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-41094","cveTitle":"Microsoft Data Formulator Remote Code Execution Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Improper control of generation of code ('code injection') in Microsoft Data Formulator allows an unauthorized attacker to execute code over a network.

\n","cweList":["CWE-94: Improper Control of Generation of Code ('Code Injection')"],"cweDetailsListForSearch":["cwe: CWE-94: Improper Control of Generation of Code ('Code Injection')","cweUrl: https://cwe.mitre.org/data/definitions/94.html"],"unformattedDescription":"Improper control of generation of code ('code injection') in Microsoft Data Formulator allows an unauthorized attacker to execute code over a network.","mitreText":"CVE-2026-41094","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-41094","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Data Formulator","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"8.8","temporalScore":"7.7","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-94: Improper Control of Generation of Code ('Code Injection')","https://cwe.mitre.org/data/definitions/94.html"]}],"articles":[{"title":"Microsoft Data Formulator Remote Code Execution Vulnerability","articleType":"100000000","description":"

Improper control of generation of code ('code injection') in Microsoft Data Formulator allows an unauthorized attacker to execute code over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, the attack vector is network (AV:N) and user interaction is required (UI:R). What is the target context of the remote code execution?

\n

The vulnerability can be exploited remotely over the network without administrative privileges, but exploitation requires user interaction to trigger processing of user\u2011supplied input by the affected service.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-41094","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d627dcf5-2a40-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-000040394454","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-41089","cveTitle":"Windows Netlogon Remote Code Execution Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network.

\n","cweList":["CWE-121: Stack-based Buffer Overflow"],"cweDetailsListForSearch":["cwe: CWE-121: Stack-based Buffer Overflow","cweUrl: https://cwe.mitre.org/data/definitions/121.html"],"unformattedDescription":"Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network.","mitreText":"CVE-2026-41089","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-41089","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Netlogon","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"9.8","temporalScore":"8.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-121: Stack-based Buffer Overflow","https://cwe.mitre.org/data/definitions/121.html"]}],"articles":[{"title":"Windows Netlogon Remote Code Execution Vulnerability","articleType":"100000000","description":"

Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

How could an attacker exploit this vulnerability?

\n

An attacker could send a specially crafted network request to a Windows server that is acting as a domain controller. If successful, this could cause the Netlogon service to improperly handle the request, potentially allowing the attacker to run code on the affected system without needing to sign in or have prior access.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-41089","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"8b695750-f03f-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000dbadebf6","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-41088","cveTitle":"Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

External control of file name or path in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-73: External Control of File Name or Path"],"cweDetailsListForSearch":["cwe: CWE-73: External Control of File Name or Path","cweUrl: https://cwe.mitre.org/data/definitions/73.html"],"unformattedDescription":"External control of file name or path in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-41088","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-41088","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Ancillary Function Driver for WinSock","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-73: External Control of File Name or Path","https://cwe.mitre.org/data/definitions/73.html"]}],"articles":[{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000},{"title":"Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability","articleType":"100000000","description":"

External control of file name or path in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-41088","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"1df3f50a-ec3f-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-000079b4601d","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-40421","cveTitle":"Microsoft Word Information Disclosure Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

External control of file name or path in Microsoft Office Word allows an unauthorized attacker to disclose information over a network.

\n","cweList":["CWE-73: External Control of File Name or Path"],"cweDetailsListForSearch":["cwe: CWE-73: External Control of File Name or Path","cweUrl: https://cwe.mitre.org/data/definitions/73.html"],"unformattedDescription":"External control of file name or path in Microsoft Office Word allows an unauthorized attacker to disclose information over a network.","mitreText":"CVE-2026-40421","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-40421","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office Word","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000003,"impact":"Information Disclosure","langCode":"en-US","baseScore":"4.3","temporalScore":"3.8","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-73: External Control of File Name or Path","https://cwe.mitre.org/data/definitions/73.html"]}],"articles":[{"title":"Microsoft Outlook Information Disclosure Vulnerability","articleType":"VulnerabilityDescription","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

\n

An attacker must send a user a malicious Office file and convince them to open it.

\n","ordinal":10000},{"title":"Microsoft Office Word Information Disclosure Vulnerability","articleType":"100000000","description":"

External control of file name or path in Microsoft Office Word allows an unauthorized attacker to disclose information over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What type of information could be disclosed by this vulnerability?

\n

Exploiting this vulnerability could allow the disclosure of NTLM hashes.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L),but lead to no loss of availability (A:N) and integrity (I:N)? What does that mean for this vulnerability?

\n

An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability).

\n","ordinal":10000},{"articleType":"FAQ","description":"

Is the Preview Pane an attack vector for this vulnerability?

\n

No, the Preview Pane is not an attack vector.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-40421","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"babc650d-5c3f-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-000054599c32","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-40419","cveTitle":"Microsoft Office Click-To-Run Elevation of Privilege Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-40419","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-40419","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"title":"Microsoft Office Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Is the Preview Pane an attack vector for this vulnerability?

\n

No, the Preview Pane is not an attack vector.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-40419","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"22cbb289-2b3f-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000daf8734d","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-40417","cveTitle":"Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Weak authentication in Dynamics Business Central allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-1390: Weak Authentication"],"cweDetailsListForSearch":["cwe: CWE-1390: Weak Authentication","cweUrl: https://cwe.mitre.org/data/definitions/1390.html"],"unformattedDescription":"Weak authentication in Dynamics Business Central allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-40417","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-40417","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Dynamics Business Central","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-1390: Weak Authentication","https://cwe.mitre.org/data/definitions/1390.html"]}],"articles":[{"title":"Dynamics Business Central Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Weak authentication in Dynamics Business Central allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-40417","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"5ebdbfe1-853e-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-000010e2c292","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-40415","cveTitle":"Windows TCP/IP Remote Code Execution Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Use after free in Windows TCP/IP allows an unauthorized attacker to execute code over a network.

\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Windows TCP/IP allows an unauthorized attacker to execute code over a network.","mitreText":"CVE-2026-40415","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-40415","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows TCP/IP","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"8.1","temporalScore":"7.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"title":"Windows TCP/IP Remote Code Execution Vulnerability","articleType":"100000000","description":"

Use after free in Windows TCP/IP allows an unauthorized attacker to execute code over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

\n

Successful exploitation requires the target system to be under sustained low-memory (memory pressure) conditions, which are not commonly present in normal operation. This makes the vulnerability difficult to reliably trigger, as the attacker must first induce or wait for a constrained memory state before exploitation becomes possible.

\n","ordinal":10000},{"articleType":"FAQ","description":"

How could an attacker exploit this vulnerability?

\n

An attacker could exploit this vulnerability by sending specially crafted malicious traffic to a vulnerable server.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-40415","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"8fc7448a-ec3d-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000ab566a35","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-40414","cveTitle":"Windows TCP/IP Denial of Service Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over an adjacent network.

\n","cweList":["CWE-476: NULL Pointer Dereference"],"cweDetailsListForSearch":["cwe: CWE-476: NULL Pointer Dereference","cweUrl: https://cwe.mitre.org/data/definitions/476.html"],"unformattedDescription":"Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over an adjacent network.","mitreText":"CVE-2026-40414","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-40414","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows TCP/IP","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000001,"impact":"Denial of Service","langCode":"en-US","baseScore":"7.4","temporalScore":"6.4","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-476: NULL Pointer Dereference","https://cwe.mitre.org/data/definitions/476.html"]}],"articles":[{"articleType":"FAQ","description":"

According to the CVSS score, the attack vector is adjacent (AV:A). What does this mean for this vulnerability?

\n

This attack is limited to systems connected to the same network segment as the attacker. The attack cannot be performed across multiple networks (for example, a WAN) and would be limited to systems on the same network switch or virtual network.

\n","ordinal":10000},{"title":"Windows TCP/IP Denial of Service Vulnerability","articleType":"100000000","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?

\n

In this case, a successful attack could be performed from a low privilege Hyper-V guest. The attacker could traverse the guest's security boundary to cause denial of service on the Hyper-V host environment.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-40414","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ba969978-ec3d-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000172908c0","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-40410","cveTitle":"Windows SMB Client Elevation of Privilege Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Use after free in Windows SMB Client allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Windows SMB Client allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-40410","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-40410","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows SMB Client","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.0","temporalScore":"6.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"articleType":"FAQ","description":"

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

\n

Successful exploitation of this vulnerability requires an attacker to win a race condition.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000},{"title":"Windows SMB Client Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Use after free in Windows SMB Client allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-40410","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"4b9d50b8-d43d-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000eecd43d5","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-40408","cveTitle":"Windows WAN ARP Driver Elevation of Privilege Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-40408","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-40408","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Kernel-Mode Drivers","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"title":"Windows Kernel-Mode Drivers Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-40408","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c76f4e27-d43d-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000d9f8734d","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-40407","cveTitle":"Windows Common Log File System Driver Elevation of Privilege Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-122: Heap-based Buffer Overflow"],"cweDetailsListForSearch":["cwe: CWE-122: Heap-based Buffer Overflow","cweUrl: https://cwe.mitre.org/data/definitions/122.html"],"unformattedDescription":"Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-40407","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-40407","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Common Log File System Driver","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-122: Heap-based Buffer Overflow","https://cwe.mitre.org/data/definitions/122.html"]}],"articles":[{"title":"Windows Common Log File System Driver Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-40407","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"619ef011-d43d-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000746d1bf0","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-40406","cveTitle":"Windows TCP/IP Information Disclosure Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Use after free in Windows TCP/IP allows an unauthorized attacker to disclose information over a network.

\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Windows TCP/IP allows an unauthorized attacker to disclose information over a network.","mitreText":"CVE-2026-40406","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-40406","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows TCP/IP","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000003,"impact":"Information Disclosure","langCode":"en-US","baseScore":"7.5","temporalScore":"6.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"title":"Windows TCP/IP Information Disclosure Vulnerability","articleType":"100000000","description":"

Use after free in Windows TCP/IP allows an unauthorized attacker to disclose information over a network.

\n","ordinal":10000},{"title":"Kernel Memory Information Disclosure","articleType":"FAQ","description":"

What type of information could be disclosed by this vulnerability?

\n

Exploiting this vulnerability could allow the disclosure of certain kernel memory content.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-40406","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b84bdcac-d33d-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00000fe2c292","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-40405","cveTitle":"Windows TCP/IP Denial of Service Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over a network.

\n","cweList":["CWE-476: NULL Pointer Dereference"],"cweDetailsListForSearch":["cwe: CWE-476: NULL Pointer Dereference","cweUrl: https://cwe.mitre.org/data/definitions/476.html"],"unformattedDescription":"Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over a network.","mitreText":"CVE-2026-40405","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-40405","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows TCP/IP","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000001,"impact":"Denial of Service","langCode":"en-US","baseScore":"7.5","temporalScore":"6.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-476: NULL Pointer Dereference","https://cwe.mitre.org/data/definitions/476.html"]}],"articles":[{"title":"Windows TCP/IP Denial of Service Vulnerability","articleType":"100000000","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-40405","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"928c4b52-d33d-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000e5e3f308","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-40399","cveTitle":"Windows TCP/IP Elevation of Privilege Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Stack-based buffer overflow in Windows TCP/IP allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-121: Stack-based Buffer Overflow"],"cweDetailsListForSearch":["cwe: CWE-121: Stack-based Buffer Overflow","cweUrl: https://cwe.mitre.org/data/definitions/121.html"],"unformattedDescription":"Stack-based buffer overflow in Windows TCP/IP allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-40399","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-40399","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows TCP/IP","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-121: Stack-based Buffer Overflow","https://cwe.mitre.org/data/definitions/121.html"]}],"articles":[{"title":"Windows TCP/IP Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Stack-based buffer overflow in Windows TCP/IP allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-40399","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"459d3566-cf3d-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-000071ca1051","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-40380","cveTitle":"Windows Volume Manager Extension Driver Remote Code Execution Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Heap-based buffer overflow in Volume Manager Extension Driver allows an authorized attacker to execute code with a physical attack.

\n","cweList":["CWE-122: Heap-based Buffer Overflow","CWE-125: Out-of-bounds Read","CWE-197: Numeric Truncation Error"],"cweDetailsListForSearch":["cwe: CWE-122: Heap-based Buffer Overflow","cweUrl: https://cwe.mitre.org/data/definitions/122.html","cwe: CWE-125: Out-of-bounds Read","cweUrl: https://cwe.mitre.org/data/definitions/125.html","cwe: CWE-197: Numeric Truncation Error","cweUrl: https://cwe.mitre.org/data/definitions/197.html"],"unformattedDescription":"Heap-based buffer overflow in Volume Manager Extension Driver allows an authorized attacker to execute code with a physical attack.","mitreText":"CVE-2026-40380","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-40380","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Volume Manager Extension Driver","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"6.2","temporalScore":"5.4","vectorString":"CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-122: Heap-based Buffer Overflow","https://cwe.mitre.org/data/definitions/122.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-125: Out-of-bounds Read","https://cwe.mitre.org/data/definitions/125.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-197: Numeric Truncation Error","https://cwe.mitre.org/data/definitions/197.html"]}],"articles":[{"articleType":"FAQ","description":"

According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability?

\n

To successfully exploit this vulnerability, an attacker or the targeted user would need to achieve a high level of control over a machine, as the attack requires access to processes typically restricted from average users.

\n

Essentially, the exploitation necessitates elevated privileges on the compromised machine due to the requirement of manipulating processes beyond the reach of standard user permissions.

\n","ordinal":10000},{"title":"Volume Manager Extension Driver Remote Code Execution Vulnerability","articleType":"100000000","description":"

Heap-based buffer overflow in Volume Manager Extension Driver allows an authorized attacker to execute code with a physical attack.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-40380","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"4baf873b-d33c-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000b1faa4c3","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-40377","cveTitle":"Microsoft Cryptographic Services Elevation of Privilege Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Heap-based buffer overflow in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-122: Heap-based Buffer Overflow"],"cweDetailsListForSearch":["cwe: CWE-122: Heap-based Buffer Overflow","cweUrl: https://cwe.mitre.org/data/definitions/122.html"],"unformattedDescription":"Heap-based buffer overflow in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-40377","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-40377","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Cryptographic Services","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-122: Heap-based Buffer Overflow","https://cwe.mitre.org/data/definitions/122.html"]}],"articles":[{"title":"Windows Cryptographic Services Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Heap-based buffer overflow in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-40377","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"604bdac7-a63a-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000e09caedb","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-40374","cveTitle":"Microsoft Power Automate Desktop Information Disclosure Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Exposure of sensitive information to an unauthorized actor in Power Automate allows an authorized attacker to disclose information over a network.

\n","cweList":["CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"],"cweDetailsListForSearch":["cwe: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor","cweUrl: https://cwe.mitre.org/data/definitions/200.html"],"unformattedDescription":"Exposure of sensitive information to an unauthorized actor in Power Automate allows an authorized attacker to disclose information over a network.","mitreText":"CVE-2026-40374","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-40374","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Power Automate","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000003,"impact":"Information Disclosure","langCode":"en-US","baseScore":"6.5","temporalScore":"5.7","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-200: Exposure of Sensitive Information to an Unauthorized Actor","https://cwe.mitre.org/data/definitions/200.html"]}],"articles":[{"title":"Power Automate Information Disclosure Vulnerability","articleType":"100000000","description":"

Exposure of sensitive information to an unauthorized actor in Power Automate allows an authorized attacker to disclose information over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What type of information could be disclosed by this vulnerability?

\n

This vulnerability could expose values stored in variables that were marked as \u201cSensitive\u201d within Power Automate Desktop flows. Due to a logging issue, these sensitive variable values may appear in execution logs uploaded to the Power Automate portal and be viewable by users with Owner, Co-Owner, or Runner permissions for the affected desktop flow.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-40374","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"8f28452d-893a-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00004b6f4c66","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-40368","cveTitle":"Microsoft SharePoint Server Remote Code Execution Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

\n","cweList":["CWE-502: Deserialization of Untrusted Data"],"cweDetailsListForSearch":["cwe: CWE-502: Deserialization of Untrusted Data","cweUrl: https://cwe.mitre.org/data/definitions/502.html"],"unformattedDescription":"Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.","mitreText":"CVE-2026-40368","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-40368","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office SharePoint","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"8.0","temporalScore":"7.0","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-502: Deserialization of Untrusted Data","https://cwe.mitre.org/data/definitions/502.html"]}],"articles":[{"title":"Microsoft Office SharePoint Remote Code Execution Vulnerability","articleType":"100000000","description":"

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?

\n

This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on the client.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?

\n

Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.

\n","ordinal":10000},{"articleType":"FAQ","description":"

I am running SharePoint Server 2016. Do the updates for SharePoint Enterprise Server 2016 also apply to the version I am running?

\n

Yes. The same KB number applies to both SharePoint Server 2016 and SharePoint Enterprise Server 2016. Customers running either version should install the security update to be protected from this vulnerability.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-40368","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f77cbbaf-cb39-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00001586fd20","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-40366","cveTitle":"Microsoft Word Remote Code Execution Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.","mitreText":"CVE-2026-40366","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-40366","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office Word","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"8.4","temporalScore":"7.3","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"title":"Microsoft Office Word Remote Code Execution Vulnerability","articleType":"100000000","description":"

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Is the Preview Pane an attack vector for this vulnerability?

\n

Yes, the Preview Pane is an attack vector.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

\n

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-40366","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"6a780e2f-cb39-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000df9caedb","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-40364","cveTitle":"Microsoft Word Remote Code Execution Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.

\n","cweList":["CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')","CWE-908: Use of Uninitialized Resource","CWE-122: Heap-based Buffer Overflow"],"cweDetailsListForSearch":["cwe: CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')","cweUrl: https://cwe.mitre.org/data/definitions/843.html","cwe: CWE-908: Use of Uninitialized Resource","cweUrl: https://cwe.mitre.org/data/definitions/908.html","cwe: CWE-122: Heap-based Buffer Overflow","cweUrl: https://cwe.mitre.org/data/definitions/122.html"],"unformattedDescription":"Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.","mitreText":"CVE-2026-40364","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-40364","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":1,"latestSoftwareRelease":"Exploitation More Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office Word","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"8.4","temporalScore":"7.3","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')","https://cwe.mitre.org/data/definitions/843.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-908: Use of Uninitialized Resource","https://cwe.mitre.org/data/definitions/908.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-122: Heap-based Buffer Overflow","https://cwe.mitre.org/data/definitions/122.html"]}],"articles":[{"title":"Microsoft Office Word Remote Code Execution Vulnerability","articleType":"100000000","description":"

Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Is the Preview Pane an attack vector for this vulnerability?

\n

Yes, the Preview Pane is an attack vector.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

\n

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.

\n

For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-40364","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"482820ff-c939-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-000044280739","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-40363","cveTitle":"Microsoft Office Remote Code Execution Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

\n","cweList":["CWE-122: Heap-based Buffer Overflow"],"cweDetailsListForSearch":["cwe: CWE-122: Heap-based Buffer Overflow","cweUrl: https://cwe.mitre.org/data/definitions/122.html"],"unformattedDescription":"Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.","mitreText":"CVE-2026-40363","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-40363","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"8.4","temporalScore":"7.3","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-122: Heap-based Buffer Overflow","https://cwe.mitre.org/data/definitions/122.html"]}],"articles":[{"title":"Microsoft Office Remote Code Execution Vulnerability","articleType":"100000000","description":"

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Is the Preview Pane an attack vector for this vulnerability?

\n

Yes, the Preview Pane is an attack vector.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

\n

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-40363","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"de17f4df-c939-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-000073ca1051","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-40360","cveTitle":"Microsoft Excel Information Disclosure Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

\n","cweList":["CWE-125: Out-of-bounds Read"],"cweDetailsListForSearch":["cwe: CWE-125: Out-of-bounds Read","cweUrl: https://cwe.mitre.org/data/definitions/125.html"],"unformattedDescription":"Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.","mitreText":"CVE-2026-40360","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-40360","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office Excel","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000003,"impact":"Information Disclosure","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-125: Out-of-bounds Read","https://cwe.mitre.org/data/definitions/125.html"]}],"articles":[{"title":"Microsoft Office Excel Information Disclosure Vulnerability","articleType":"100000000","description":"

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

\n","ordinal":10000},{"title":"Microsoft Office Excel Information Disclosure Vulnerability","articleType":"100000000","description":"

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What type of information could be disclosed by this vulnerability?

\n

An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

\n

An attacker must send a user a malicious Office file and convince them to open it.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Is the Preview Pane an attack vector for this vulnerability?

\n

No, the Preview Pane is not an attack vector.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-40360","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"dccd8e5e-c839-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000baee30d3","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-35440","cveTitle":"Microsoft Word Information Disclosure Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally.

\n","cweList":["CWE-552: Files or Directories Accessible to External Parties"],"cweDetailsListForSearch":["cwe: CWE-552: Files or Directories Accessible to External Parties","cweUrl: https://cwe.mitre.org/data/definitions/552.html"],"unformattedDescription":"Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally.","mitreText":"CVE-2026-35440","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-35440","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office Word","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000003,"impact":"Information Disclosure","langCode":"en-US","baseScore":"5.5","temporalScore":"4.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-552: Files or Directories Accessible to External Parties","https://cwe.mitre.org/data/definitions/552.html"]}],"articles":[{"title":"Microsoft Office Word Information Disclosure Vulnerability","articleType":"100000000","description":"

Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What type of information could be disclosed by this vulnerability?

\n

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the local memory address.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Is the Preview Pane an attack vector for this vulnerability?

\n

No, the Preview Pane is not an attack vector.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

\n

An attacker must send a user a malicious email and convince a user to reply it.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-35440","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"2441ea18-c739-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00002608148b","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-35439","cveTitle":"Microsoft SharePoint Server Remote Code Execution Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

\n","cweList":["CWE-502: Deserialization of Untrusted Data"],"cweDetailsListForSearch":["cwe: CWE-502: Deserialization of Untrusted Data","cweUrl: https://cwe.mitre.org/data/definitions/502.html"],"unformattedDescription":"Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.","mitreText":"CVE-2026-35439","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-35439","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office SharePoint","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"8.8","temporalScore":"7.7","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-502: Deserialization of Untrusted Data","https://cwe.mitre.org/data/definitions/502.html"]}],"articles":[{"articleType":"FAQ","description":"

According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?

\n

Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.

\n","ordinal":10000},{"articleType":"FAQ","description":"

How could an attacker exploit the vulnerability?

\n

In a network-based attack, an attacker authenticated as at least a Site Owner, could write arbitrary code to inject and execute code remotely on the SharePoint Server.

\n","ordinal":10000},{"articleType":"FAQ","description":"

I am running SharePoint Server 2016. Do the updates for SharePoint Enterprise Server 2016 also apply to the version I am running?

\n

Yes. The same KB number applies to both SharePoint Server 2016 and SharePoint Enterprise Server 2016. Customers running either version should install the security update to be protected from this vulnerability.

\n","ordinal":10000},{"title":"Microsoft Office SharePoint Remote Code Execution Vulnerability","articleType":"100000000","description":"

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-35439","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"eb3830e9-c639-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00008b936ce8","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-35438","cveTitle":"Windows Admin Center Elevation of Privilege Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Missing authorization in Windows Admin Center allows an authorized attacker to elevate privileges over a network.

\n","cweList":["CWE-862: Missing Authorization"],"cweDetailsListForSearch":["cwe: CWE-862: Missing Authorization","cweUrl: https://cwe.mitre.org/data/definitions/862.html"],"unformattedDescription":"Missing authorization in Windows Admin Center allows an authorized attacker to elevate privileges over a network.","mitreText":"CVE-2026-35438","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-35438","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Admin Center","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"8.3","temporalScore":"7.2","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-862: Missing Authorization","https://cwe.mitre.org/data/definitions/862.html"]}],"articles":[{"articleType":"FAQ","description":"

According to the CVSS metrics, successful exploitation of this vulnerability could lead to a minor loss of confidentiality (C:L), but major integrity (I:H), and availability (A:H). What does that mean for this vulnerability?

\n

Successful exploitation primarily allows a low-privileged attacker to perform unauthorized actions that affect the system\u2019s integrity and availability. Specifically, the attacker could install an arbitrary available Windows Admin Center version from the update catalog, which can overwrite or alter the existing installation and disrupt normal operation. This is why integrity and availability are rated as high impact.

\n

The impact to confidentiality is considered limited because exploitation does not directly expose sensitive information. However, there is a potential for indirect confidentiality impact if the attacker installs a version that contains known information disclosure issues or weaker security protections.

\n","ordinal":10000},{"title":"Windows Admin Center Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Missing authorization in Windows Admin Center allows an authorized attacker to elevate privileges over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited the vulnerability?

\n

An authenticated attacker with low privileges could gain the ability to perform actions that should require higher\u2011level permissions. Specifically, they could install an arbitrary available Windows Admin Center version from the update catalog. This includes reinstalling the current version, installing older versions, or installing any other available version that is not the latest\u2014including versions that may contain known vulnerabilities.

\n

This effectively allows the attacker to make unauthorized changes to the software configuration beyond what their assigned access level is intended to permit.

\n","ordinal":10000},{"articleType":"FAQ","description":"

How could an attacker exploit this vulnerability?

\n

An authenticated attacker with low\u2011privileged access could exploit this vulnerability by sending a specially crafted request to the affected Windows Admin Center update API, allowing them to perform actions that their assigned permissions should not normally permit.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-35438","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"21e3b605-ba39-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000844c27bb","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-35433","cveTitle":".NET Elevation of Privilege Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-14T07:00:00-07:00","description":"

Improper input validation in .NET allows an unauthorized attacker to elevate privileges locally.

\n","cweList":["CWE-20: Improper Input Validation","CWE-190: Integer Overflow or Wraparound"],"cweDetailsListForSearch":["cwe: CWE-20: Improper Input Validation","cweUrl: https://cwe.mitre.org/data/definitions/20.html","cwe: CWE-190: Integer Overflow or Wraparound","cweUrl: https://cwe.mitre.org/data/definitions/190.html"],"unformattedDescription":"Improper input validation in .NET allows an unauthorized attacker to elevate privileges locally.","mitreText":"CVE-2026-35433","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-35433","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":".NET","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.3","temporalScore":"6.4","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-20: Improper Input Validation","https://cwe.mitre.org/data/definitions/20.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-190: Integer Overflow or Wraparound","https://cwe.mitre.org/data/definitions/190.html"]}],"articles":[{"title":".NET Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Improper input validation in .NET allows an unauthorized attacker to elevate privileges locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

\n

Exploitation of this vulnerability requires that a user trigger the payload in the application.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), and integrity (I:H), and some loss of availability (A:L). What does that mean for this vulnerability?

\n

An attacker who successfully exploited this vulnerability could view sensitive information (Confidentiality) and modify code in the repo, (Integrity), and they might be able to interfere with availability of the code (Availability).

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-35433","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c005419c-f938-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-35433","version":2,"revisionDate":"2026-05-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

New .NET Framework Packages have been added

\n","unformattedDescription":"New .NET Framework Packages have been added","notificationNeeded":false,"notificationSent":false,"sourceId":"a294dbcf-ad4f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000020c1ce5d","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-35424","cveTitle":"Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Missing release of memory after effective lifetime in Windows Internet Key Exchange (IKE) Protocol allows an unauthorized attacker to deny service over a network.

\n","cweList":["CWE-401: Missing Release of Memory after Effective Lifetime"],"cweDetailsListForSearch":["cwe: CWE-401: Missing Release of Memory after Effective Lifetime","cweUrl: https://cwe.mitre.org/data/definitions/401.html"],"unformattedDescription":"Missing release of memory after effective lifetime in Windows Internet Key Exchange (IKE) Protocol allows an unauthorized attacker to deny service over a network.","mitreText":"CVE-2026-35424","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-35424","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Internet Key Exchange (IKE) Protocol","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000001,"impact":"Denial of Service","langCode":"en-US","baseScore":"7.5","temporalScore":"6.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-401: Missing Release of Memory after Effective Lifetime","https://cwe.mitre.org/data/definitions/401.html"]}],"articles":[{"title":"Windows Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability","articleType":"100000000","description":"

Missing release of memory after effective lifetime in Windows Internet Key Exchange (IKE) Protocol allows an unauthorized attacker to deny service over a network.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-35424","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"66c26983-d536-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000854c27bb","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-35423","cveTitle":"Windows 11 Telnet Client Information Disclosure Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Out-of-bounds read in Telnet Client allows an unauthorized attacker to disclose information over a network.

\n","cweList":["CWE-125: Out-of-bounds Read"],"cweDetailsListForSearch":["cwe: CWE-125: Out-of-bounds Read","cweUrl: https://cwe.mitre.org/data/definitions/125.html"],"unformattedDescription":"Out-of-bounds read in Telnet Client allows an unauthorized attacker to disclose information over a network.","mitreText":"CVE-2026-35423","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-35423","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Telnet Client","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000003,"impact":"Information Disclosure","langCode":"en-US","baseScore":"5.4","temporalScore":"4.7","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-125: Out-of-bounds Read","https://cwe.mitre.org/data/definitions/125.html"]}],"articles":[{"title":"Telnet Client Information Disclosure Vulnerability","articleType":"100000000","description":"

Out-of-bounds read in Telnet Client allows an unauthorized attacker to disclose information over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L), no loss to integrity (I:N) and lead to some loss of availability (A:L). What is the impact of this vulnerability?

\n

Successful exploitation of this vulnerability could allow an attacker to access limited sensitive information from system memory and may cause intermittent interruptions or reduced performance in the affected application. However, it would not allow the attacker to modify data.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What type of information could be disclosed by this vulnerability?

\n

An attacker could potentially read limited portions of memory from the affected system, which may include sensitive information being processed by the Telnet client at the time of the connection.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

\n

For this vulnerability to be exploited, a user would need to initiate a Telnet connection to a malicious or compromised server, allowing specially crafted authentication responses to be processed by the Telnet client. Successful exploitation requires a user to take an action before the vulnerability can be triggered.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-35423","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"fb204e44-d536-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000ead77f18","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-35422","cveTitle":"Windows TCP/IP Driver Security Feature Bypass Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Authentication bypass using an alternate path or channel in Windows TCP/IP allows an authorized attacker to bypass a security feature over a network.

\n","cweList":["CWE-288: Authentication Bypass Using an Alternate Path or Channel"],"cweDetailsListForSearch":["cwe: CWE-288: Authentication Bypass Using an Alternate Path or Channel","cweUrl: https://cwe.mitre.org/data/definitions/288.html"],"unformattedDescription":"Authentication bypass using an alternate path or channel in Windows TCP/IP allows an authorized attacker to bypass a security feature over a network.","mitreText":"CVE-2026-35422","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-35422","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows TCP/IP","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000007,"impact":"Security Feature Bypass","langCode":"en-US","baseScore":"6.5","temporalScore":"5.7","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-288: Authentication Bypass Using an Alternate Path or Channel","https://cwe.mitre.org/data/definitions/288.html"]}],"articles":[{"title":"Windows TCP/IP Security Feature Bypass Vulnerability","articleType":"100000000","description":"

Authentication bypass using an alternate path or channel in Windows TCP/IP allows an authorized attacker to bypass a security feature over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What kind of security feature could be bypassed by successfully exploiting this vulnerability?

\n

An attacker who successfully exploited this vulnerability could bypass IPsec execution policy enforcement, allowing them to circumvent the rules and restrictions that govern how IPsec is applied. This could enable unauthorized or untrusted network communications to proceed without the intended security protections being enforced.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-35422","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a6c97ed0-d436-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00004f63d875","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-35421","cveTitle":"Windows GDI Remote Code Execution Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Heap-based buffer overflow in Windows GDI allows an unauthorized attacker to execute code locally.

\n","cweList":["CWE-122: Heap-based Buffer Overflow"],"cweDetailsListForSearch":["cwe: CWE-122: Heap-based Buffer Overflow","cweUrl: https://cwe.mitre.org/data/definitions/122.html"],"unformattedDescription":"Heap-based buffer overflow in Windows GDI allows an unauthorized attacker to execute code locally.","mitreText":"CVE-2026-35421","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-35421","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows GDI","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-122: Heap-based Buffer Overflow","https://cwe.mitre.org/data/definitions/122.html"]}],"articles":[{"title":"Windows GDI Remote Code Execution Vulnerability","articleType":"100000000","description":"

Heap-based buffer overflow in Windows GDI allows an unauthorized attacker to execute code locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

\n

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

\n

For this vulnerability to be exploited, a user would need to open or otherwise process a specially crafted Enhanced Metafile (EMF) file using Microsoft Paint. This action is necessary to trigger the affected graphics functionality in the Windows component.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-35421","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c64363bd-d336-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000b4ee30d3","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-35420","cveTitle":"Windows Kernel Elevation of Privilege Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-122: Heap-based Buffer Overflow"],"cweDetailsListForSearch":["cwe: CWE-122: Heap-based Buffer Overflow","cweUrl: https://cwe.mitre.org/data/definitions/122.html"],"unformattedDescription":"Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-35420","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-35420","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Kernel","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-122: Heap-based Buffer Overflow","https://cwe.mitre.org/data/definitions/122.html"]}],"articles":[{"title":"Windows Kernel Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-35420","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e2fdd4f9-d036-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00002808148b","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-35419","cveTitle":"Windows DWM Core Library Information Disclosure Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.

\n","cweList":["CWE-125: Out-of-bounds Read"],"cweDetailsListForSearch":["cwe: CWE-125: Out-of-bounds Read","cweUrl: https://cwe.mitre.org/data/definitions/125.html"],"unformattedDescription":"Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.","mitreText":"CVE-2026-35419","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-35419","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows DWM Core Library","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000003,"impact":"Information Disclosure","langCode":"en-US","baseScore":"5.5","temporalScore":"4.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-125: Out-of-bounds Read","https://cwe.mitre.org/data/definitions/125.html"]}],"articles":[{"title":"Windows DWM Core Library Information Disclosure Vulnerability","articleType":"100000000","description":"

Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What type of information could be disclosed by this vulnerability?

\n

An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-35419","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"1267c085-d036-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00008d936ce8","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-35418","cveTitle":"Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-416: Use After Free","CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html","cwe: CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition","cweUrl: https://cwe.mitre.org/data/definitions/367.html"],"unformattedDescription":"Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-35418","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-35418","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Cloud Files Mini Filter Driver","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition","https://cwe.mitre.org/data/definitions/367.html"]}],"articles":[{"title":"Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-35418","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d8a07afa-cf36-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000f21ec545","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-35417","cveTitle":"Windows Win32k Elevation of Privilege Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Access of resource using incompatible type ('type confusion') in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')"],"cweDetailsListForSearch":["cwe: CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')","cweUrl: https://cwe.mitre.org/data/definitions/843.html"],"unformattedDescription":"Access of resource using incompatible type ('type confusion') in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-35417","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-35417","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":1,"latestSoftwareRelease":"Exploitation More Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Win32K - ICOMP","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')","https://cwe.mitre.org/data/definitions/843.html"]}],"articles":[{"title":"Windows Win32K - ICOMP Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Access of resource using incompatible type ('type confusion') in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-35417","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"aa095397-cf36-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-000057aa1da3","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-35416","cveTitle":"Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-35416","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-35416","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":1,"latestSoftwareRelease":"Exploitation More Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Ancillary Function Driver for WinSock","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.0","temporalScore":"6.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"title":"Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

\n

Successful exploitation of this vulnerability requires an attacker to win a race condition.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-35416","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"dfae074f-cf36-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000bc357600","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-35415","cveTitle":"Windows Storage Spaces Controller Elevation of Privilege Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Integer overflow or wraparound in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-190: Integer Overflow or Wraparound"],"cweDetailsListForSearch":["cwe: CWE-190: Integer Overflow or Wraparound","cweUrl: https://cwe.mitre.org/data/definitions/190.html"],"unformattedDescription":"Integer overflow or wraparound in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-35415","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-35415","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Storage Spaces Controller","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-190: Integer Overflow or Wraparound","https://cwe.mitre.org/data/definitions/190.html"]}],"articles":[{"title":"Windows Storage Spaces Controller Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Integer overflow or wraparound in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-35415","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"84aef3a0-ce36-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00005c8bc64b","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-34351","cveTitle":"Windows TCP/IP Elevation of Privilege Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"],"cweDetailsListForSearch":["cwe: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","cweUrl: https://cwe.mitre.org/data/definitions/362.html"],"unformattedDescription":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-34351","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-34351","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows TCP/IP","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","https://cwe.mitre.org/data/definitions/362.html"]}],"articles":[{"title":"Windows TCP/IP Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-34351","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"4fac9133-ce36-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000f7ff6dee","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-34350","cveTitle":"Windows Storport Miniport Driver Denial of Service Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Null pointer dereference in Windows Storport Miniport Driver allows an unauthorized attacker to deny service over a network.

\n","cweList":["CWE-476: NULL Pointer Dereference"],"cweDetailsListForSearch":["cwe: CWE-476: NULL Pointer Dereference","cweUrl: https://cwe.mitre.org/data/definitions/476.html"],"unformattedDescription":"Null pointer dereference in Windows Storport Miniport Driver allows an unauthorized attacker to deny service over a network.","mitreText":"CVE-2026-34350","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-34350","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Storport Miniport Driver","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000001,"impact":"Denial of Service","langCode":"en-US","baseScore":"6.5","temporalScore":"5.7","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-476: NULL Pointer Dereference","https://cwe.mitre.org/data/definitions/476.html"]}],"articles":[{"title":"Windows Storport Miniport Driver Denial of Service Vulnerability","articleType":"100000000","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

\n

To trigger this vulnerability, a user must actively connect to the affected server and run a specific command. The vulnerability cannot be triggered automatically or in the background; it only occurs when a user intentionally interacts with the server using this command.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-34350","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"1668e919-cd36-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000b9cfd97b","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-34347","cveTitle":"Windows Win32k Elevation of Privilege Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-34347","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-34347","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Win32K - GRFX","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.0","temporalScore":"6.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"articleType":"FAQ","description":"

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

\n

Successful exploitation of this vulnerability requires an attacker to win a race condition.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000},{"title":"Windows Win32K - GRFX Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-34347","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"87bb27f0-c436-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000efb828c1","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-34345","cveTitle":"Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","cweUrl: https://cwe.mitre.org/data/definitions/362.html","cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-34345","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-34345","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Ancillary Function Driver for WinSock","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.0","temporalScore":"6.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","https://cwe.mitre.org/data/definitions/362.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"title":"Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

\n

Successful exploitation of this vulnerability requires an attacker to win a race condition.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-34345","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"36668258-c436-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00008a2dd063","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-34344","cveTitle":"Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')"],"cweDetailsListForSearch":["cwe: CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')","cweUrl: https://cwe.mitre.org/data/definitions/843.html"],"unformattedDescription":"Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-34344","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-34344","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Ancillary Function Driver for WinSock","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')","https://cwe.mitre.org/data/definitions/843.html"]}],"articles":[{"title":"Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-34344","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a29a3717-c436-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-000025a27706","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-34343","cveTitle":"Windows Application Identity (AppID) Subsystem Elevation of Privilege Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Heap-based buffer overflow in Windows Application Identity (AppID) Subsystem allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-122: Heap-based Buffer Overflow"],"cweDetailsListForSearch":["cwe: CWE-122: Heap-based Buffer Overflow","cweUrl: https://cwe.mitre.org/data/definitions/122.html"],"unformattedDescription":"Heap-based buffer overflow in Windows Application Identity (AppID) Subsystem allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-34343","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-34343","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Application Identity (AppID) Subsystem","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-122: Heap-based Buffer Overflow","https://cwe.mitre.org/data/definitions/122.html"]}],"articles":[{"title":"Windows Application Identity (AppID) Subsystem Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Heap-based buffer overflow in Windows Application Identity (AppID) Subsystem allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-34343","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"2ed41b02-bb36-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000c0161fa9","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-34342","cveTitle":"Windows Print Spooler Elevation of Privilege Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"],"cweDetailsListForSearch":["cwe: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","cweUrl: https://cwe.mitre.org/data/definitions/362.html"],"unformattedDescription":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-34342","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-34342","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Print Spooler Components","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.0","temporalScore":"6.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","https://cwe.mitre.org/data/definitions/362.html"]}],"articles":[{"title":"Windows Print Spooler Components Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

\n

Successful exploitation of this vulnerability requires an attacker to win a race condition.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could elevate from a low integrity level up to a medium integrity level.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-34342","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f3d97a7b-ba36-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-000020a27706","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-34333","cveTitle":"Windows Win32k Elevation of Privilege Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-416: Use After Free","CWE-190: Integer Overflow or Wraparound"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html","cwe: CWE-190: Integer Overflow or Wraparound","cweUrl: https://cwe.mitre.org/data/definitions/190.html"],"unformattedDescription":"Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-34333","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-34333","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Win32K - GRFX","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-190: Integer Overflow or Wraparound","https://cwe.mitre.org/data/definitions/190.html"]}],"articles":[{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000},{"title":"Windows Win32K - GRFX Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-34333","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"1b15c7e7-0f36-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000568bc64b","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-34331","cveTitle":"Win32k Elevation of Privilege Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","cweUrl: https://cwe.mitre.org/data/definitions/362.html","cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-34331","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-34331","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Win32K - GRFX","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.0","temporalScore":"6.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","https://cwe.mitre.org/data/definitions/362.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"title":"Windows Win32K - GRFX Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

\n

Successful exploitation of this vulnerability requires an attacker to win a race condition.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-34331","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c4069c5f-0036-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000f1ff6dee","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-34330","cveTitle":"Win32k Elevation of Privilege Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Integer overflow or wraparound in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-190: Integer Overflow or Wraparound","CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-190: Integer Overflow or Wraparound","cweUrl: https://cwe.mitre.org/data/definitions/190.html","cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Integer overflow or wraparound in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-34330","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-34330","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Win32K - GRFX","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-190: Integer Overflow or Wraparound","https://cwe.mitre.org/data/definitions/190.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000},{"title":"Windows Win32K - GRFX Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Integer overflow or wraparound in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-34330","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"60620bce-fe35-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00002d300261","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-34329","cveTitle":"Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Heap-based buffer overflow in Windows Message Queuing allows an unauthorized attacker to execute code over an adjacent network.

\n","cweList":["CWE-122: Heap-based Buffer Overflow"],"cweDetailsListForSearch":["cwe: CWE-122: Heap-based Buffer Overflow","cweUrl: https://cwe.mitre.org/data/definitions/122.html"],"unformattedDescription":"Heap-based buffer overflow in Windows Message Queuing allows an unauthorized attacker to execute code over an adjacent network.","mitreText":"CVE-2026-34329","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-34329","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Message Queuing","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"8.8","temporalScore":"7.7","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-122: Heap-based Buffer Overflow","https://cwe.mitre.org/data/definitions/122.html"]}],"articles":[{"title":"Windows Message Queuing Remote Code Execution Vulnerability","articleType":"100000000","description":"

Heap-based buffer overflow in Windows Message Queuing allows an unauthorized attacker to execute code over an adjacent network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

How could an attacker exploit this vulnerability?

\n

An attacker could send a specially crafted message over the network to a system running the Windows Message Queuing (MSMQ) service. This message is processed by the MSMQ service and triggers a memory corruption condition, which could allow the attacker to run code on the affected system.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS score, the attack vector is adjacent (AV:A). What does this mean for this vulnerability?

\n

This attack is limited to systems connected to the same network segment as the attacker. The attack cannot be performed across multiple networks (for example, a WAN) and would be limited to systems on the same network switch or virtual network.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-34329","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e8f5b04b-fd35-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-000053c3e010","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-33841","cveTitle":"Windows Kernel Elevation of Privilege Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-122: Heap-based Buffer Overflow"],"cweDetailsListForSearch":["cwe: CWE-122: Heap-based Buffer Overflow","cweUrl: https://cwe.mitre.org/data/definitions/122.html"],"unformattedDescription":"Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-33841","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-33841","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":1,"latestSoftwareRelease":"Exploitation More Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Kernel","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-122: Heap-based Buffer Overflow","https://cwe.mitre.org/data/definitions/122.html"]}],"articles":[{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited the vulnerability?

\n

An attacker could use this vulnerability to elevate privileges from a Low Integrity Level in a contained ("sandboxed") execution environment to a Medium Integrity Level or a High Integrity Level.

\n

Please refer to AppContainer isolation and Mandatory Integrity Control for more information.

\n","ordinal":10000},{"title":"Windows Kernel Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-33841","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"48767046-eb34-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000b84e396e","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-33840","cveTitle":"Win32k Elevation of Privilege Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-33840","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-33840","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":1,"latestSoftwareRelease":"Exploitation More Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Win32K - ICOMP","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000},{"title":"Windows Win32K - ICOMP Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-33840","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"cc763b2c-ea34-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000801ea5fb","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-33839","cveTitle":"Win32k Elevation of Privilege Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"],"cweDetailsListForSearch":["cwe: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","cweUrl: https://cwe.mitre.org/data/definitions/362.html"],"unformattedDescription":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-33839","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-33839","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Win32K - GRFX","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.0","temporalScore":"6.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","https://cwe.mitre.org/data/definitions/362.html"]}],"articles":[{"articleType":"FAQ","description":"

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

\n

Successful exploitation of this vulnerability requires an attacker to win a race condition.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000},{"title":"Windows Win32K - GRFX Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-33839","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"816b58ba-e934-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000517c9be3","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-33834","cveTitle":"Windows Event Logging Service Elevation of Privilege Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Improper access control in Windows Event Logging Service allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-284: Improper Access Control"],"cweDetailsListForSearch":["cwe: CWE-284: Improper Access Control","cweUrl: https://cwe.mitre.org/data/definitions/284.html"],"unformattedDescription":"Improper access control in Windows Event Logging Service allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-33834","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-33834","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Event Logging Service","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-284: Improper Access Control","https://cwe.mitre.org/data/definitions/284.html"]}],"articles":[{"title":"Windows Event Logging Service Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Improper access control in Windows Event Logging Service allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-33834","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"87b242e9-dd34-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00004d924b17","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-33117","cveTitle":"Azure SDK for Java Security Feature Bypass Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

Improper authentication in Azure SDK allows an unauthorized attacker to bypass a security feature over a network.

\n","cweList":["CWE-287: Improper Authentication","CWE-347: Improper Verification of Cryptographic Signature"],"cweDetailsListForSearch":["cwe: CWE-287: Improper Authentication","cweUrl: https://cwe.mitre.org/data/definitions/287.html","cwe: CWE-347: Improper Verification of Cryptographic Signature","cweUrl: https://cwe.mitre.org/data/definitions/347.html"],"unformattedDescription":"Improper authentication in Azure SDK allows an unauthorized attacker to bypass a security feature over a network.","mitreText":"CVE-2026-33117","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-33117","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Azure SDK","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000007,"impact":"Security Feature Bypass","langCode":"en-US","baseScore":"9.1","temporalScore":"7.9","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-287: Improper Authentication","https://cwe.mitre.org/data/definitions/287.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-347: Improper Verification of Cryptographic Signature","https://cwe.mitre.org/data/definitions/347.html"]}],"articles":[{"title":"Azure SDK Security Feature Bypass Vulnerability","articleType":"100000000","description":"

Improper authentication in Azure SDK allows an unauthorized attacker to bypass a security feature over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What kind of security feature could be bypassed by successfully exploiting this vulnerability?

\n

Successful exploitation of this vulnerability could allow an attacker to bypass the integrity protection provided by the authentication tag that is designed to detect tampering with encrypted data. This may prevent the system from identifying whether encrypted content has been modified before it is decrypted.

\n","ordinal":10000},{"articleType":"FAQ","description":"

How could an attacker exploit this vulnerability?

\n

An attacker could exploit this vulnerability by sending specially crafted encrypted data to an affected application that uses the vulnerable decryption implementation and observing how the application responds. If the application is reachable over a network, this could allow the attacker to manipulate encrypted input in a way that bypasses integrity checks during decryption.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-33117","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d6990b5d-c12e-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000017c99236","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-21530","cveTitle":"Windows Rich Text Edit Elevation of Privilege Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T07:00:00-07:00","description":"

Double free in Windows Rich Text Edit allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-415: Double Free"],"cweDetailsListForSearch":["cwe: CWE-415: Double Free","cweUrl: https://cwe.mitre.org/data/definitions/415.html"],"unformattedDescription":"Double free in Windows Rich Text Edit allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-21530","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-21530","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Rich Text Edit","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"6.7","temporalScore":"5.8","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-415: Double Free","https://cwe.mitre.org/data/definitions/415.html"]}],"articles":[{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited the vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain administrator privileges.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

\n

Successful exploitation of this vulnerability requires an attacker to win a race condition.

\n","ordinal":10000},{"title":"Windows Rich Text Edit Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Double free in Windows Rich Text Edit allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability?

\n

An authorized attacker must send a victim a malicious and specially crafted file and convince them to open it.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-21530","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"50358290-ef1e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-21530","version":1.1,"revisionDate":"2026-05-15T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Updated Hotpatch links. This is in informational change only.

\n","unformattedDescription":"Updated Hotpatch links. This is in informational change only.","notificationNeeded":false,"notificationSent":false,"sourceId":"7cf5d2fc-7f50-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00006c924b17","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-32177","cveTitle":".NET Elevation of Privilege Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-18T07:00:00-07:00","description":"

Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally.

\n","cweList":["CWE-122: Heap-based Buffer Overflow","CWE-20: Improper Input Validation"],"cweDetailsListForSearch":["cwe: CWE-122: Heap-based Buffer Overflow","cweUrl: https://cwe.mitre.org/data/definitions/122.html","cwe: CWE-20: Improper Input Validation","cweUrl: https://cwe.mitre.org/data/definitions/20.html"],"unformattedDescription":"Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally.","mitreText":"CVE-2026-32177","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32177","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":".NET","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.3","temporalScore":"6.4","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-122: Heap-based Buffer Overflow","https://cwe.mitre.org/data/definitions/122.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-20: Improper Input Validation","https://cwe.mitre.org/data/definitions/20.html"]}],"articles":[{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain ELEVATED privileges.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), and integrity (I:H), and some loss of availability (A:L). What does that mean for this vulnerability?

\n

An attacker who successfully exploited this vulnerability could view sensitive information (Confidentiality) and modify code in the repo, (Integrity), and they might be able to interfere with availability of the code (Availability).

\n","ordinal":10000},{"title":".NET Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

\n

Exploitation of this vulnerability requires that a user trigger the payload in the application.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), and integrity (I:H), and some loss of availability (A:L). What does that mean for this vulnerability?

\n

An attacker who successfully exploited this vulnerability could view sensitive information such as other user's credentials (Confidentiality) and make changes to file contents on the target server (Integrity), and they might be able to force a crash (Availability).

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32177","version":3,"revisionDate":"2026-05-18T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Update the Security Updates table to remove incorrectly added software

\n","unformattedDescription":"Update the Security Updates table to remove incorrectly added software","notificationNeeded":false,"notificationSent":false,"sourceId":"32d0014e-e252-f111-939d-000d3ac5fb71"},{"cveNumber":"CVE-2026-32177","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"6f61d202-3e22-f111-93f8-000d3afbc7d7"},{"cveNumber":"CVE-2026-32177","version":2,"revisionDate":"2026-05-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

New .NET Framework Packages have been added

\n","unformattedDescription":"New .NET Framework Packages have been added","notificationNeeded":false,"notificationSent":false,"sourceId":"c98bbade-ad4f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00008d4c1716","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-32204","cveTitle":"Azure Monitor Agent Elevation of Privilege Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"

External control of file name or path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-73: External Control of File Name or Path"],"cweDetailsListForSearch":["cwe: CWE-73: External Control of File Name or Path","cweUrl: https://cwe.mitre.org/data/definitions/73.html"],"unformattedDescription":"External control of file name or path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-32204","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32204","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Azure Monitor Agent","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-73: External Control of File Name or Path","https://cwe.mitre.org/data/definitions/73.html"]}],"articles":[{"articleType":"FAQ","description":"

What privileges could an attacker gain with successful exploitation?

\n

An attacker who successfully exploited the vulnerability could elevate their privileges to 'root' user.

\n","ordinal":10000},{"articleType":"FAQ","description":"

How could an attacker exploit this vulnerability?

\n

An attacker could send specially crafted configuration messages to a locally running Azure Monitor Agent service that does not strictly validate incoming requests. By doing so, the attacker may be able to write files on the affected system, which could then be used to run unauthorized code.

\n","ordinal":10000},{"title":"Azure Monitor Agent Elevation of Privilege Vulnerability","articleType":"100000000","description":"

External control of file name or path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32204","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"3443b5bf-8c27-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000eba32489","releaseDate":"2026-05-11T07:00:00-07:00","cveNumber":"CVE-2026-42838","cveTitle":"Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-11T07:00:00-07:00","description":"

Improper neutralization of special elements in output used by a downstream component ('injection') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to elevate privileges over a network.

\n","cweList":["CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')"],"cweDetailsListForSearch":["cwe: CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')","cweUrl: https://cwe.mitre.org/data/definitions/74.html"],"unformattedDescription":"Improper neutralization of special elements in output used by a downstream component ('injection') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to elevate privileges over a network.","mitreText":"CVE-2026-42838","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-42838","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000002,"severity":"Moderate","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"5.4","temporalScore":"4.7","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')","https://cwe.mitre.org/data/definitions/74.html"]}],"articles":[{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited the vulnerability?

\n

The attacker would gain the rights of the user that is running the affected application.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L), and integrity (I:L) but lead to no loss of availability (A:N). What is the impact of this vulnerability?

\n

An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality), make changes to disclosed information (Integrity), but cannot limit access to the resource (Availability).

\n","ordinal":10000},{"title":"Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Improper neutralization of special elements in output used by a downstream component ('injection') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to elevate privileges over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5505/11/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-42838","version":1,"revisionDate":"2026-05-11T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"dd8d7c96-7849-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00001ed4b8fb","releaseDate":"2026-05-11T07:00:00-07:00","cveNumber":"CVE-2026-42891","cveTitle":"Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-11T07:00:00-07:00","description":"

User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

\n","cweList":["CWE-451: User Interface (UI) Misrepresentation of Critical Information"],"cweDetailsListForSearch":["cwe: CWE-451: User Interface (UI) Misrepresentation of Critical Information","cweUrl: https://cwe.mitre.org/data/definitions/451.html"],"unformattedDescription":"User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.","mitreText":"CVE-2026-42891","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-42891","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000002,"severity":"Moderate","impactId":100000008,"impact":"Spoofing","langCode":"en-US","baseScore":"6.5","temporalScore":"5.7","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-451: User Interface (UI) Misrepresentation of Critical Information","https://cwe.mitre.org/data/definitions/451.html"]}],"articles":[{"articleType":"FAQ","description":"

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

\n

Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), and some loss of integrity (I:L), but no loss of availability (A:N). What does that mean for this vulnerability?

\n

An attacker who successfully exploited this vulnerability could view sensitive information, (Confidentiality), and make some changes to disclosed information (Integrity), but they would not be able to affect Availability.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is the severity for this CVE rated as Moderate, but the CVSS score is higher than normal?

\n

Per our severity guidelines, the amount of user interaction or preconditions required to allow this sort of exploitation downgraded the severity, specifically it says, "If a bug requires more than a click, a key press, or several preconditions, the severity will be downgraded". The CVSS scoring system doesn't allow for this type of nuance.

\n","ordinal":10000},{"title":"Microsoft Edge (Chromium-based) Spoofing Vulnerability","articleType":"100000000","description":"

User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5505/11/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-42891","version":1,"revisionDate":"2026-05-11T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"616efc96-8b49-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000db50a9d3","releaseDate":"2026-05-11T07:00:00-07:00","cveNumber":"CVE-2026-7912","cveTitle":"Chromium: CVE-2026-7912 Integer overflow in GPU","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-11T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7912","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7912","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5505/11/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7912","version":1,"revisionDate":"2026-05-11T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"efc757a6-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000da50a9d3","releaseDate":"2026-05-11T07:00:00-07:00","cveNumber":"CVE-2026-7913","cveTitle":"Chromium: CVE-2026-7913 Insufficient policy enforcement in DevTools","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-11T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7913","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7913","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5505/11/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7913","version":1,"revisionDate":"2026-05-11T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"02c857a6-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000d850a9d3","releaseDate":"2026-05-11T07:00:00-07:00","cveNumber":"CVE-2026-7915","cveTitle":"Chromium: CVE-2026-7915 Insufficient data validation in DevTools","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-11T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7915","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7915","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5505/11/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7915","version":1,"revisionDate":"2026-05-11T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"114662ac-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000adae9fbb","releaseDate":"2026-05-11T07:00:00-07:00","cveNumber":"CVE-2026-7941","cveTitle":"Chromium: CVE-2026-7941 Insufficient validation of untrusted input in Mobile","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-11T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7941","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7941","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5505/11/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7941","version":1,"revisionDate":"2026-05-11T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"f33c67b8-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000b2f5e4e8","releaseDate":"2026-05-11T07:00:00-07:00","cveNumber":"CVE-2026-7993","cveTitle":"Chromium: CVE-2026-7993 Insufficient validation of untrusted input in Payments","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-11T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7993","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7993","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5505/11/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7993","version":1,"revisionDate":"2026-05-11T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"464b66d6-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000123af818","releaseDate":"2026-05-11T07:00:00-07:00","cveNumber":"CVE-2026-7931","cveTitle":"Chromium: CVE-2026-7931 Insufficient validation of untrusted input in iOS","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-11T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7931","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7931","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5505/11/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7931","version":1,"revisionDate":"2026-05-11T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"92da62b2-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00002708148b","releaseDate":"2026-05-11T07:00:00-07:00","cveNumber":"CVE-2026-35429","cveTitle":"Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-11T07:00:00-07:00","description":"

User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.

\n","cweList":["CWE-451: User Interface (UI) Misrepresentation of Critical Information"],"cweDetailsListForSearch":["cwe: CWE-451: User Interface (UI) Misrepresentation of Critical Information","cweUrl: https://cwe.mitre.org/data/definitions/451.html"],"unformattedDescription":"User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.","mitreText":"CVE-2026-35429","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-35429","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge for Android","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000002,"severity":"Moderate","impactId":100000008,"impact":"Spoofing","langCode":"en-US","baseScore":"4.3","temporalScore":"3.9","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-451: User Interface (UI) Misrepresentation of Critical Information","https://cwe.mitre.org/data/definitions/451.html"]}],"articles":[{"title":"Microsoft Edge for Android Spoofing Vulnerability","articleType":"100000000","description":"

User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

How could an attacker exploit this vulnerability via the Network?

\n

An attacker could host a specially crafted website designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action, typically by an enticement in an email or instant message, or by getting the user to open an attachment sent through email.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L),but lead to no loss of availability (A:N) and integrity (I:N)? What does that mean for this vulnerability?

\n

An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability).

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

\n

In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5505/11/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-35429","version":1,"revisionDate":"2026-05-11T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"fdfddef9-4c38-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000756d1bf0","releaseDate":"2026-05-11T07:00:00-07:00","cveNumber":"CVE-2026-40416","cveTitle":"Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-11T07:00:00-07:00","description":"

User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

\n","cweList":["CWE-451: User Interface (UI) Misrepresentation of Critical Information"],"cweDetailsListForSearch":["cwe: CWE-451: User Interface (UI) Misrepresentation of Critical Information","cweUrl: https://cwe.mitre.org/data/definitions/451.html"],"unformattedDescription":"User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.","mitreText":"CVE-2026-40416","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-40416","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000003,"severity":"Low","impactId":100000008,"impact":"Spoofing","langCode":"en-US","baseScore":"4.3","temporalScore":"3.8","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-451: User Interface (UI) Misrepresentation of Critical Information","https://cwe.mitre.org/data/definitions/451.html"]}],"articles":[{"articleType":"FAQ","description":"

What is the impact of this vulnerability?

\n

When shortening RTL characters in domains, edge will display the wrong part of the domain in the omnibox.

\n","ordinal":10000},{"title":"Microsoft Edge (Chromium-based) Spoofing Vulnerability","articleType":"100000000","description":"

User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5505/11/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-40416","version":1,"revisionDate":"2026-05-11T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"0f64e971-763e-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-000021383328","releaseDate":"2026-05-11T07:00:00-07:00","cveNumber":"CVE-2026-41107","cveTitle":"Microsoft Edge (Chromium-based) Information Disclosure Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-11T07:00:00-07:00","description":"

External control of file name or path in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.

\n","cweList":["CWE-73: External Control of File Name or Path"],"cweDetailsListForSearch":["cwe: CWE-73: External Control of File Name or Path","cweUrl: https://cwe.mitre.org/data/definitions/73.html"],"unformattedDescription":"External control of file name or path in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.","mitreText":"CVE-2026-41107","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-41107","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000002,"severity":"Moderate","impactId":100000003,"impact":"Information Disclosure","langCode":"en-US","baseScore":"7.4","temporalScore":"6.4","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-73: External Control of File Name or Path","https://cwe.mitre.org/data/definitions/73.html"]}],"articles":[{"title":"Microsoft Edge (Chromium-based) Information Disclosure Vulnerability","articleType":"100000000","description":"

External control of file name or path in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What type of information could be disclosed by this vulnerability?

\n

The type of information that could be disclosed if an attacker successfully exploited this vulnerability by bypassing a security feature that is built in to prevent cookies from being read is cookies data and cached sessions. By reading a session cookie, an attacker would be able to sign into the victim\u2019s accounts on a different computer.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

\n

An attacker must send a user a malicious Office file and convince them to open it.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?

\n

This vulnerability could lead to a browser sandbox escape.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5505/11/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-41107","version":1,"revisionDate":"2026-05-11T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"cb45fa5e-5d43-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000cff5e4e8","releaseDate":"2026-05-11T07:00:00-07:00","cveNumber":"CVE-2026-7897","cveTitle":"Chromium: CVE-2026-7897 Use after free in Mobile","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-11T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7897","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7897","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5505/11/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7897","version":1,"revisionDate":"2026-05-11T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"36bb58a0-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00003ddc0131","releaseDate":"2026-05-11T07:00:00-07:00","cveNumber":"CVE-2026-7905","cveTitle":"Chromium: CVE-2026-7905 Insufficient validation of untrusted input in Media","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-11T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7905","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7905","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5505/11/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7905","version":1,"revisionDate":"2026-05-11T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"6dc757a6-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00002845a0c3","releaseDate":"2026-05-11T07:00:00-07:00","cveNumber":"CVE-2026-8020","cveTitle":"Chromium: CVE-2026-8020 Uninitialized Use in GPU","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-11T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-8020","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8020","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5505/11/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8020","version":1,"revisionDate":"2026-05-11T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"33c568e8-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-000054286c69","releaseDate":"2026-05-10T01:03:25-07:00","cveNumber":"CVE-2026-33079","cveTitle":"Mistune ReDoS in LINK_TITLE_RE allows denial of service with crafted Markdown titles","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T14:41:41-07:00","cweList":["CWE-1333: Inefficient Regular Expression Complexity"],"cweDetailsListForSearch":["cwe: CWE-1333: Inefficient Regular Expression Complexity","cweUrl: https://cwe.mitre.org/data/definitions/1333.html"],"mitreText":"CVE-2026-33079","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-33079","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"GitHub_M","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-1333: Inefficient Regular Expression Complexity","https://cwe.mitre.org/data/definitions/1333.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-33079","version":1,"revisionDate":"2026-05-10T01:03:25-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a1ed5a0c-0c4c-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-33079","version":3,"revisionDate":"2026-05-15T14:41:41-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"67bee92d-6c50-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-33079","version":2,"revisionDate":"2026-05-11T14:47:13-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"496c084c-484d-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00004f7c9be3","releaseDate":"2026-05-10T01:02:06-07:00","cveNumber":"CVE-2026-33814","cveTitle":"Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-19T01:43:03-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-33814","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-33814","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Go","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"7.5","temporalScore":"7.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","vectorStringSource":"CISA ADP","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-33814","version":1,"revisionDate":"2026-05-10T01:02:06-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"8865c4d9-0b4c-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-33814","version":3,"revisionDate":"2026-05-13T01:03:48-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c8880797-674e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-33814","version":4,"revisionDate":"2026-05-14T14:39:14-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"20be4eac-a24f-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-33814","version":7,"revisionDate":"2026-05-19T01:43:03-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"271ab30e-2453-f111-939d-000d3ac5fb71"},{"cveNumber":"CVE-2026-33814","version":2,"revisionDate":"2026-05-11T14:44:41-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"8506d7ed-474d-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-33814","version":5,"revisionDate":"2026-05-15T01:42:14-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b9c11c4d-ff4f-f111-93fb-000d3afbc7d7"},{"cveNumber":"CVE-2026-33814","version":6,"revisionDate":"2026-05-16T14:38:58-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"24a54ff8-3451-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00006b2f8d8b","releaseDate":"2026-05-10T01:01:50-07:00","cveNumber":"CVE-2026-44656","cveTitle":"Vim: OS Command Injection via 'path' completion","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-13T01:43:11-07:00","cweList":["CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"],"cweDetailsListForSearch":["cwe: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","cweUrl: https://cwe.mitre.org/data/definitions/78.html"],"mitreText":"CVE-2026-44656","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-44656","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"GitHub_M","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","https://cwe.mitre.org/data/definitions/78.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-44656","version":1,"revisionDate":"2026-05-10T01:01:50-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"598b99d3-0b4c-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-44656","version":3,"revisionDate":"2026-05-13T01:43:11-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"355f2e1a-6d4e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-44656","version":2,"revisionDate":"2026-05-11T14:44:08-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d28eb7df-474d-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000c9d93c40","releaseDate":"2026-05-10T01:01:44-07:00","cveNumber":"CVE-2026-45130","cveTitle":"Vim: Heap Buffer Overflow in spell file loading","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-13T01:43:04-07:00","cweList":["CWE-122: Heap-based Buffer Overflow"],"cweDetailsListForSearch":["cwe: CWE-122: Heap-based Buffer Overflow","cweUrl: https://cwe.mitre.org/data/definitions/122.html"],"mitreText":"CVE-2026-45130","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-45130","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"GitHub_M","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"6.6","temporalScore":"6.6","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H","vectorStringSource":"GitHub_M","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-122: Heap-based Buffer Overflow","https://cwe.mitre.org/data/definitions/122.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-45130","version":1,"revisionDate":"2026-05-10T01:01:44-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"126401cd-0b4c-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-45130","version":3,"revisionDate":"2026-05-13T01:43:04-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b98ac013-6d4e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-45130","version":2,"revisionDate":"2026-05-11T14:43:57-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b798ffd8-474d-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00008679a74e","releaseDate":"2026-05-10T01:01:38-07:00","cveNumber":"CVE-2026-6666","cveTitle":"PgBouncer crash in kill_pool_logins_server_error","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-13T01:42:57-07:00","cweList":["CWE-476: NULL Pointer Dereference"],"cweDetailsListForSearch":["cwe: CWE-476: NULL Pointer Dereference","cweUrl: https://cwe.mitre.org/data/definitions/476.html"],"mitreText":"CVE-2026-6666","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-6666","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"PostgreSQL","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"5.9","temporalScore":"5.9","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","vectorStringSource":"PostgreSQL","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-476: NULL Pointer Dereference","https://cwe.mitre.org/data/definitions/476.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-6666","version":1,"revisionDate":"2026-05-10T01:01:38-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"8e90dcc6-0b4c-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-6666","version":2,"revisionDate":"2026-05-11T14:43:46-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"584b75d2-474d-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-6666","version":3,"revisionDate":"2026-05-13T01:42:57-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"83b83910-6d4e-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00008779a74e","releaseDate":"2026-05-10T01:01:32-07:00","cveNumber":"CVE-2026-6667","cveTitle":"PgBouncer missing authorization check in KILL_CLIENT admin command","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-13T01:42:50-07:00","cweList":["CWE-862: Missing Authorization"],"cweDetailsListForSearch":["cwe: CWE-862: Missing Authorization","cweUrl: https://cwe.mitre.org/data/definitions/862.html"],"mitreText":"CVE-2026-6667","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-6667","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"PostgreSQL","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"4.3","temporalScore":"4.3","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","vectorStringSource":"PostgreSQL","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-862: Missing Authorization","https://cwe.mitre.org/data/definitions/862.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-6667","version":1,"revisionDate":"2026-05-10T01:01:32-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"7e90dcc6-0b4c-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-6667","version":2,"revisionDate":"2026-05-11T14:43:35-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"722381cb-474d-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-6667","version":3,"revisionDate":"2026-05-13T01:42:50-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"04bfbe0b-6d4e-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00008579a74e","releaseDate":"2026-05-10T01:01:27-07:00","cveNumber":"CVE-2026-6665","cveTitle":"PgBouncer buffer overflow in SCRAM","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-13T01:42:44-07:00","cweList":["CWE-121: Stack-based Buffer Overflow"],"cweDetailsListForSearch":["cwe: CWE-121: Stack-based Buffer Overflow","cweUrl: https://cwe.mitre.org/data/definitions/121.html"],"mitreText":"CVE-2026-6665","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-6665","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"PostgreSQL","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"8.1","temporalScore":"8.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","vectorStringSource":"PostgreSQL","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-121: Stack-based Buffer Overflow","https://cwe.mitre.org/data/definitions/121.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-6665","version":1,"revisionDate":"2026-05-10T01:01:27-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"75d1c4c0-0b4c-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-6665","version":2,"revisionDate":"2026-05-11T14:43:24-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"3550d4c2-474d-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-6665","version":3,"revisionDate":"2026-05-13T01:42:44-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"1b4cd809-6d4e-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00008479a74e","releaseDate":"2026-05-10T01:01:21-07:00","cveNumber":"CVE-2026-6664","cveTitle":"PgBouncer integer overflow in PgBouncer network packet parsing","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-13T01:42:37-07:00","cweList":["CWE-190: Integer Overflow or Wraparound"],"cweDetailsListForSearch":["cwe: CWE-190: Integer Overflow or Wraparound","cweUrl: https://cwe.mitre.org/data/definitions/190.html"],"mitreText":"CVE-2026-6664","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-6664","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"PostgreSQL","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"7.5","temporalScore":"7.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","vectorStringSource":"PostgreSQL","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-190: Integer Overflow or Wraparound","https://cwe.mitre.org/data/definitions/190.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-6664","version":1,"revisionDate":"2026-05-10T01:01:21-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"6ad1c4c0-0b4c-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-6664","version":2,"revisionDate":"2026-05-11T14:43:13-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"47b5f1be-474d-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-6664","version":3,"revisionDate":"2026-05-13T01:42:37-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"64cdb303-6d4e-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000e76e4c66","releaseDate":"2026-05-09T01:03:53-07:00","cveNumber":"CVE-2026-43398","cveTitle":"drm/amdgpu: add upper bound check on user inputs in wait ioctl","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-11T01:51:52-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-43398","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-43398","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-43398","version":1,"revisionDate":"2026-05-09T01:03:53-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d36058ee-424b-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-43398","version":2,"revisionDate":"2026-05-11T01:51:52-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"4b05ddf7-db4c-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000000e2d237","releaseDate":"2026-05-09T01:03:47-07:00","cveNumber":"CVE-2026-43292","cveTitle":"mm/vmalloc: prevent RCU stalls in kasan_release_vmalloc_node","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-11T01:51:43-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-43292","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-43292","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-43292","version":2,"revisionDate":"2026-05-11T01:51:43-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"70685af3-db4c-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-43292","version":1,"revisionDate":"2026-05-09T01:03:47-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c76058ee-424b-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000b52808c0","releaseDate":"2026-05-09T01:03:25-07:00","cveNumber":"CVE-2026-43400","cveTitle":"drm/amdgpu: add upper bound check on user inputs in signal ioctl","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-11T01:51:07-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-43400","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-43400","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-43400","version":2,"revisionDate":"2026-05-11T01:51:07-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"05784adf-db4c-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-43400","version":1,"revisionDate":"2026-05-09T01:03:25-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"875b6fdf-424b-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00001f11567e","releaseDate":"2026-05-09T01:03:08-07:00","cveNumber":"CVE-2026-43305","cveTitle":"drm/amd/display: Fix mismatched unlock for DMUB HW lock in HWSS fast path","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-11T01:50:40-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-43305","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-43305","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-43305","version":1,"revisionDate":"2026-05-09T01:03:08-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"485983d7-424b-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-43305","version":2,"revisionDate":"2026-05-11T01:50:40-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"dc1986cf-db4c-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000b53eb8f3","releaseDate":"2026-05-09T01:02:57-07:00","cveNumber":"CVE-2026-43321","cveTitle":"bpf: Properly mark live registers for indirect jumps","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-11T14:42:00-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-43321","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-43321","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-43321","version":2,"revisionDate":"2026-05-11T01:50:22-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"4ebadcc4-db4c-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-43321","version":2.1,"revisionDate":"2026-05-11T14:42:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d45d3690-474d-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-43321","version":1,"revisionDate":"2026-05-09T01:02:57-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"30c865d1-424b-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000ba85fd20","releaseDate":"2026-05-09T01:02:24-07:00","cveNumber":"CVE-2026-43306","cveTitle":"bpf: crypto: Use the correct destructor kfunc type","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-11T01:49:37-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-43306","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-43306","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-43306","version":1,"revisionDate":"2026-05-09T01:02:24-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e8e468bc-424b-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-43306","version":2,"revisionDate":"2026-05-11T01:49:37-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"1a210daa-db4c-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00001aca1051","releaseDate":"2026-05-09T01:02:18-07:00","cveNumber":"CVE-2026-43320","cveTitle":"drm/amd/display: Fix dsc eDP issue","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-11T01:49:27-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-43320","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-43320","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-43320","version":1,"revisionDate":"2026-05-09T01:02:18-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ef21a8b5-424b-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-43320","version":2,"revisionDate":"2026-05-11T01:49:27-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c212ada2-db4c-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000018ca1051","releaseDate":"2026-05-09T01:02:07-07:00","cveNumber":"CVE-2026-43300","cveTitle":"drm/panel: Fix a possible null-pointer dereference in jdi_panel_dsi_remove()","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-11T01:49:15-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-43300","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-43300","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-43300","version":2,"revisionDate":"2026-05-11T01:49:15-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"3322c69d-db4c-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-43300","version":1,"revisionDate":"2026-05-09T01:02:07-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"708025af-424b-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000037cb217d","releaseDate":"2026-05-09T01:01:56-07:00","cveNumber":"CVE-2026-43284","cveTitle":"xfrm: esp: avoid in-place decrypt on shared skb frags","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-11T01:48:56-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-43284","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-43284","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-43284","version":1,"revisionDate":"2026-05-09T01:01:56-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"1079ffa7-424b-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-43284","version":2,"revisionDate":"2026-05-11T01:48:56-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"79012c91-db4c-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00006968582a","releaseDate":"2026-05-09T01:01:50-07:00","cveNumber":"CVE-2025-71299","cveTitle":"spi: cadence-quadspi: Parse DT for flashes with the rest of the DT parsing","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-11T01:48:46-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2025-71299","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2025-71299","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2025-71299","version":2,"revisionDate":"2026-05-11T01:48:46-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"54e3248b-db4c-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2025-71299","version":1,"revisionDate":"2026-05-09T01:01:50-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"198438a5-424b-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000030405aaf","releaseDate":"2026-05-09T01:01:28-07:00","cveNumber":"CVE-2025-71302","cveTitle":"drm/panthor: fix for dma-fence safe access rules","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-11T01:48:12-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2025-71302","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2025-71302","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2025-71302","version":1,"revisionDate":"2026-05-09T01:01:28-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"87101d99-424b-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2025-71302","version":2,"revisionDate":"2026-05-11T01:48:12-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"0a1fa776-db4c-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000046566a35","releaseDate":"2026-05-09T01:01:17-07:00","cveNumber":"CVE-2026-43474","cveTitle":"fs: init flags_valid before calling vfs_fileattr_get","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-11T01:47:52-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-43474","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-43474","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-43474","version":1,"revisionDate":"2026-05-09T01:01:17-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"493aaf94-424b-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-43474","version":2,"revisionDate":"2026-05-11T01:47:52-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"63809e69-db4c-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000cef5e4e8","releaseDate":"2026-05-07T07:00:11-07:00","cveNumber":"CVE-2026-7896","cveTitle":"Chromium: CVE-2026-7896 Integer overflow in Blink","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:11-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7896","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7896","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7896","version":1,"revisionDate":"2026-05-07T07:00:11-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"24bb58a0-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-000059c3e010","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-33821","cveTitle":"Microsoft Dynamics 365 Customer Insights Elevation of Privilege Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

Improper privilege management in Microsoft Dynamics 365 Customer Insights allows an authorized attacker to elevate privileges over a network.

\n","cweList":["CWE-269: Improper Privilege Management"],"cweDetailsListForSearch":["cwe: CWE-269: Improper Privilege Management","cweUrl: https://cwe.mitre.org/data/definitions/269.html"],"unformattedDescription":"Improper privilege management in Microsoft Dynamics 365 Customer Insights allows an authorized attacker to elevate privileges over a network.","mitreText":"CVE-2026-33821","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-33821","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":4,"latestSoftwareRelease":"N/A","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Dynamics 365 Customer Insights","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.7","temporalScore":"6.7","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":false,"customerActionRequiredId":2,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-269: Improper Privilege Management","https://cwe.mitre.org/data/definitions/269.html"]}],"articles":[{"title":"Microsoft Dynamics 365 Customer Insights Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Improper privilege management in Microsoft Dynamics 365 Customer Insights allows an authorized attacker to elevate privileges over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?

\n

This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.

\n

Please see Toward greater transparency: Unveiling Cloud Service CVEs for more information.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-33821","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"da15cd13-c92e-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000e550a9d3","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7918","cveTitle":"Chromium: CVE-2026-7918 Use after free in GPU","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7918","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7918","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7918","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"494662ac-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000e450a9d3","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7919","cveTitle":"Chromium: CVE-2026-7919 Use after free in Aura","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7919","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7919","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7919","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"5d4662ac-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-000078c55076","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7920","cveTitle":"Chromium: CVE-2026-7920 Use after free in Skia","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7920","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7920","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7920","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"704662ac-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-000075c55076","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7923","cveTitle":"Chromium: CVE-2026-7923 Out of bounds write in Skia","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7923","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7923","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7923","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"a84662ac-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-000077c55076","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7921","cveTitle":"Chromium: CVE-2026-7921 Use after free in Passwords","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7921","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7921","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7921","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"824662ac-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00007d0c96a3","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7972","cveTitle":"Chromium: CVE-2026-7972 Uninitialized Use in GPU","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7972","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7972","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7972","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"0dc66cca-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00007c0c96a3","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7973","cveTitle":"Chromium: CVE-2026-7973 Integer overflow in Dawn","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7973","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7973","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7973","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"23c66cca-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00007b0c96a3","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7974","cveTitle":"Chromium: CVE-2026-7974 Use after free in Blink","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7974","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7974","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7974","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"39c66cca-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00007a0c96a3","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7975","cveTitle":"Chromium: CVE-2026-7975 Use after free in DevTools","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7975","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7975","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7975","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"4fc66cca-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000790c96a3","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7976","cveTitle":"Chromium: CVE-2026-7976 Use after free in Views","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7976","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7976","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7976","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"68c66cca-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000f831afe3","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-42826","cveTitle":"Azure DevOps Information Disclosure Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

Exposure of sensitive information to an unauthorized actor in Azure DevOps allows an unauthorized attacker to disclose information over a network.

\n","cweList":["CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"],"cweDetailsListForSearch":["cwe: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor","cweUrl: https://cwe.mitre.org/data/definitions/200.html"],"unformattedDescription":"Exposure of sensitive information to an unauthorized actor in Azure DevOps allows an unauthorized attacker to disclose information over a network.","mitreText":"CVE-2026-42826","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-42826","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":4,"latestSoftwareRelease":"N/A","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Azure DevOps","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000003,"impact":"Information Disclosure","langCode":"en-US","baseScore":"10.0","temporalScore":"8.7","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":false,"customerActionRequiredId":2,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-200: Exposure of Sensitive Information to an Unauthorized Actor","https://cwe.mitre.org/data/definitions/200.html"]}],"articles":[{"title":"Azure DevOps Information Disclosure Vulnerability","articleType":"100000000","description":"

Exposure of sensitive information to an unauthorized actor in Azure DevOps allows an unauthorized attacker to disclose information over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?

\n

This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.

\n

Please see Toward greater transparency: Unveiling Cloud Service CVEs for more information.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-42826","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"50673a8b-df47-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00008c936ce8","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-35428","cveTitle":"Azure Cloud Shell Spoofing Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

Improper neutralization of special elements used in a command ('command injection') in Azure Cloud Shell allows an unauthorized attacker to perform spoofing over a network.

\n","cweList":["CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')"],"cweDetailsListForSearch":["cwe: CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')","cweUrl: https://cwe.mitre.org/data/definitions/77.html"],"unformattedDescription":"Improper neutralization of special elements used in a command ('command injection') in Azure Cloud Shell allows an unauthorized attacker to perform spoofing over a network.","mitreText":"CVE-2026-35428","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-35428","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":4,"latestSoftwareRelease":"N/A","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Azure Cloud Shell","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000008,"impact":"Spoofing","langCode":"en-US","baseScore":"9.6","temporalScore":"8.3","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":false,"customerActionRequiredId":2,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')","https://cwe.mitre.org/data/definitions/77.html"]}],"articles":[{"title":"Azure Cloud Shell Spoofing Vulnerability","articleType":"100000000","description":"

Improper neutralization of special elements used in a command ('command injection') in Azure Cloud Shell allows an unauthorized attacker to perform spoofing over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?

\n

This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.

\n

Please see Toward greater transparency: Unveiling Cloud Service CVEs for more information.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-35428","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"32919614-0138-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000ba357600","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-35435","cveTitle":"Azure AI Foundry Elevation of Privilege Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

Improper access control in Azure AI Foundry M365 published agents allows an unauthorized attacker to elevate privileges over a network.

\n","cweList":["CWE-284: Improper Access Control"],"cweDetailsListForSearch":["cwe: CWE-284: Improper Access Control","cweUrl: https://cwe.mitre.org/data/definitions/284.html"],"unformattedDescription":"Improper access control in Azure AI Foundry M365 published agents allows an unauthorized attacker to elevate privileges over a network.","mitreText":"CVE-2026-35435","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-35435","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":1,"latestSoftwareRelease":"Exploitation More Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Azure AI Foundry M365 published agents","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"8.6","temporalScore":"7.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":false,"customerActionRequiredId":2,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-284: Improper Access Control","https://cwe.mitre.org/data/definitions/284.html"]}],"articles":[{"title":"Azure AI Foundry M365 published agents Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Improper access control in Azure AI Foundry M365 published agents allows an unauthorized attacker to elevate privileges over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?

\n

This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.

\n

Please see Toward greater transparency: Unveiling Cloud Service CVEs for more information.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-35435","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"b2a4890d-2539-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000b3cfd97b","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-34327","cveTitle":"Microsoft Partner Center Spoofing Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

Externally controlled reference to a resource in another sphere in Microsoft Partner Center allows an unauthorized attacker to perform spoofing over a network.

\n","cweList":["CWE-610: Externally Controlled Reference to a Resource in Another Sphere"],"cweDetailsListForSearch":["cwe: CWE-610: Externally Controlled Reference to a Resource in Another Sphere","cweUrl: https://cwe.mitre.org/data/definitions/610.html"],"unformattedDescription":"Externally controlled reference to a resource in another sphere in Microsoft Partner Center allows an unauthorized attacker to perform spoofing over a network.","mitreText":"CVE-2026-34327","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-34327","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":4,"latestSoftwareRelease":"N/A","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Partner Center","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000008,"impact":"Spoofing","langCode":"en-US","baseScore":"8.2","temporalScore":"7.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":false,"customerActionRequiredId":2,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-610: Externally Controlled Reference to a Resource in Another Sphere","https://cwe.mitre.org/data/definitions/610.html"]}],"articles":[{"title":"Microsoft Partner Center Spoofing Vulnerability","articleType":"100000000","description":"

Externally controlled reference to a resource in another sphere in Microsoft Partner Center allows an unauthorized attacker to perform spoofing over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?

\n

This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.

\n

Please see Toward greater transparency: Unveiling Cloud Service CVEs for more information.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-34327","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"c00c4c58-5c35-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00004c7c9be3","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-33844","cveTitle":"Azure Managed Instance for Apache Cassandra Remote Code Execution Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

Improper input validation in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network.

\n","cweList":["CWE-20: Improper Input Validation"],"cweDetailsListForSearch":["cwe: CWE-20: Improper Input Validation","cweUrl: https://cwe.mitre.org/data/definitions/20.html"],"unformattedDescription":"Improper input validation in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network.","mitreText":"CVE-2026-33844","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-33844","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":4,"latestSoftwareRelease":"N/A","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Azure Managed Instance for Apache Cassandra","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"9.0","temporalScore":"7.8","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":false,"customerActionRequiredId":2,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-20: Improper Input Validation","https://cwe.mitre.org/data/definitions/20.html"]}],"articles":[{"articleType":"FAQ","description":"

Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?

\n

This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.

\n

Please see Toward greater transparency: Unveiling Cloud Service CVEs for more information.

\n","ordinal":10000},{"title":"Azure Managed Instance for Apache Cassandra Remote Code Execution Vulnerability","articleType":"100000000","description":"

Improper input validation in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network.

\n","ordinal":10000},{"title":"Azure Managed Instance for Apache Cassandra Remote Code Execution Vulnerability","articleType":"100000000","description":"

Improper input validation in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-33844","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"7b7ee98b-1b35-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00008fac2f56","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-33823","cveTitle":"Microsoft Team Events Portal Information Disclosure Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

Improper authorization in Microsoft Teams allows an authorized attacker to disclose information over a network.

\n","cweList":["CWE-285: Improper Authorization"],"cweDetailsListForSearch":["cwe: CWE-285: Improper Authorization","cweUrl: https://cwe.mitre.org/data/definitions/285.html"],"unformattedDescription":"Improper authorization in Microsoft Teams allows an authorized attacker to disclose information over a network.","mitreText":"CVE-2026-33823","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-33823","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":4,"latestSoftwareRelease":"N/A","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Teams","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000003,"impact":"Information Disclosure","langCode":"en-US","baseScore":"9.6","temporalScore":"8.3","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":false,"customerActionRequiredId":2,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-285: Improper Authorization","https://cwe.mitre.org/data/definitions/285.html"]}],"articles":[{"title":"Microsoft Teams Information Disclosure Vulnerability","articleType":"100000000","description":"

Improper authorization in Microsoft Teams allows an authorized attacker to disclose information over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?

\n

This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.

\n

Please see Toward greater transparency: Unveiling Cloud Service CVEs for more information.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-33823","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"45af608b-9e2f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000f2d76f73","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-32207","cveTitle":"Azure Machine Learning Notebook Spoofing Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

Improper neutralization of input during web page generation ('cross-site scripting') in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network.

\n","cweList":["CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"],"cweDetailsListForSearch":["cwe: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","cweUrl: https://cwe.mitre.org/data/definitions/79.html"],"unformattedDescription":"Improper neutralization of input during web page generation ('cross-site scripting') in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network.","mitreText":"CVE-2026-32207","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32207","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Azure Machine Learning","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000008,"impact":"Spoofing","langCode":"en-US","baseScore":"8.8","temporalScore":"7.7","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":false,"customerActionRequiredId":2,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","https://cwe.mitre.org/data/definitions/79.html"]}],"articles":[{"title":"No action CVE holding pen","articleType":"ReleaseNote","description":"

No action CVE holding pen

\n","ordinal":10000},{"articleType":"FAQ","description":"

Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?

\n

This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.

\n

Please see Toward greater transparency: Unveiling Cloud Service CVEs for more information.

\n","ordinal":10000},{"title":"Azure Machine Learning Spoofing Vulnerability","articleType":"100000000","description":"

Improper neutralization of input during web page generation ('cross-site scripting') in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32207","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"428948b5-5928-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000e7e3f308","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-40379","cveTitle":"Azure Entra ID Spoofing Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T07:00:00-07:00","description":"

Exposure of sensitive information to an unauthorized actor in Azure Entra ID allows an unauthorized attacker to perform spoofing over a network.

\n","cweList":["CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"],"cweDetailsListForSearch":["cwe: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor","cweUrl: https://cwe.mitre.org/data/definitions/200.html"],"unformattedDescription":"Exposure of sensitive information to an unauthorized actor in Azure Entra ID allows an unauthorized attacker to perform spoofing over a network.","mitreText":"CVE-2026-40379","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-40379","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":4,"latestSoftwareRelease":"N/A","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Azure Entra ID","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000008,"impact":"Spoofing","langCode":"en-US","baseScore":"9.3","temporalScore":"8.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":false,"customerActionRequiredId":2,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-200: Exposure of Sensitive Information to an Unauthorized Actor","https://cwe.mitre.org/data/definitions/200.html"]}],"articles":[{"articleType":"FAQ","description":"

Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?

\n

This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.

\n

Please see Toward greater transparency: Unveiling Cloud Service CVEs for more information.

\n","ordinal":10000},{"title":"Azure Entra ID Spoofing Vulnerability","articleType":"100000000","description":"

Exposure of sensitive information to an unauthorized actor in Azure Entra ID allows an unauthorized attacker to perform spoofing over a network.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-40379","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"bfc03a2b-b13a-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-40379","version":1.1,"revisionDate":"2026-05-15T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Corrected CVE title. This is an informational change only.

\n","unformattedDescription":"Corrected CVE title. This is an informational change only.","notificationNeeded":false,"notificationSent":false,"sourceId":"1d1655b5-6150-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00005c20d671","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-33109","cveTitle":"Azure Managed Instance for Apache Cassandra Remote Code Execution Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

Improper access control in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network.

\n","cweList":["CWE-284: Improper Access Control"],"cweDetailsListForSearch":["cwe: CWE-284: Improper Access Control","cweUrl: https://cwe.mitre.org/data/definitions/284.html"],"unformattedDescription":"Improper access control in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network.","mitreText":"CVE-2026-33109","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-33109","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":4,"latestSoftwareRelease":"N/A","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Azure Managed Instance for Apache Cassandra","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"9.9","temporalScore":"8.6","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":false,"customerActionRequiredId":2,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-284: Improper Access Control","https://cwe.mitre.org/data/definitions/284.html"]}],"articles":[{"title":"Azure Managed Instance for Apache Cassandra Remote Code Execution Vulnerability","articleType":"100000000","description":"

Improper access control in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?

\n

This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.

\n

Please see Toward greater transparency: Unveiling Cloud Service CVEs for more information.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-33109","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"b596624e-382d-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000837b9a5c","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-33111","cveTitle":"Copilot Chat (Microsoft Edge) Information Disclosure Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

Improper neutralization of special elements used in a command ('command injection') in Copilot Chat (Microsoft Edge) allows an unauthorized attacker to disclose information over a network.

\n","cweList":["CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')"],"cweDetailsListForSearch":["cwe: CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')","cweUrl: https://cwe.mitre.org/data/definitions/77.html"],"unformattedDescription":"Improper neutralization of special elements used in a command ('command injection') in Copilot Chat (Microsoft Edge) allows an unauthorized attacker to disclose information over a network.","mitreText":"CVE-2026-33111","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-33111","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Copilot Chat (Microsoft Edge)","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000003,"impact":"Information Disclosure","langCode":"en-US","baseScore":"7.5","temporalScore":"6.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":false,"customerActionRequiredId":2,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')","https://cwe.mitre.org/data/definitions/77.html"]}],"articles":[{"title":"Copilot Chat (Microsoft Edge) Information Disclosure Vulnerability","articleType":"100000000","description":"

Improper neutralization of special elements used in a command ('command injection') in Copilot Chat (Microsoft Edge) allows an unauthorized attacker to disclose information over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?

\n

This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.

\n

Please see Toward greater transparency: Unveiling Cloud Service CVEs for more information.

\n","ordinal":10000},{"title":"Microsoft Edge (Chromium-based) Information Disclosure Vulnerability","articleType":"100000000","description":"

Improper neutralization of special elements used in a command ('command injection') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-33111","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"06c4fdf8-3d2d-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00005721826d","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-41105","cveTitle":"Azure Monitor Action Group Notification System Elevation of Privilege Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

Server-side request forgery (ssrf) in Azure Notification Service allows an authorized attacker to elevate privileges over a network.

\n","cweList":["CWE-918: Server-Side Request Forgery (SSRF)"],"cweDetailsListForSearch":["cwe: CWE-918: Server-Side Request Forgery (SSRF)","cweUrl: https://cwe.mitre.org/data/definitions/918.html"],"unformattedDescription":"Server-side request forgery (ssrf) in Azure Notification Service allows an authorized attacker to elevate privileges over a network.","mitreText":"CVE-2026-41105","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-41105","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":4,"latestSoftwareRelease":"N/A","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Azure Notification Service","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"8.1","temporalScore":"7.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":false,"customerActionRequiredId":2,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-918: Server-Side Request Forgery (SSRF)","https://cwe.mitre.org/data/definitions/918.html"]}],"articles":[{"articleType":"FAQ","description":"

Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?

\n

This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.

\n

Please see Toward greater transparency: Unveiling Cloud Service CVEs for more information.

\n","ordinal":10000},{"title":"Azure Notification Service Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Server-side request forgery (ssrf) in Azure Notification Service allows an authorized attacker to elevate privileges over a network.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-41105","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"51a86de0-3743-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000dcf5e4e8","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7898","cveTitle":"Chromium: CVE-2026-7898 Use after free in Chromoting","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7898","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7898","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7898","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"49bb58a0-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000ddf5e4e8","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7899","cveTitle":"Chromium: CVE-2026-7899 Out of bounds read and write in V8","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7899","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7899","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7899","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"5bbb58a0-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-000042dc0131","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7900","cveTitle":"Chromium: CVE-2026-7900 Heap buffer overflow in ANGLE","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7900","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7900","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7900","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"6dbb58a0-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-000041dc0131","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7901","cveTitle":"Chromium: CVE-2026-7901 Use after free in ANGLE","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7901","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7901","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7901","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"7fbb58a0-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-000040dc0131","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7902","cveTitle":"Chromium: CVE-2026-7902 Out of bounds memory access in V8","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7902","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7902","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7902","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"91bb58a0-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00003edc0131","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7904","cveTitle":"Chromium: CVE-2026-7904 Out of bounds read in Fonts","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7904","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7904","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7904","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"b7bb58a0-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00003fdc0131","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7903","cveTitle":"Chromium: CVE-2026-7903 Integer overflow in ANGLE","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7903","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7903","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7903","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"a3bb58a0-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00003cdc0131","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7906","cveTitle":"Chromium: CVE-2026-7906 Use after free in SVG","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7906","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7906","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7906","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"7fc757a6-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00003bdc0131","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7907","cveTitle":"Chromium: CVE-2026-7907 Use after free in DOM","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7907","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7907","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7907","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"91c757a6-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00004adc0131","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7908","cveTitle":"Chromium: CVE-2026-7908 Use after free in Fullscreen","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7908","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7908","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7908","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"a3c757a6-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-000049dc0131","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7909","cveTitle":"Chromium: CVE-2026-7909 Inappropriate implementation in ServiceWorker","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7909","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7909","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7909","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"b8c757a6-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000dc50a9d3","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7911","cveTitle":"Chromium: CVE-2026-7911 Use after free in Aura","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7911","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7911","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7911","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"ddc757a6-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000dd50a9d3","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7910","cveTitle":"Chromium: CVE-2026-7910 Use after free in Views","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7910","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7910","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7910","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"cac757a6-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000d950a9d3","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7914","cveTitle":"Chromium: CVE-2026-7914 Type Confusion in Accessibility","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7914","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7914","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7914","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"16c857a6-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000d650a9d3","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7917","cveTitle":"Chromium: CVE-2026-7917 Use after free in Fullscreen","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7917","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7917","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7917","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"364662ac-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000d750a9d3","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7916","cveTitle":"Chromium: CVE-2026-7916 Insufficient data validation in InterestGroups","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7916","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7916","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7916","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"244662ac-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-000074c55076","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7924","cveTitle":"Chromium: CVE-2026-7924 Uninitialized Use in Dawn","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7924","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7924","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7924","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"c04662ac-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-000076c55076","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7922","cveTitle":"Chromium: CVE-2026-7922 Use after free in ServiceWorker","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7922","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7922","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7922","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"954662ac-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-000073c55076","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7925","cveTitle":"Chromium: CVE-2026-7925 Use after free in Chromoting","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7925","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7925","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7925","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"d74662ac-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-000071c55076","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7927","cveTitle":"Chromium: CVE-2026-7927 Type Confusion in Runtime","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7927","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7927","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7927","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"37da62b2-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-000072c55076","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7926","cveTitle":"Chromium: CVE-2026-7926 Use after free in PresentationAPI","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7926","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7926","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7926","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"21da62b2-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-000080c55076","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7928","cveTitle":"Chromium: CVE-2026-7928 Use after free in WebRTC","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7928","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7928","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7928","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"4dda62b2-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000133af818","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7930","cveTitle":"Chromium: CVE-2026-7930 Insufficient validation of untrusted input in Cookies","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7930","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7930","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7930","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"7cda62b2-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00007fc55076","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7929","cveTitle":"Chromium: CVE-2026-7929 Use after free in MediaRecording","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7929","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7929","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7929","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"65da62b2-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000113af818","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7932","cveTitle":"Chromium: CVE-2026-7932 Insufficient policy enforcement in Downloads","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7932","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7932","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7932","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"a8da62b2-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000103af818","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7933","cveTitle":"Chromium: CVE-2026-7933 Out of bounds read in WebCodecs","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7933","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7933","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7933","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"bfda62b2-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00000d3af818","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7936","cveTitle":"Chromium: CVE-2026-7936 Object lifecycle issue in V8","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7936","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7936","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7936","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"853c67b8-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00000e3af818","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7935","cveTitle":"Chromium: CVE-2026-7935 Inappropriate implementation in Speech","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7935","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7935","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7935","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"eeda62b2-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00000f3af818","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7934","cveTitle":"Chromium: CVE-2026-7934 Insufficient validation of untrusted input in Popup Blocker","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7934","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7934","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7934","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"d6da62b2-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00000c3af818","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7937","cveTitle":"Chromium: CVE-2026-7937 Insufficient policy enforcement in DevTools","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7937","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7937","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7937","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"9b3c67b8-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00001a3af818","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7939","cveTitle":"Chromium: CVE-2026-7939 Inappropriate implementation in SanitizerAPI","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7939","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7939","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7939","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"c83c67b8-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00001b3af818","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7938","cveTitle":"Chromium: CVE-2026-7938 Use after free in CSS","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7938","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7938","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7938","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"b13c67b8-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000aeae9fbb","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7940","cveTitle":"Chromium: CVE-2026-7940 Use after free in V8","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7940","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7940","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7940","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"e13c67b8-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000acae9fbb","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7942","cveTitle":"Chromium: CVE-2026-7942 Integer overflow in ANGLE","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7942","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7942","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7942","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"053d67b8-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000abae9fbb","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7943","cveTitle":"Chromium: CVE-2026-7943 Insufficient validation of untrusted input in ANGLE","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7943","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7943","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7943","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"173d67b8-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000aaae9fbb","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7944","cveTitle":"Chromium: CVE-2026-7944 Insufficient validation of untrusted input in Persistent Cache","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7944","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7944","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7944","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"293d67b8-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000a9ae9fbb","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7945","cveTitle":"Chromium: CVE-2026-7945 Insufficient validation of untrusted input in COOP","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7945","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7945","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7945","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"433d67b8-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000b6ae9fbb","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7948","cveTitle":"Chromium: CVE-2026-7948 Race in Chromoting","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7948","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7948","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7948","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"a3f870be-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000a8ae9fbb","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7946","cveTitle":"Chromium: CVE-2026-7946 Insufficient policy enforcement in WebUI","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7946","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7946","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7946","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"7bf870be-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000a7ae9fbb","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7947","cveTitle":"Chromium: CVE-2026-7947 Insufficient validation of untrusted input in Network","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7947","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7947","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7947","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"8ff870be-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000b5ae9fbb","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7949","cveTitle":"Chromium: CVE-2026-7949 Out of bounds read in Skia","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7949","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7949","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7949","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"b6f870be-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00004923475e","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7950","cveTitle":"Chromium: CVE-2026-7950 Out of bounds read and write in GFX","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7950","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7950","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7950","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"ccf870be-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00004823475e","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7951","cveTitle":"Chromium: CVE-2026-7951 Out of bounds write in WebRTC","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7951","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7951","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7951","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"e0f870be-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00004723475e","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7952","cveTitle":"Chromium: CVE-2026-7952 Insufficient policy enforcement in Extensions","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7952","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7952","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7952","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"f4f870be-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00004623475e","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7953","cveTitle":"Chromium: CVE-2026-7953 Insufficient validation of untrusted input in Omnibox","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7953","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7953","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7953","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"07f970be-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00004523475e","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7954","cveTitle":"Chromium: CVE-2026-7954 Race in Shared Storage","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7954","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7954","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7954","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"1af970be-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00004423475e","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7955","cveTitle":"Chromium: CVE-2026-7955 Uninitialized Use in GPU","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7955","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7955","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7955","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"32f970be-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00004223475e","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7957","cveTitle":"Chromium: CVE-2026-7957 Out of bounds write in Media","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7957","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7957","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7957","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"efe869c4-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00004323475e","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7956","cveTitle":"Chromium: CVE-2026-7956 Use after free in Navigation","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7956","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7956","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7956","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"48f970be-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00005123475e","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7958","cveTitle":"Chromium: CVE-2026-7958 Inappropriate implementation in ServiceWorker","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7958","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7958","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7958","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"05e969c4-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00005023475e","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7959","cveTitle":"Chromium: CVE-2026-7959 Inappropriate implementation in Navigation","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7959","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7959","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7959","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"1ae969c4-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000e497ee00","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7960","cveTitle":"Chromium: CVE-2026-7960 Race in Speech","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7960","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7960","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7960","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"31e969c4-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000e397ee00","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7961","cveTitle":"Chromium: CVE-2026-7961 Insufficient validation of untrusted input in Permissions","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7961","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7961","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7961","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"4be969c4-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000e297ee00","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7962","cveTitle":"Chromium: CVE-2026-7962 Insufficient policy enforcement in DirectSockets","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7962","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7962","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7962","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"60e969c4-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000e197ee00","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7963","cveTitle":"Chromium: CVE-2026-7963 Inappropriate implementation in ServiceWorker","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7963","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7963","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7963","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"76e969c4-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000e097ee00","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7964","cveTitle":"Chromium: CVE-2026-7964 Insufficient validation of untrusted input in FileSystem","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7964","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7964","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7964","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"8ce969c4-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000df97ee00","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7965","cveTitle":"Chromium: CVE-2026-7965 Insufficient validation of untrusted input in DevTools","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7965","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7965","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7965","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"a2e969c4-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000dd97ee00","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7967","cveTitle":"Chromium: CVE-2026-7967 Insufficient validation of untrusted input in Navigation","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7967","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7967","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7967","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"9cc56cca-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000de97ee00","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7966","cveTitle":"Chromium: CVE-2026-7966 Insufficient validation of untrusted input in SiteIsolation","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7966","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7966","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7966","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"bbe969c4-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000ec97ee00","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7968","cveTitle":"Chromium: CVE-2026-7968 Insufficient validation of untrusted input in CORS","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7968","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7968","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7968","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"b2c56cca-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000eb97ee00","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7969","cveTitle":"Chromium: CVE-2026-7969 Integer overflow in Network","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7969","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7969","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7969","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"c8c56cca-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00007e0c96a3","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7971","cveTitle":"Chromium: CVE-2026-7971 Inappropriate implementation in ORB","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7971","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7971","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7971","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"f7c56cca-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00007f0c96a3","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7970","cveTitle":"Chromium: CVE-2026-7970 Use after free in TopChrome","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7970","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7970","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7970","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"dec56cca-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000780c96a3","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7977","cveTitle":"Chromium: CVE-2026-7977 Inappropriate implementation in Canvas","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7977","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7977","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7977","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"7ec66cca-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000870c96a3","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7978","cveTitle":"Chromium: CVE-2026-7978 Inappropriate implementation in Companion","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7978","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7978","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7978","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"39f464d0-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00001a813d46","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7980","cveTitle":"Chromium: CVE-2026-7980 Use after free in WebAudio","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7980","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7980","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7980","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"65f464d0-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000860c96a3","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7979","cveTitle":"Chromium: CVE-2026-7979 Inappropriate implementation in Media","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7979","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7979","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7979","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"4ff464d0-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-000019813d46","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7981","cveTitle":"Chromium: CVE-2026-7981 Out of bounds read in Codecs","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7981","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7981","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7981","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"7cf464d0-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-000015813d46","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7985","cveTitle":"Chromium: CVE-2026-7985 Use after free in GPU","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7985","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7985","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7985","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"d4f464d0-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-000016813d46","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7984","cveTitle":"Chromium: CVE-2026-7984 Use after free in ReadingMode","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7984","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7984","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7984","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"bef464d0-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-000014813d46","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7986","cveTitle":"Chromium: CVE-2026-7986 Insufficient policy enforcement in Autofill","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7986","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7986","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7986","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"ecf464d0-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-000017813d46","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7983","cveTitle":"Chromium: CVE-2026-7983 Out of bounds read in Dawn","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7983","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7983","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7983","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"a8f464d0-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-000018813d46","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7982","cveTitle":"Chromium: CVE-2026-7982 Uninitialized Use in WebCodecs","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7982","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7982","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7982","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"91f464d0-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-000013813d46","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7987","cveTitle":"Chromium: CVE-2026-7987 Use after free in WebRTC","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7987","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7987","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7987","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"03f564d0-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-000021813d46","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7989","cveTitle":"Chromium: CVE-2026-7989 Insufficient data validation in DataTransfer","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7989","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7989","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7989","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"ed4a66d6-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000b3f5e4e8","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7992","cveTitle":"Chromium: CVE-2026-7992 Insufficient validation of untrusted input in UI","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7992","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7992","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7992","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"314b66d6-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000b5f5e4e8","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7990","cveTitle":"Chromium: CVE-2026-7990 Insufficient validation of untrusted input in Updater","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7990","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7990","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7990","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"034b66d6-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-000022813d46","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7988","cveTitle":"Chromium: CVE-2026-7988 Type Confusion in WebRTC","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7988","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7988","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7988","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"d64a66d6-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000b4f5e4e8","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7991","cveTitle":"Chromium: CVE-2026-7991 Use after free in UI","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7991","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7991","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7991","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"194b66d6-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000aff5e4e8","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7996","cveTitle":"Chromium: CVE-2026-7996 Insufficient validation of untrusted input in SSL","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7996","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7996","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7996","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"854b66d6-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000b0f5e4e8","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7995","cveTitle":"Chromium: CVE-2026-7995 Out of bounds read in AdFilter","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7995","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7995","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7995","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"704b66d6-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000bdf5e4e8","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7998","cveTitle":"Chromium: CVE-2026-7998 Insufficient validation of untrusted input in Dialog","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7998","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7998","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7998","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"b97e6edc-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000aef5e4e8","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7997","cveTitle":"Chromium: CVE-2026-7997 Insufficient validation of untrusted input in Updater","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7997","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7997","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7997","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"984b66d6-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000b1f5e4e8","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7994","cveTitle":"Chromium: CVE-2026-7994 Inappropriate implementation in Chromoting","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7994","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7994","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7994","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"5c4b66d6-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000bcf5e4e8","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-7999","cveTitle":"Chromium: CVE-2026-7999 Inappropriate implementation in V8","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-7999","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7999","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-7999","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"cb7e6edc-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00005e2eef08","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-8000","cveTitle":"Chromium: CVE-2026-8000 Insufficient validation of untrusted input in ChromeDriver","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-8000","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8000","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8000","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"dd7e6edc-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00005f2eef08","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-8001","cveTitle":"Chromium: CVE-2026-8001 Use after free in Printing","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-8001","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8001","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8001","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"ef7e6edc-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00005d2eef08","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-8003","cveTitle":"Chromium: CVE-2026-8003 Insufficient validation of untrusted input in TabGroups","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-8003","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8003","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8003","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"157f6edc-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00005c2eef08","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-8002","cveTitle":"Chromium: CVE-2026-8002 Use after free in Audio","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-8002","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8002","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8002","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"037f6edc-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00005b2eef08","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-8005","cveTitle":"Chromium: CVE-2026-8005 Insufficient validation of untrusted input in Cast","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-8005","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8005","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8005","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"397f6edc-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000582eef08","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-8006","cveTitle":"Chromium: CVE-2026-8006 Insufficient policy enforcement in DevTools","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-8006","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8006","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8006","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"4b7f6edc-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00005a2eef08","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-8004","cveTitle":"Chromium: CVE-2026-8004 Insufficient policy enforcement in DevTools","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-8004","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8004","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8004","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"277f6edc-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000592eef08","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-8007","cveTitle":"Chromium: CVE-2026-8007 Insufficient validation of untrusted input in Cast","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-8007","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8007","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8007","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"5e7f6edc-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000562eef08","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-8008","cveTitle":"Chromium: CVE-2026-8008 Inappropriate implementation in DevTools","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-8008","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8008","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8008","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"707f6edc-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000572eef08","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-8009","cveTitle":"Chromium: CVE-2026-8009 Inappropriate implementation in Cast","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-8009","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8009","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8009","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"9bc66ce2-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000c3b94766","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-8010","cveTitle":"Chromium: CVE-2026-8010 Insufficient validation of untrusted input in SiteIsolation","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-8010","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8010","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8010","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"adc66ce2-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000c4b94766","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-8011","cveTitle":"Chromium: CVE-2026-8011 Insufficient policy enforcement in Search","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-8011","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8011","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8011","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"bfc66ce2-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000c1b94766","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-8012","cveTitle":"Chromium: CVE-2026-8012 Inappropriate implementation in MHTML","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-8012","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8012","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8012","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"d1c66ce2-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000c2b94766","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-8013","cveTitle":"Chromium: CVE-2026-8013 Insufficient validation of untrusted input in FedCM","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-8013","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8013","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8013","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"e5c66ce2-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000bdb94766","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-8016","cveTitle":"Chromium: CVE-2026-8016 Use after free in WebRTC","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-8016","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8016","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8016","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"1bc76ce2-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000c0b94766","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-8015","cveTitle":"Chromium: CVE-2026-8015 Inappropriate implementation in Media","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-8015","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8015","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8015","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"09c76ce2-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000bfb94766","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-8014","cveTitle":"Chromium: CVE-2026-8014 Inappropriate implementation in Preload","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-8014","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8014","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8014","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"f7c66ce2-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000beb94766","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-8017","cveTitle":"Chromium: CVE-2026-8017 Side-channel information leakage in Media","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-8017","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8017","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8017","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"2dc76ce2-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000bbb94766","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-8018","cveTitle":"Chromium: CVE-2026-8018 Insufficient policy enforcement in DevTools","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-8018","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8018","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8018","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"41c76ce2-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000bcb94766","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-8019","cveTitle":"Chromium: CVE-2026-8019 Insufficient policy enforcement in WebApp","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-8019","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8019","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8019","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"53c76ce2-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00002645a0c3","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-8022","cveTitle":"Chromium: CVE-2026-8022 Inappropriate implementation in MHTML","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-8022","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8022","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8022","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"57c568e8-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00002945a0c3","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-8021","cveTitle":"Chromium: CVE-2026-8021 Script injection in UI","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026\u00a0) for more information.","mitreText":"CVE-2026-8021","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8021","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100},{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
148.0.3967.5405/07/2026148.0.7778.97
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8021","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"45c568e8-ab49-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000d401cecc","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-26129","cveTitle":"M365 Copilot Information Disclosure Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

Improper neutralization of special elements in M365 Copilot allows an unauthorized attacker to disclose information over a network.

\n","cweList":["CWE-138: Improper Neutralization of Special Elements"],"cweDetailsListForSearch":["cwe: CWE-138: Improper Neutralization of Special Elements","cweUrl: https://cwe.mitre.org/data/definitions/138.html"],"unformattedDescription":"Improper neutralization of special elements in M365 Copilot allows an unauthorized attacker to disclose information over a network.","mitreText":"CVE-2026-26129","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-26129","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":4,"latestSoftwareRelease":"N/A","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"M365 Copilot","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000003,"impact":"Information Disclosure","langCode":"en-US","baseScore":"7.5","temporalScore":"6.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":false,"customerActionRequiredId":2,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-138: Improper Neutralization of Special Elements","https://cwe.mitre.org/data/definitions/138.html"]}],"articles":[{"articleType":"FAQ","description":"

Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?

\n

This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.

\n

Please see Toward greater transparency: Unveiling Cloud Service CVEs for more information.

\n","ordinal":10000},{"title":"M365 Copilot Information Disclosure Vulnerability","articleType":"100000000","description":"

Improper neutralization of special elements in M365 Copilot allows an unauthorized attacker to disclose information over a network.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-26129","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"58f1a487-b10e-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000f9154d8a","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-26164","cveTitle":"M365 Copilot Information Disclosure Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"

Improper neutralization of special elements in output used by a downstream component ('injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.

\n","cweList":["CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')"],"cweDetailsListForSearch":["cwe: CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')","cweUrl: https://cwe.mitre.org/data/definitions/74.html"],"unformattedDescription":"Improper neutralization of special elements in output used by a downstream component ('injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.","mitreText":"CVE-2026-26164","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-26164","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"M365 Copilot","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000003,"impact":"Information Disclosure","langCode":"en-US","baseScore":"7.5","temporalScore":"6.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":false,"customerActionRequiredId":2,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')","https://cwe.mitre.org/data/definitions/74.html"]}],"articles":[{"articleType":"FAQ","description":"

Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?

\n

This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.

\n

Please see Toward greater transparency: Unveiling Cloud Service CVEs for more information.

\n","ordinal":10000},{"title":"M365 Copilot Information Disclosure Vulnerability","articleType":"100000000","description":"

Improper neutralization of special elements in output used by a downstream component ('injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-26164","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"ba62e40b-ce1c-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00001cda91cb","releaseDate":"2026-05-07T01:12:22-07:00","cveNumber":"CVE-2026-33857","cveTitle":"Apache HTTP Server: Off-by-one OOB reads in AJP getter functions","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T14:40:46-07:00","cweList":["CWE-125: Out-of-bounds Read"],"cweDetailsListForSearch":["cwe: CWE-125: Out-of-bounds Read","cweUrl: https://cwe.mitre.org/data/definitions/125.html"],"mitreText":"CVE-2026-33857","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-33857","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"apache","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"5.3","temporalScore":"5.3","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","vectorStringSource":"CISA ADP","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-125: Out-of-bounds Read","https://cwe.mitre.org/data/definitions/125.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-33857","version":1,"revisionDate":"2026-05-07T01:12:22-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"4ed31aca-b149-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-33857","version":2,"revisionDate":"2026-05-15T14:40:46-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c363c20d-6c50-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000d08c262a","releaseDate":"2026-05-07T01:12:14-07:00","cveNumber":"CVE-2026-29168","cveTitle":"Apache HTTP Server: mod_md unrestricted OCSP response","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T14:40:19-07:00","cweList":["CWE-770: Allocation of Resources Without Limits or Throttling"],"cweDetailsListForSearch":["cwe: CWE-770: Allocation of Resources Without Limits or Throttling","cweUrl: https://cwe.mitre.org/data/definitions/770.html"],"mitreText":"CVE-2026-29168","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-29168","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"apache","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"7.3","temporalScore":"7.3","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","vectorStringSource":"CISA ADP","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-770: Allocation of Resources Without Limits or Throttling","https://cwe.mitre.org/data/definitions/770.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-29168","version":1,"revisionDate":"2026-05-07T01:12:14-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ef650ac4-b149-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-29168","version":2,"revisionDate":"2026-05-15T14:40:19-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"8323b6f9-6b50-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00006b01cecc","releaseDate":"2026-05-07T01:12:05-07:00","cveNumber":"CVE-2026-29169","cveTitle":"Apache HTTP Server: mod_dav_lock indirect lock crash","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T14:41:13-07:00","cweList":["CWE-476: NULL Pointer Dereference"],"cweDetailsListForSearch":["cwe: CWE-476: NULL Pointer Dereference","cweUrl: https://cwe.mitre.org/data/definitions/476.html"],"mitreText":"CVE-2026-29169","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-29169","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"apache","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"7.5","temporalScore":"7.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","vectorStringSource":"CISA ADP","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-476: NULL Pointer Dereference","https://cwe.mitre.org/data/definitions/476.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-29169","version":2,"revisionDate":"2026-05-15T14:41:13-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ee73e119-6c50-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-29169","version":1,"revisionDate":"2026-05-07T01:12:05-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"66ec51c3-b149-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000499ae10e","releaseDate":"2026-05-07T01:11:57-07:00","cveNumber":"CVE-2026-33007","cveTitle":"Apache HTTP Server: mod_authn_socache crash","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T14:41:06-07:00","cweList":["CWE-476: NULL Pointer Dereference"],"cweDetailsListForSearch":["cwe: CWE-476: NULL Pointer Dereference","cweUrl: https://cwe.mitre.org/data/definitions/476.html"],"mitreText":"CVE-2026-33007","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-33007","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"apache","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"5.3","temporalScore":"5.3","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","vectorStringSource":"CISA ADP","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-476: NULL Pointer Dereference","https://cwe.mitre.org/data/definitions/476.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-33007","version":1,"revisionDate":"2026-05-07T01:11:57-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b93266bd-b149-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-33007","version":2,"revisionDate":"2026-05-15T14:41:06-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e073e119-6c50-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000ae253a6c","releaseDate":"2026-05-07T01:11:49-07:00","cveNumber":"CVE-2026-33006","cveTitle":"Apache HTTP Server: mod_auth_digest timing attack","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T14:40:59-07:00","cweList":["CWE-208: Observable Timing Discrepancy"],"cweDetailsListForSearch":["cwe: CWE-208: Observable Timing Discrepancy","cweUrl: https://cwe.mitre.org/data/definitions/208.html"],"mitreText":"CVE-2026-33006","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-33006","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"apache","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-208: Observable Timing Discrepancy","https://cwe.mitre.org/data/definitions/208.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-33006","version":1,"revisionDate":"2026-05-07T01:11:49-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"2d996cb7-b149-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-33006","version":2,"revisionDate":"2026-05-15T14:40:59-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"53d3c713-6c50-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00009500adfb","releaseDate":"2026-05-07T01:11:41-07:00","cveNumber":"CVE-2026-24072","cveTitle":"Apache HTTP Server: mod_rewrite elevation of privileges via ap_expr","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T14:40:26-07:00","cweList":["CWE-269: Improper Privilege Management"],"cweDetailsListForSearch":["cwe: CWE-269: Improper Privilege Management","cweUrl: https://cwe.mitre.org/data/definitions/269.html"],"mitreText":"CVE-2026-24072","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-24072","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"apache","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-269: Improper Privilege Management","https://cwe.mitre.org/data/definitions/269.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-24072","version":1,"revisionDate":"2026-05-07T01:11:41-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"035864b1-b149-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-24072","version":2,"revisionDate":"2026-05-15T14:40:26-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"78e04501-6c50-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000f6f7d7f6","releaseDate":"2026-05-07T01:11:33-07:00","cveNumber":"CVE-2026-34032","cveTitle":"Apache HTTP Server: mod_proxy_ajp: Heap Buffer Over-Read Due to Missing Null-Termination Check (ajp_msg_get_string)","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T14:40:53-07:00","cweList":["CWE-170: Improper Null Termination"],"cweDetailsListForSearch":["cwe: CWE-170: Improper Null Termination","cweUrl: https://cwe.mitre.org/data/definitions/170.html"],"mitreText":"CVE-2026-34032","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-34032","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"apache","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"5.3","temporalScore":"5.3","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","vectorStringSource":"CISA ADP","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-170: Improper Null Termination","https://cwe.mitre.org/data/definitions/170.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-34032","version":1,"revisionDate":"2026-05-07T01:11:33-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"54cd2aab-b149-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-34032","version":2,"revisionDate":"2026-05-15T14:40:53-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"cf63c20d-6c50-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-000039286c69","releaseDate":"2026-05-07T01:11:25-07:00","cveNumber":"CVE-2026-34059","cveTitle":"Apache HTTP Server: mod_proxy_ajp: Heap Over-Read and memory disclosure in ajp_parse_data()","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T14:40:33-07:00","cweList":["CWE-126: Buffer Over-read"],"cweDetailsListForSearch":["cwe: CWE-126: Buffer Over-read","cweUrl: https://cwe.mitre.org/data/definitions/126.html"],"mitreText":"CVE-2026-34059","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-34059","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"apache","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"7.5","temporalScore":"7.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","vectorStringSource":"CISA ADP","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-126: Buffer Over-read","https://cwe.mitre.org/data/definitions/126.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-34059","version":1,"revisionDate":"2026-05-07T01:11:25-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"1bcd2aab-b149-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-34059","version":2,"revisionDate":"2026-05-15T14:40:33-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"5c4c8307-6c50-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000c3835fbc","releaseDate":"2026-05-07T01:11:17-07:00","cveNumber":"CVE-2026-23918","cveTitle":"Apache HTTP Server: http2: double free and possible RCE on early reset","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T14:40:39-07:00","cweList":["CWE-415: Double Free"],"cweDetailsListForSearch":["cwe: CWE-415: Double Free","cweUrl: https://cwe.mitre.org/data/definitions/415.html"],"mitreText":"CVE-2026-23918","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-23918","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"apache","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"8.8","temporalScore":"8.8","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","vectorStringSource":"CISA ADP","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-415: Double Free","https://cwe.mitre.org/data/definitions/415.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-23918","version":1,"revisionDate":"2026-05-07T01:11:17-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"91fd2fa5-b149-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-23918","version":2,"revisionDate":"2026-05-15T14:40:39-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"6d4c8307-6c50-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000d04491c3","releaseDate":"2026-05-07T01:11:09-07:00","cveNumber":"CVE-2026-33523","cveTitle":"Apache HTTP Server: multiple modules: HTTP response splitting forwarding malicious status line","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T14:41:20-07:00","cweList":["CWE-443: DEPRECATED: HTTP response splitting"],"cweDetailsListForSearch":["cwe: CWE-443: DEPRECATED: HTTP response splitting","cweUrl: https://cwe.mitre.org/data/definitions/443.html"],"mitreText":"CVE-2026-33523","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-33523","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"apache","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"6.5","temporalScore":"6.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","vectorStringSource":"CISA ADP","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-443: DEPRECATED: HTTP response splitting","https://cwe.mitre.org/data/definitions/443.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-33523","version":1,"revisionDate":"2026-05-07T01:11:09-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c57b139f-b149-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-33523","version":2,"revisionDate":"2026-05-15T14:41:20-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"2996bb20-6c50-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000e7f04286","releaseDate":"2026-05-07T01:10:44-07:00","cveNumber":"CVE-2026-33845","cveTitle":"Gnutls: gnutls: denial of service via dtls zero-length fragment","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-17T14:48:30-07:00","cweList":["CWE-191: Integer Underflow (Wrap or Wraparound)"],"cweDetailsListForSearch":["cwe: CWE-191: Integer Underflow (Wrap or Wraparound)","cweUrl: https://cwe.mitre.org/data/definitions/191.html"],"mitreText":"CVE-2026-33845","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-33845","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"redhat","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"7.5","temporalScore":"7.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","vectorStringSource":"redhat","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-191: Integer Underflow (Wrap or Wraparound)","https://cwe.mitre.org/data/definitions/191.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-33845","version":1,"revisionDate":"2026-05-07T01:10:44-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"8f8adc8c-b149-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-33845","version":2,"revisionDate":"2026-05-17T14:48:30-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"8851b976-ff51-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000d83fc91f","releaseDate":"2026-05-07T01:09:22-07:00","cveNumber":"CVE-2026-43267","cveTitle":"wifi: rtw89: fix potential zero beacon interval in beacon tracking","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-19T01:46:19-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-43267","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-43267","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-43267","version":1,"revisionDate":"2026-05-07T01:09:22-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"56697a5c-b149-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-43267","version":2,"revisionDate":"2026-05-07T14:42:12-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"5c1f7fec-224a-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-43267","version":3,"revisionDate":"2026-05-09T14:39:34-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"537c4de2-b44b-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-43267","version":4,"revisionDate":"2026-05-19T01:46:19-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"63486986-2453-f111-939d-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000ad9dbf07","releaseDate":"2026-05-07T01:09:06-07:00","cveNumber":"CVE-2026-43228","cveTitle":"hfs: Replace BUG_ON with error handling for CNID count checks","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-19T01:46:13-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-43228","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-43228","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-43228","version":1,"revisionDate":"2026-05-07T01:09:06-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"60537756-b149-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-43228","version":3,"revisionDate":"2026-05-09T14:39:28-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"467c4de2-b44b-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-43228","version":4,"revisionDate":"2026-05-19T01:46:13-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"9e7f607f-2453-f111-939d-000d3ac5fb71"},{"cveNumber":"CVE-2026-43228","version":2,"revisionDate":"2026-05-07T14:41:57-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"016c30e3-224a-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00000c21826d","releaseDate":"2026-05-07T01:08:49-07:00","cveNumber":"CVE-2026-43195","cveTitle":"drm/amdgpu: validate user queue size constraints","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-09T14:39:21-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-43195","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-43195","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-43195","version":3,"revisionDate":"2026-05-09T14:39:21-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"03d543dc-b44b-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-43195","version":1,"revisionDate":"2026-05-07T01:08:49-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"763ab34a-b149-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-43195","version":1.1,"revisionDate":"2026-05-07T14:41:41-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"96a103dc-224a-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-43195","version":2,"revisionDate":"2026-05-08T01:39:28-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"4d20fdbf-7e4a-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00001321826d","releaseDate":"2026-05-07T01:08:39-07:00","cveNumber":"CVE-2026-43165","cveTitle":"hwmon: (nct7363) Fix a resource leak in nct7363_present_pwm_fanin","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-09T14:39:15-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-43165","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-43165","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-43165","version":1,"revisionDate":"2026-05-07T01:08:39-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c06d5b44-b149-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-43165","version":2,"revisionDate":"2026-05-07T14:41:36-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"ef58efd9-224a-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-43165","version":3,"revisionDate":"2026-05-09T14:39:15-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"9203ecd4-b44b-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00003884dc4f","releaseDate":"2026-05-07T01:08:28-07:00","cveNumber":"CVE-2026-43201","cveTitle":"APEI/GHES: ARM processor Error: don't go past allocated memory","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-09T14:39:08-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-43201","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-43201","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-43201","version":1,"revisionDate":"2026-05-07T01:08:28-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"bfdd2b3e-b149-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-43201","version":2,"revisionDate":"2026-05-09T14:39:08-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"8503ecd4-b44b-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000db3fc91f","releaseDate":"2026-05-07T01:08:23-07:00","cveNumber":"CVE-2026-43237","cveTitle":"drm/amdgpu: Refactor amdgpu_gem_va_ioctl for Handling Last Fence Update and Timeline Management v4","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-09T14:39:01-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-43237","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-43237","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-43237","version":1,"revisionDate":"2026-05-07T01:08:23-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"84dd2b3e-b149-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-43237","version":3,"revisionDate":"2026-05-09T14:39:01-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e90db7ce-b44b-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-43237","version":2,"revisionDate":"2026-05-07T14:41:27-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"98183ad4-224a-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000980a6242","releaseDate":"2026-05-07T01:08:12-07:00","cveNumber":"CVE-2025-71294","cveTitle":"drm/amdgpu: fix NULL pointer issue buffer funcs","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-09T14:38:55-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2025-71294","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2025-71294","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2025-71294","version":1,"revisionDate":"2026-05-07T01:08:12-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"705d3538-b149-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2025-71294","version":3,"revisionDate":"2026-05-09T14:38:55-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"dc0db7ce-b44b-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2025-71294","version":2,"revisionDate":"2026-05-07T14:41:16-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"14bc40ce-224a-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00006a6d2b95","releaseDate":"2026-05-07T01:08:07-07:00","cveNumber":"CVE-2026-43243","cveTitle":"drm/amd/display: Add signal type check for dcn401 get_phyd32clk_src","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-09T14:38:48-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-43243","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-43243","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-43243","version":1,"revisionDate":"2026-05-07T01:08:07-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"047f3b32-b149-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-43243","version":2,"revisionDate":"2026-05-07T14:41:11-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"6ec737cb-224a-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-43243","version":3,"revisionDate":"2026-05-09T14:38:48-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d560a9c8-b44b-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000a04ee4e2","releaseDate":"2026-05-07T01:07:44-07:00","cveNumber":"CVE-2026-43191","cveTitle":"drm/amd/display: Adjust PHY FSM transition to TX_EN-to-PLL_ON for TMDS on DCN35","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-09T14:38:41-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-43191","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-43191","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-43191","version":1,"revisionDate":"2026-05-07T01:07:44-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"9134f525-b149-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-43191","version":3,"revisionDate":"2026-05-09T14:38:41-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c59415c2-b44b-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-43191","version":2,"revisionDate":"2026-05-07T14:40:51-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"4e60fbbb-224a-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00003ccb217d","releaseDate":"2026-05-07T01:07:34-07:00","cveNumber":"CVE-2026-43274","cveTitle":"mailbox: mchp-ipc-sbi: fix out-of-bounds access in mchp_ipc_get_cluster_aggr_irq()","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-09T14:38:35-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-43274","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-43274","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-43274","version":1,"revisionDate":"2026-05-07T01:07:34-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"8b6fd91f-b149-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-43274","version":1.1,"revisionDate":"2026-05-07T14:40:41-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"0755f2b5-224a-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-43274","version":3,"revisionDate":"2026-05-09T14:38:35-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b79415c2-b44b-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-43274","version":2,"revisionDate":"2026-05-08T01:44:07-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"83449d67-7f4a-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000c7ac6b5a","releaseDate":"2026-05-07T01:06:24-07:00","cveNumber":"CVE-2025-71293","cveTitle":"drm/amdgpu/ras: Move ras data alloc before bad page check","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-09T14:38:28-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2025-71293","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2025-71293","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2025-71293","version":1,"revisionDate":"2026-05-07T01:06:24-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e3bbb3f5-b049-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2025-71293","version":2,"revisionDate":"2026-05-09T14:38:28-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"9731d3bb-b44b-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00002c38c4b7","releaseDate":"2026-05-07T01:05:55-07:00","cveNumber":"CVE-2025-71290","cveTitle":"misc: ti_fpc202: fix a potential memory leak in probe function","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-09T14:38:22-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2025-71290","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2025-71290","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2025-71290","version":1,"revisionDate":"2026-05-07T01:05:55-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"471166e3-b049-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2025-71290","version":3,"revisionDate":"2026-05-09T14:38:22-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"bf046db5-b44b-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2025-71290","version":2,"revisionDate":"2026-05-07T14:39:41-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"b0ba6994-224a-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000041c38b85","releaseDate":"2026-05-07T01:04:19-07:00","cveNumber":"CVE-2026-43176","cveTitle":"wifi: rtw89: pci: validate release report content before using for RTL8922DE","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-19T01:45:24-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-43176","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-43176","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-43176","version":1,"revisionDate":"2026-05-07T01:04:19-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"6d4182ac-b049-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-43176","version":3,"revisionDate":"2026-05-09T14:38:15-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"9d046db5-b44b-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-43176","version":4,"revisionDate":"2026-05-19T01:45:24-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"91c65d65-2453-f111-939d-000d3ac5fb71"},{"cveNumber":"CVE-2026-43176","version":2,"revisionDate":"2026-05-07T14:39:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"fbfb0279-224a-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000096acdaca","releaseDate":"2026-05-07T01:03:58-07:00","cveNumber":"CVE-2026-42154","cveTitle":"Prometheus: remote read endpoint allows denial of service via crafted snappy payload","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T14:41:52-07:00","cweList":["CWE-400: Uncontrolled Resource Consumption"],"cweDetailsListForSearch":["cwe: CWE-400: Uncontrolled Resource Consumption","cweUrl: https://cwe.mitre.org/data/definitions/400.html"],"mitreText":"CVE-2026-42154","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-42154","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"GitHub_M","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"7.5","temporalScore":"7.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","vectorStringSource":"GitHub_M","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-400: Uncontrolled Resource Consumption","https://cwe.mitre.org/data/definitions/400.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-42154","version":1,"revisionDate":"2026-05-07T01:03:58-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"6751e69f-b049-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-42154","version":2,"revisionDate":"2026-05-13T01:05:57-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"723991e2-674e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-42154","version":3,"revisionDate":"2026-05-15T14:41:52-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"5fd9b634-6c50-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000ad5d5431","releaseDate":"2026-05-07T01:02:56-07:00","cveNumber":"CVE-2026-32934","cveTitle":"CoreDNS DNS-over-QUIC unbounded goroutine growth leads to denial of service","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T14:40:12-07:00","cweList":["CWE-770: Allocation of Resources Without Limits or Throttling"],"cweDetailsListForSearch":["cwe: CWE-770: Allocation of Resources Without Limits or Throttling","cweUrl: https://cwe.mitre.org/data/definitions/770.html"],"mitreText":"CVE-2026-32934","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32934","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"GitHub_M","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-770: Allocation of Resources Without Limits or Throttling","https://cwe.mitre.org/data/definitions/770.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-32934","version":1,"revisionDate":"2026-05-07T01:02:56-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"1878267b-b049-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-32934","version":2,"revisionDate":"2026-05-15T14:40:12-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"7523b6f9-6b50-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000e346a376","releaseDate":"2026-05-07T01:02:48-07:00","cveNumber":"CVE-2026-32936","cveTitle":"CoreDNS DoH GET path missing size validation causes CPU and memory amplification","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T14:40:06-07:00","cweList":["CWE-400: Uncontrolled Resource Consumption"],"cweDetailsListForSearch":["cwe: CWE-400: Uncontrolled Resource Consumption","cweUrl: https://cwe.mitre.org/data/definitions/400.html"],"mitreText":"CVE-2026-32936","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32936","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"GitHub_M","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-400: Uncontrolled Resource Consumption","https://cwe.mitre.org/data/definitions/400.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-32936","version":1,"revisionDate":"2026-05-07T01:02:48-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c8d41975-b049-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-32936","version":2,"revisionDate":"2026-05-15T14:40:06-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"42f074f3-6b50-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00006308148b","releaseDate":"2026-05-07T01:02:40-07:00","cveNumber":"CVE-2026-33489","cveTitle":"CoreDNS transfer plugin subzone ACL bypass via lexicographic zone comparison","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T14:39:59-07:00","cweList":["CWE-863: Incorrect Authorization"],"cweDetailsListForSearch":["cwe: CWE-863: Incorrect Authorization","cweUrl: https://cwe.mitre.org/data/definitions/863.html"],"mitreText":"CVE-2026-33489","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-33489","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"GitHub_M","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-863: Incorrect Authorization","https://cwe.mitre.org/data/definitions/863.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-33489","version":1,"revisionDate":"2026-05-07T01:02:40-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"284f0f6f-b049-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-33489","version":2,"revisionDate":"2026-05-15T14:39:59-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"34f074f3-6b50-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-000016f041ff","releaseDate":"2026-05-07T01:02:32-07:00","cveNumber":"CVE-2026-33190","cveTitle":"CoreDNS TSIG authentication bypass on encrypted DNS transports","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T14:39:52-07:00","cweList":["CWE-303: Incorrect Implementation of Authentication Algorithm"],"cweDetailsListForSearch":["cwe: CWE-303: Incorrect Implementation of Authentication Algorithm","cweUrl: https://cwe.mitre.org/data/definitions/303.html"],"mitreText":"CVE-2026-33190","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-33190","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"GitHub_M","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-303: Incorrect Implementation of Authentication Algorithm","https://cwe.mitre.org/data/definitions/303.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-33190","version":1,"revisionDate":"2026-05-07T01:02:32-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"114ef868-b049-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-33190","version":2,"revisionDate":"2026-05-15T14:39:52-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"27d73aed-6b50-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000b41ec545","releaseDate":"2026-05-05T01:03:04-07:00","cveNumber":"CVE-2026-37457","cveTitle":"An off-by-one out-of-bounds write vulnerability in the bgp_flowspec_op_decode() function (bgpd/bgp_flowspec_util.c) of FRRouting (FRR) stable/10.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted FlowSpec component.","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-08T01:42:40-07:00","cweList":["CWE-787: Out-of-bounds Write"],"cweDetailsListForSearch":["cwe: CWE-787: Out-of-bounds Write","cweUrl: https://cwe.mitre.org/data/definitions/787.html"],"mitreText":"CVE-2026-37457","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-37457","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"mitre","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"7.5","temporalScore":"7.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","vectorStringSource":"CISA ADP","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-787: Out-of-bounds Write","https://cwe.mitre.org/data/definitions/787.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-37457","version":1,"revisionDate":"2026-05-05T01:03:04-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"778fcc2b-1e48-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-37457","version":2,"revisionDate":"2026-05-06T14:49:30-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"68454dca-5a49-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-37457","version":3,"revisionDate":"2026-05-08T01:42:40-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"377f4a31-7f4a-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000007905809","releaseDate":"2026-05-03T01:02:51-07:00","cveNumber":"CVE-2026-6843","cveTitle":"Nano: nano: format string vulnerability leads to denial of service","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-08T01:42:31-07:00","cweList":["CWE-134: Use of Externally-Controlled Format String"],"cweDetailsListForSearch":["cwe: CWE-134: Use of Externally-Controlled Format String","cweUrl: https://cwe.mitre.org/data/definitions/134.html"],"mitreText":"CVE-2026-6843","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-6843","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"redhat","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"5.5","temporalScore":"5.5","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","vectorStringSource":"redhat","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-134: Use of Externally-Controlled Format String","https://cwe.mitre.org/data/definitions/134.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-6843","version":1,"revisionDate":"2026-05-03T01:02:51-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"fd9f6acb-8b46-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-6843","version":2,"revisionDate":"2026-05-04T14:42:18-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"6afad56e-c747-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-6843","version":3,"revisionDate":"2026-05-08T01:42:31-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"2939b328-7f4a-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000006905809","releaseDate":"2026-05-03T01:02:43-07:00","cveNumber":"CVE-2026-6842","cveTitle":"Nano: nano: local attacker can inject malicious .desktop launcher due to insecure directory permissions","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-08T01:42:25-07:00","cweList":["CWE-732: Incorrect Permission Assignment for Critical Resource"],"cweDetailsListForSearch":["cwe: CWE-732: Incorrect Permission Assignment for Critical Resource","cweUrl: https://cwe.mitre.org/data/definitions/732.html"],"mitreText":"CVE-2026-6842","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-6842","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"redhat","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"2.5","temporalScore":"2.5","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N","vectorStringSource":"redhat","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-732: Incorrect Permission Assignment for Critical Resource","https://cwe.mitre.org/data/definitions/732.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-6842","version":2,"revisionDate":"2026-05-05T01:42:03-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d495a398-2348-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-6842","version":1,"revisionDate":"2026-05-03T01:02:43-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ee28fec7-8b46-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-6842","version":3,"revisionDate":"2026-05-08T01:42:25-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"1c39b328-7f4a-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000082e8ab07","releaseDate":"2026-05-03T01:02:35-07:00","cveNumber":"CVE-2026-30656","cveTitle":"A NULL pointer dereference vulnerability exists in fio (Flexible I/O Tester) v3.41 when parsing job files containing the fdp_pli option. The callback function str_fdp_pli_cb() does not validate the input pointer and calls strdup() on a NULL value when the option is specified without an argument. This results in a segmentation fault and process crash.","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T14:39:08-07:00","cweList":["CWE-476: NULL Pointer Dereference"],"cweDetailsListForSearch":["cwe: CWE-476: NULL Pointer Dereference","cweUrl: https://cwe.mitre.org/data/definitions/476.html"],"mitreText":"CVE-2026-30656","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-30656","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"mitre","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"7.5","temporalScore":"7.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","vectorStringSource":"CISA ADP","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-476: NULL Pointer Dereference","https://cwe.mitre.org/data/definitions/476.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-30656","version":2,"revisionDate":"2026-05-04T14:42:08-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b0cc196b-c747-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-30656","version":3,"revisionDate":"2026-05-15T14:39:08-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"2e4a66d2-6b50-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-30656","version":1,"revisionDate":"2026-05-03T01:02:35-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ee309ac1-8b46-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000002905809","releaseDate":"2026-05-03T01:02:05-07:00","cveNumber":"CVE-2026-6846","cveTitle":"Binutils: binutils: arbitrary code execution via malformed xcoff object file processing","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T14:39:01-07:00","cweList":["CWE-122: Heap-based Buffer Overflow"],"cweDetailsListForSearch":["cwe: CWE-122: Heap-based Buffer Overflow","cweUrl: https://cwe.mitre.org/data/definitions/122.html"],"mitreText":"CVE-2026-6846","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-6846","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"redhat","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"7.8","temporalScore":"7.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","vectorStringSource":"redhat","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-122: Heap-based Buffer Overflow","https://cwe.mitre.org/data/definitions/122.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-6846","version":2,"revisionDate":"2026-05-04T14:42:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"9bbd1f65-c747-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-6846","version":3,"revisionDate":"2026-05-15T14:39:01-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"208d60cc-6b50-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-6846","version":1,"revisionDate":"2026-05-03T01:02:05-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"63fb39ae-8b46-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00009cadebf6","releaseDate":"2026-05-03T01:01:44-07:00","cveNumber":"CVE-2026-43058","cveTitle":"media: vidtv: fix pass-by-value structs causing MSAN warnings","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-19T01:42:25-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-43058","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-43058","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-43058","version":2,"revisionDate":"2026-05-04T14:41:37-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"8b112159-c747-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-43058","version":4,"revisionDate":"2026-05-19T01:42:25-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"60944ffb-2353-f111-939d-000d3ac5fb71"},{"cveNumber":"CVE-2026-43058","version":1,"revisionDate":"2026-05-03T01:01:44-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a623a8a1-8b46-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-43058","version":3,"revisionDate":"2026-05-06T14:48:50-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"224bafaf-5a49-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000031f6e4e8","releaseDate":"2026-05-03T01:01:24-07:00","cveNumber":"CVE-2026-7598","cveTitle":"libssh2 userauth.c userauth_password integer overflow","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-19T01:44:45-07:00","cweList":["CWE-190: Integer Overflow or Wraparound"],"cweDetailsListForSearch":["cwe: CWE-190: Integer Overflow or Wraparound","cweUrl: https://cwe.mitre.org/data/definitions/190.html"],"mitreText":"CVE-2026-7598","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-7598","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"VulDB","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"7.3","temporalScore":"7.0","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C","vectorStringSource":"VulDB","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-190: Integer Overflow or Wraparound","https://cwe.mitre.org/data/definitions/190.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-7598","version":2,"revisionDate":"2026-05-04T14:41:20-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"096f3b4c-c747-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-7598","version":3,"revisionDate":"2026-05-05T01:03:22-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"66df3134-1e48-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-7598","version":6,"revisionDate":"2026-05-19T01:44:45-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"0e55324b-2453-f111-939d-000d3ac5fb71"},{"cveNumber":"CVE-2026-7598","version":1,"revisionDate":"2026-05-03T01:01:24-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"afb93d9a-8b46-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-7598","version":4,"revisionDate":"2026-05-06T01:42:35-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"230af9d8-ec48-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-7598","version":5,"revisionDate":"2026-05-06T14:48:35-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"7642a9a9-5a49-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00006be01510","releaseDate":"2026-05-02T01:04:59-07:00","cveNumber":"CVE-2026-31700","cveTitle":"net/packet: fix TOCTOU race on mmap'd vnet_hdr in tpacket_snd()","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-04T14:41:14-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31700","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31700","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31700","version":1,"revisionDate":"2026-05-02T01:04:59-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"cccea4ec-c245-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31700","version":2.1,"revisionDate":"2026-05-04T14:41:14-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"026f3b4c-c747-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31700","version":2,"revisionDate":"2026-05-02T14:41:31-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"087ea602-3546-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000043855125","releaseDate":"2026-05-02T01:04:53-07:00","cveNumber":"CVE-2026-31708","cveTitle":"smb: client: fix OOB read in smb2_ioctl_query_info QUERY_INFO path","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-04T14:41:08-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31708","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31708","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31708","version":1,"revisionDate":"2026-05-02T01:04:53-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"becea4ec-c245-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31708","version":2,"revisionDate":"2026-05-02T14:41:24-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"1817f2fc-3446-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31708","version":2.1,"revisionDate":"2026-05-04T14:41:08-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"fbd53e44-c747-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-000035f7c6ca","releaseDate":"2026-05-02T01:04:48-07:00","cveNumber":"CVE-2026-31702","cveTitle":"f2fs: fix use-after-free of sbi in f2fs_compress_write_end_io()","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-19T01:42:17-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31702","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31702","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31702","version":1,"revisionDate":"2026-05-02T01:04:48-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"5cad4ae6-c245-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31702","version":2.1,"revisionDate":"2026-05-04T14:41:01-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ced53e44-c747-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31702","version":3,"revisionDate":"2026-05-19T01:42:17-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d78399f4-2353-f111-939d-000d3ac5fb71"},{"cveNumber":"CVE-2026-31702","version":2,"revisionDate":"2026-05-02T14:41:17-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ed53edf8-3446-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000d7b2b39a","releaseDate":"2026-05-02T01:04:42-07:00","cveNumber":"CVE-2026-31704","cveTitle":"ksmbd: use check_add_overflow() to prevent u16 DACL size overflow","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-19T01:42:08-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31704","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31704","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31704","version":1,"revisionDate":"2026-05-02T01:04:42-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"4cad4ae6-c245-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31704","version":2,"revisionDate":"2026-05-02T14:41:10-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"2a2277f6-3446-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31704","version":2.1,"revisionDate":"2026-05-04T14:40:55-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"de61203e-c747-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31704","version":3,"revisionDate":"2026-05-19T01:42:08-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"0f1a9aee-2353-f111-939d-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000ffa398d7","releaseDate":"2026-05-02T01:04:37-07:00","cveNumber":"CVE-2026-31698","cveTitle":"crypto: ccp: Don't attempt to copy PDH cert to userspace if PSP command failed","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-04T14:40:49-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31698","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31698","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31698","version":1,"revisionDate":"2026-05-02T01:04:37-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"287cb8df-c245-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31698","version":2.1,"revisionDate":"2026-05-04T14:40:49-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"cd61203e-c747-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31698","version":2,"revisionDate":"2026-05-02T14:41:04-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"722998f2-3446-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00005de8ab07","releaseDate":"2026-05-02T01:04:32-07:00","cveNumber":"CVE-2026-31696","cveTitle":"rxrpc: Fix missing validation of ticket length in non-XDR key preparsing","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-04T14:40:43-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31696","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31696","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31696","version":1,"revisionDate":"2026-05-02T01:04:32-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"187cb8df-c245-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31696","version":2.1,"revisionDate":"2026-05-04T14:40:43-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"9ccaa937-c747-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31696","version":2,"revisionDate":"2026-05-02T14:40:57-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"57952fec-3446-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000f9aab9f9","releaseDate":"2026-05-02T01:04:26-07:00","cveNumber":"CVE-2026-43033","cveTitle":"crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-04T14:40:36-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-43033","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-43033","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-43033","version":1,"revisionDate":"2026-05-02T01:04:26-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b2c234d9-c245-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-43033","version":2,"revisionDate":"2026-05-02T14:40:50-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"51ca60ea-3446-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-43033","version":2.1,"revisionDate":"2026-05-04T14:40:36-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"33b1a031-c747-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00003c3e0cf8","releaseDate":"2026-05-02T01:04:21-07:00","cveNumber":"CVE-2026-31705","cveTitle":"ksmbd: fix out-of-bounds write in smb2_get_ea() EA alignment","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-04T14:40:30-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31705","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31705","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31705","version":1,"revisionDate":"2026-05-02T01:04:21-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a8c234d9-c245-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31705","version":2,"revisionDate":"2026-05-02T14:40:43-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e46538e4-3446-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31705","version":2.1,"revisionDate":"2026-05-04T14:40:30-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"2bb1a031-c747-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-000093d1fa4c","releaseDate":"2026-05-02T01:04:15-07:00","cveNumber":"CVE-2026-31694","cveTitle":"fuse: reject oversized dirents in page cache","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-04T14:40:23-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31694","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31694","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31694","version":1,"revisionDate":"2026-05-02T01:04:15-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a6dcf3d2-c245-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31694","version":2.1,"revisionDate":"2026-05-04T14:40:23-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"7989312b-c747-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31694","version":2,"revisionDate":"2026-05-02T14:40:37-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"0f4169de-3446-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00009a18407a","releaseDate":"2026-05-02T01:04:10-07:00","cveNumber":"CVE-2026-31699","cveTitle":"crypto: ccp: Don't attempt to copy CSR to userspace if PSP command failed","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-04T14:40:17-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31699","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31699","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31699","version":1,"revisionDate":"2026-05-02T01:04:10-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"97dcf3d2-c245-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31699","version":2.1,"revisionDate":"2026-05-04T14:40:17-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"7289312b-c747-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31699","version":2,"revisionDate":"2026-05-02T14:40:30-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"084169de-3446-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000cf6b6e6d","releaseDate":"2026-05-02T01:04:04-07:00","cveNumber":"CVE-2026-31711","cveTitle":"smb: server: fix active_num_conn leak on transport allocation failure","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-04T14:40:11-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31711","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31711","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31711","version":1,"revisionDate":"2026-05-02T01:04:04-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"8dc053cc-c245-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31711","version":2.1,"revisionDate":"2026-05-04T14:40:11-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"9ef5f324-c747-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31711","version":2,"revisionDate":"2026-05-02T14:40:23-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"9d3d6dd8-3446-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000ce6b6e6d","releaseDate":"2026-05-02T01:03:59-07:00","cveNumber":"CVE-2026-31721","cveTitle":"usb: gadget: f_hid: move list and spinlock inits from bind to alloc","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-19T01:41:59-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31721","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31721","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31721","version":1,"revisionDate":"2026-05-02T01:03:59-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"7cc053cc-c245-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31721","version":2,"revisionDate":"2026-05-02T14:40:16-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"494f49d6-3446-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31721","version":2.1,"revisionDate":"2026-05-04T14:40:05-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"5db0fb1e-c747-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31721","version":3,"revisionDate":"2026-05-19T01:41:59-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"011a9aee-2353-f111-939d-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000f85c53aa","releaseDate":"2026-05-02T01:03:53-07:00","cveNumber":"CVE-2026-31697","cveTitle":"crypto: ccp: Don't attempt to copy ID to userspace if PSP command failed","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-04T14:39:59-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31697","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31697","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31697","version":1,"revisionDate":"2026-05-02T01:03:53-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c3fa3cc5-c245-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31697","version":2.1,"revisionDate":"2026-05-04T14:39:59-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"3eb0fb1e-c747-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31697","version":2,"revisionDate":"2026-05-02T14:40:09-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"657750d2-3446-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000066b1e17b","releaseDate":"2026-05-02T01:01:30-07:00","cveNumber":"CVE-2026-28532","cveTitle":"FRRouting < 10.5.3 Integer Overflow in OSPF TLV Parser Functions","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-06T14:44:52-07:00","cweList":["CWE-190: Integer Overflow or Wraparound"],"cweDetailsListForSearch":["cwe: CWE-190: Integer Overflow or Wraparound","cweUrl: https://cwe.mitre.org/data/definitions/190.html"],"mitreText":"CVE-2026-28532","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-28532","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"VulnCheck","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"6.5","temporalScore":"6.5","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","vectorStringSource":"VulnCheck","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-190: Integer Overflow or Wraparound","https://cwe.mitre.org/data/definitions/190.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-28532","version":1,"revisionDate":"2026-05-02T01:01:30-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"11e09a73-c245-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-28532","version":3,"revisionDate":"2026-05-05T01:02:55-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ef8fca26-1e48-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-28532","version":2,"revisionDate":"2026-05-04T14:37:52-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b59135d2-c647-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-28532","version":4,"revisionDate":"2026-05-06T14:44:52-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"435ba724-5a49-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000e79f84f8","releaseDate":"2026-05-02T01:01:24-07:00","cveNumber":"CVE-2026-4948","cveTitle":"Firewalld: firewalld: local unprivileged user can modify firewall state due to d-bus setter mis-authorization","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-09T01:39:08-07:00","cweList":["CWE-279: Incorrect Execution-Assigned Permissions"],"cweDetailsListForSearch":["cwe: CWE-279: Incorrect Execution-Assigned Permissions","cweUrl: https://cwe.mitre.org/data/definitions/279.html"],"mitreText":"CVE-2026-4948","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-4948","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"redhat","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"5.5","temporalScore":"5.5","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","vectorStringSource":"redhat","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-279: Incorrect Execution-Assigned Permissions","https://cwe.mitre.org/data/definitions/279.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-4948","version":1,"revisionDate":"2026-05-02T01:01:24-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"56642b6d-c245-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-4948","version":2,"revisionDate":"2026-05-09T01:39:08-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"55f641de-474b-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00001886fd20","releaseDate":"2026-05-01T01:03:54-07:00","cveNumber":"CVE-2026-40356","cveTitle":"In MIT Kerberos 5 (aka krb5) before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly causing the process to terminate in parse_message.","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-11T14:42:40-07:00","cweList":["CWE-191: Integer Underflow (Wrap or Wraparound)"],"cweDetailsListForSearch":["cwe: CWE-191: Integer Underflow (Wrap or Wraparound)","cweUrl: https://cwe.mitre.org/data/definitions/191.html"],"mitreText":"CVE-2026-40356","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-40356","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"mitre","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"5.9","temporalScore":"5.9","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","vectorStringSource":"mitre","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-191: Integer Underflow (Wrap or Wraparound)","https://cwe.mitre.org/data/definitions/191.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-40356","version":2,"revisionDate":"2026-05-11T14:42:40-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d75cf5aa-474d-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-40356","version":1,"revisionDate":"2026-05-01T01:03:54-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"020ea69b-f944-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00007d11567e","releaseDate":"2026-05-01T01:03:46-07:00","cveNumber":"CVE-2026-40355","cveTitle":"In MIT Kerberos 5 (aka krb5) before 1.22.3, there is a NULL pointer dereference if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, causing the process to terminate in parse_nego_message.","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-11T14:42:26-07:00","cweList":["CWE-476: NULL Pointer Dereference"],"cweDetailsListForSearch":["cwe: CWE-476: NULL Pointer Dereference","cweUrl: https://cwe.mitre.org/data/definitions/476.html"],"mitreText":"CVE-2026-40355","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-40355","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"mitre","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"5.9","temporalScore":"5.9","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","vectorStringSource":"mitre","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-476: NULL Pointer Dereference","https://cwe.mitre.org/data/definitions/476.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-40355","version":1,"revisionDate":"2026-05-01T01:03:46-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"0801f694-f944-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-40355","version":2,"revisionDate":"2026-05-11T14:42:26-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"7c8f6a9f-474d-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000983ea84e","releaseDate":"2026-05-01T01:03:38-07:00","cveNumber":"CVE-2026-41526","cveTitle":"In KDE KCoreAddons before 6.25, KShell::quoteArgs is intended to safely quote arguments so that they can be passed to a shell command. This parsing does not adequately handle metacharacters, leading to an escape from the shell. All applications relying on this method in a security-critical path to handle user input are affected and could be exploited. In particular, because sendInput() sends a string to a terminal, a control character such as \\x01 can be used during injection.","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-09T01:38:59-07:00","cweList":["CWE-150: Improper Neutralization of Escape, Meta, or Control Sequences"],"cweDetailsListForSearch":["cwe: CWE-150: Improper Neutralization of Escape, Meta, or Control Sequences","cweUrl: https://cwe.mitre.org/data/definitions/150.html"],"mitreText":"CVE-2026-41526","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-41526","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"mitre","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"6.5","temporalScore":"6.5","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L","vectorStringSource":"mitre","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-150: Improper Neutralization of Escape, Meta, or Control Sequences","https://cwe.mitre.org/data/definitions/150.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-41526","version":1,"revisionDate":"2026-05-01T01:03:38-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a18c6d94-f944-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-41526","version":2,"revisionDate":"2026-05-09T01:38:59-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"708dd8d7-474b-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00000d4591c3","releaseDate":"2026-05-01T01:01:32-07:00","cveNumber":"CVE-2026-31533","cveTitle":"net/tls: fix use-after-free in -EBUSY error path of tls_do_encryption","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-01T14:46:51-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31533","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31533","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"9.8","temporalScore":"9.8","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","vectorStringSource":"Linux","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31533","version":1,"revisionDate":"2026-05-01T01:01:32-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b819df48-f944-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31533","version":2,"revisionDate":"2026-05-01T14:46:51-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"53f03297-6c45-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000c82f8d8b","releaseDate":"2026-04-30T01:11:57-07:00","cveNumber":"CVE-2026-41636","cveTitle":"Apache Thrift: Node.js skip() recursion","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-13T01:40:27-07:00","cweList":["CWE-674: Uncontrolled Recursion"],"cweDetailsListForSearch":["cwe: CWE-674: Uncontrolled Recursion","cweUrl: https://cwe.mitre.org/data/definitions/674.html"],"mitreText":"CVE-2026-41636","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-41636","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"apache","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-674: Uncontrolled Recursion","https://cwe.mitre.org/data/definitions/674.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-41636","version":2,"revisionDate":"2026-05-01T01:04:09-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"50e15aa5-f944-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-41636","version":3,"revisionDate":"2026-05-13T01:40:27-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"330c10b3-6c4e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-41636","version":1,"revisionDate":"2026-04-30T01:11:57-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"17bc9c95-3144-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000fad196a3","releaseDate":"2026-04-30T01:11:30-07:00","cveNumber":"CVE-2026-41605","cveTitle":"Apache Thrift: Swift Compact Protocol integer overflow","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-13T01:40:21-07:00","cweList":["CWE-190: Integer Overflow or Wraparound"],"cweDetailsListForSearch":["cwe: CWE-190: Integer Overflow or Wraparound","cweUrl: https://cwe.mitre.org/data/definitions/190.html"],"mitreText":"CVE-2026-41605","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-41605","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"apache","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-190: Integer Overflow or Wraparound","https://cwe.mitre.org/data/definitions/190.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-41605","version":3,"revisionDate":"2026-05-13T01:40:21-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"190c10b3-6c4e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-41605","version":1,"revisionDate":"2026-04-30T01:11:30-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"17fa2d83-3144-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-41605","version":2,"revisionDate":"2026-05-01T01:04:28-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"8c7431b3-f944-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00009c8d8373","releaseDate":"2026-04-30T01:11:14-07:00","cveNumber":"CVE-2026-41603","cveTitle":"Apache Thrift: Java TSSLTransportFactory hostname verification","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-13T01:40:12-07:00","cweList":["CWE-297: Improper Validation of Certificate with Host Mismatch"],"cweDetailsListForSearch":["cwe: CWE-297: Improper Validation of Certificate with Host Mismatch","cweUrl: https://cwe.mitre.org/data/definitions/297.html"],"mitreText":"CVE-2026-41603","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-41603","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"apache","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-297: Improper Validation of Certificate with Host Mismatch","https://cwe.mitre.org/data/definitions/297.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-41603","version":2,"revisionDate":"2026-05-13T01:40:12-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"562611ad-6c4e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-41603","version":1,"revisionDate":"2026-04-30T01:11:14-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"91d85776-3144-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000037022b16","releaseDate":"2026-04-30T01:11:04-07:00","cveNumber":"CVE-2026-41602","cveTitle":"Apache Thrift: Go TFramedTransport uint32 overflow","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-15T14:38:48-07:00","cweList":["CWE-190: Integer Overflow or Wraparound"],"cweDetailsListForSearch":["cwe: CWE-190: Integer Overflow or Wraparound","cweUrl: https://cwe.mitre.org/data/definitions/190.html"],"mitreText":"CVE-2026-41602","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-41602","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"apache","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-190: Integer Overflow or Wraparound","https://cwe.mitre.org/data/definitions/190.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-41602","version":3,"revisionDate":"2026-05-13T01:40:05-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"164a45a6-6c4e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-41602","version":4,"revisionDate":"2026-05-15T14:38:48-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f60907c6-6b50-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-41602","version":1,"revisionDate":"2026-04-30T01:11:04-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"7cd85776-3144-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-41602","version":2,"revisionDate":"2026-05-01T01:03:27-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"82fde98e-f944-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000f7c66883","releaseDate":"2026-04-30T01:10:55-07:00","cveNumber":"CVE-2025-48431","cveTitle":"Apache Thrift: Specially crafted input can crash a c_glib Thrift server with invalid pointer error.","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-13T01:39:49-07:00","cweList":["CWE-762: Mismatched Memory Management Routines"],"cweDetailsListForSearch":["cwe: CWE-762: Mismatched Memory Management Routines","cweUrl: https://cwe.mitre.org/data/definitions/762.html"],"mitreText":"CVE-2025-48431","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2025-48431","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"apache","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-762: Mismatched Memory Management Routines","https://cwe.mitre.org/data/definitions/762.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2025-48431","version":1,"revisionDate":"2026-04-30T01:10:55-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d348c170-3144-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2025-48431","version":2,"revisionDate":"2026-05-01T01:04:14-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"eb406eae-f944-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2025-48431","version":3,"revisionDate":"2026-05-13T01:39:49-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"48d59b9f-6c4e-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00004d752536","releaseDate":"2026-04-30T01:09:52-07:00","cveNumber":"CVE-2026-31508","cveTitle":"net: openvswitch: Avoid releasing netdev before teardown completes","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-01T14:46:44-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31508","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31508","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"7.8","temporalScore":"7.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","vectorStringSource":"Linux","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31508","version":1,"revisionDate":"2026-04-30T01:09:52-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"6fc5b949-3144-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31508","version":2,"revisionDate":"2026-05-01T14:46:44-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"05c74e90-6c45-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000926c7f99","releaseDate":"2026-04-29T01:11:30-07:00","cveNumber":"CVE-2026-34003","cveTitle":"Xorg: xwayland: x.org x server: information exposure and denial of service via out-of-bounds memory access","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-06T14:44:12-07:00","cweList":["CWE-125: Out-of-bounds Read"],"cweDetailsListForSearch":["cwe: CWE-125: Out-of-bounds Read","cweUrl: https://cwe.mitre.org/data/definitions/125.html"],"mitreText":"CVE-2026-34003","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-34003","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"redhat","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"7.8","temporalScore":"7.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","vectorStringSource":"redhat","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-125: Out-of-bounds Read","https://cwe.mitre.org/data/definitions/125.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-34003","version":2,"revisionDate":"2026-05-06T01:42:20-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e9fc6ccf-ec48-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-34003","version":1,"revisionDate":"2026-04-29T01:11:30-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ad596355-6843-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-34003","version":3,"revisionDate":"2026-05-06T14:44:12-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"1b8dd70b-5a49-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00005c833054","releaseDate":"2026-04-29T01:11:22-07:00","cveNumber":"CVE-2026-34001","cveTitle":"Xorg: xwayland: x.org x server: use-after-free vulnerability leads to server crash and potential memory corruption","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-06T14:44:03-07:00","cweList":["CWE-825: Expired Pointer Dereference"],"cweDetailsListForSearch":["cwe: CWE-825: Expired Pointer Dereference","cweUrl: https://cwe.mitre.org/data/definitions/825.html"],"mitreText":"CVE-2026-34001","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-34001","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"redhat","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"7.8","temporalScore":"7.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","vectorStringSource":"redhat","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-825: Expired Pointer Dereference","https://cwe.mitre.org/data/definitions/825.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-34001","version":2,"revisionDate":"2026-05-06T01:42:06-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"3da9d7c8-ec48-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-34001","version":1,"revisionDate":"2026-04-29T01:11:22-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"9a596355-6843-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-34001","version":3,"revisionDate":"2026-05-06T14:44:03-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"fb11cc05-5a49-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00007b160f04","releaseDate":"2026-04-29T01:11:14-07:00","cveNumber":"CVE-2026-33999","cveTitle":"Xorg: xwayland: x.org x server: denial of service via integer underflow in xkb compatibility map handling","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-06T14:43:53-07:00","cweList":["CWE-191: Integer Underflow (Wrap or Wraparound)"],"cweDetailsListForSearch":["cwe: CWE-191: Integer Underflow (Wrap or Wraparound)","cweUrl: https://cwe.mitre.org/data/definitions/191.html"],"mitreText":"CVE-2026-33999","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-33999","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"redhat","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"7.8","temporalScore":"7.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","vectorStringSource":"redhat","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-191: Integer Underflow (Wrap or Wraparound)","https://cwe.mitre.org/data/definitions/191.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-33999","version":2,"revisionDate":"2026-05-06T01:42:13-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"49a9d7c8-ec48-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-33999","version":1,"revisionDate":"2026-04-29T01:11:14-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"1b481e4f-6843-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-33999","version":3,"revisionDate":"2026-05-06T14:43:53-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"af7417ff-5949-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00003f79a74e","releaseDate":"2026-04-29T01:09:36-07:00","cveNumber":"CVE-2026-6861","cveTitle":"Emacs: emacs: memory corruption vulnerability when processing svg css","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-06T14:43:22-07:00","cweList":["CWE-193: Off-by-one Error"],"cweDetailsListForSearch":["cwe: CWE-193: Off-by-one Error","cweUrl: https://cwe.mitre.org/data/definitions/193.html"],"mitreText":"CVE-2026-6861","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-6861","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"redhat","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"6.1","temporalScore":"6.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H","vectorStringSource":"redhat","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-193: Off-by-one Error","https://cwe.mitre.org/data/definitions/193.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-6861","version":1,"revisionDate":"2026-04-29T01:09:36-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b3b5ba16-6843-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-6861","version":2,"revisionDate":"2026-05-04T14:42:28-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"be086477-c747-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-6861","version":3,"revisionDate":"2026-05-06T14:43:22-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"2e9f7eec-5949-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-000004a498d7","releaseDate":"2026-04-29T01:06:38-07:00","cveNumber":"CVE-2026-31648","cveTitle":"mm: filemap: fix nr_pages calculation overflow in filemap_map_pages()","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-01T14:46:31-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31648","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31648","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"7.8","temporalScore":"7.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","vectorStringSource":"Linux","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31648","version":1,"revisionDate":"2026-04-29T01:06:38-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"019e84aa-6743-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31648","version":2,"revisionDate":"2026-04-29T14:59:17-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a3874b00-dc43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31648","version":3,"revisionDate":"2026-05-01T14:46:31-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"9ab8f685-6c45-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00000a4591c3","releaseDate":"2026-04-29T01:06:32-07:00","cveNumber":"CVE-2026-31563","cveTitle":"net: macb: Use dev_consume_skb_any() to free TX SKBs","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:58:53-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31563","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31563","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"7.5","temporalScore":"7.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","vectorStringSource":"Linux","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31563","version":1,"revisionDate":"2026-04-29T01:06:32-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"944800a4-6743-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31563","version":2,"revisionDate":"2026-04-29T14:58:53-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"922126ed-db43-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000c5730465","releaseDate":"2026-04-29T01:05:35-07:00","cveNumber":"CVE-2026-31661","cveTitle":"wifi: brcmsmac: Fix dma_free_coherent() size","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-01T14:46:38-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31661","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31661","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31661","version":2,"revisionDate":"2026-04-29T14:59:27-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c9874b00-dc43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31661","version":3,"revisionDate":"2026-05-01T14:46:38-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e299448c-6c45-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31661","version":1,"revisionDate":"2026-04-29T01:05:35-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"cd6d0685-6743-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00009b18407a","releaseDate":"2026-04-29T01:01:26-07:00","cveNumber":"CVE-2026-31689","cveTitle":"EDAC/mc: Fix error path ordering in edac_mc_alloc()","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-01T14:46:18-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31689","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31689","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31689","version":1,"revisionDate":"2026-04-29T01:01:26-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"cfab20ee-6643-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31689","version":3,"revisionDate":"2026-05-01T14:46:18-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a1f75f7f-6c45-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31689","version":2,"revisionDate":"2026-04-29T14:58:12-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"dcc6bdd6-db43-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000b3a609c4","releaseDate":"2026-04-28T07:00:42-07:00","cveNumber":"CVE-2026-6920","cveTitle":"Chromium: CVE-2026-6920 Out of bounds read in GPU","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-28T07:00:42-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-6920","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-6920","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
147.0.3912.8704/248/2026147.0.7727.118
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-6920","version":1,"revisionDate":"2026-04-28T07:00:42-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"62d0965f-3940-f111-8d47-00224878786f"}]},{"id":"00000000-0000-0000-0000-000061e8ab07","releaseDate":"2026-04-26T01:10:27-07:00","cveNumber":"CVE-2026-31656","cveTitle":"drm/i915/gt: fix refcount underflow in intel_engine_park_heartbeat","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-01T14:44:56-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31656","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31656","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31656","version":1,"revisionDate":"2026-04-26T01:10:27-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"9c9b23b3-0c41-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31656","version":2,"revisionDate":"2026-04-27T14:39:36-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"790359ea-4642-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31656","version":3,"revisionDate":"2026-04-29T01:05:06-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"afebec73-6743-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31656","version":4,"revisionDate":"2026-04-29T14:45:54-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"8c60ec1e-da43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31656","version":5,"revisionDate":"2026-05-01T14:44:56-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"51dbd052-6c45-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-000003a498d7","releaseDate":"2026-04-26T01:09:54-07:00","cveNumber":"CVE-2026-31658","cveTitle":"net: altera-tse: fix skb leak on DMA mapping error in tse_start_xmit()","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-01T14:44:48-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31658","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31658","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31658","version":1,"revisionDate":"2026-04-26T01:09:54-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"48b7f69e-0c41-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31658","version":1.1,"revisionDate":"2026-04-27T14:39:02-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c57541d6-4642-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31658","version":4,"revisionDate":"2026-04-29T14:45:41-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"9e387118-da43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31658","version":2,"revisionDate":"2026-04-29T01:05:16-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"bb45dc77-6743-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31658","version":3,"revisionDate":"2026-04-29T01:47:26-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"4ab56d60-6d43-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31658","version":5,"revisionDate":"2026-05-01T14:44:48-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b710a44b-6c45-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000073172f4e","releaseDate":"2026-04-26T01:09:33-07:00","cveNumber":"CVE-2026-31597","cveTitle":"ocfs2: fix use-after-free in ocfs2_fault() when VM_FAULT_RETRY","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-01T14:44:41-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31597","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31597","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31597","version":1.1,"revisionDate":"2026-04-27T14:38:39-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"8c995ac8-4642-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31597","version":4,"revisionDate":"2026-05-01T01:01:47-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"2424cf50-f944-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31597","version":1,"revisionDate":"2026-04-26T01:09:33-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f63ebb94-0c41-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31597","version":2,"revisionDate":"2026-04-29T01:47:10-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b9619c52-6d43-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31597","version":3,"revisionDate":"2026-04-29T14:45:15-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"56bc2a06-da43-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31597","version":5,"revisionDate":"2026-05-01T14:44:41-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"8d362f44-6c45-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000f8150e7d","releaseDate":"2026-04-26T01:09:27-07:00","cveNumber":"CVE-2026-31622","cveTitle":"NFC: digital: Bounds check NFC-A cascade depth in SDD response handler","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-01T14:44:34-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31622","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31622","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31622","version":2,"revisionDate":"2026-04-27T14:38:33-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"defaa3c1-4642-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31622","version":1,"revisionDate":"2026-04-26T01:09:27-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a631f98d-0c41-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31622","version":3,"revisionDate":"2026-04-29T14:45:03-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"dd42bbff-d943-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31622","version":4,"revisionDate":"2026-04-30T01:10:24-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"7363125d-3144-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31622","version":5,"revisionDate":"2026-05-01T14:44:34-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"80362f44-6c45-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000096d1fa4c","releaseDate":"2026-04-26T01:09:22-07:00","cveNumber":"CVE-2026-31664","cveTitle":"xfrm: clear trailing padding in build_polexpire()","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-01T14:44:28-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31664","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31664","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31664","version":2,"revisionDate":"2026-04-27T14:38:28-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d8faa3c1-4642-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31664","version":4,"revisionDate":"2026-04-29T14:44:50-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a627e9f8-d943-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31664","version":1,"revisionDate":"2026-04-26T01:09:22-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"9f31f98d-0c41-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31664","version":3,"revisionDate":"2026-04-29T01:05:50-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d9296b8c-6743-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31664","version":5,"revisionDate":"2026-05-01T14:44:28-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"03f2443c-6c45-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00008e8ab51f","releaseDate":"2026-04-26T01:09:21-07:00","cveNumber":"CVE-2026-31673","cveTitle":"af_unix: read UNIX_DIAG_VFS data under unix_state_lock","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-01T14:46:09-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31673","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31673","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31673","version":2,"revisionDate":"2026-04-27T14:46:59-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d47110ef-4742-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31673","version":3,"revisionDate":"2026-04-29T14:54:53-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b55dac60-db43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31673","version":4,"revisionDate":"2026-05-01T14:46:09-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"58f85279-6c45-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31673","version":1,"revisionDate":"2026-04-26T01:09:21-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"9d31f98d-0c41-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00009e18407a","releaseDate":"2026-04-26T01:09:16-07:00","cveNumber":"CVE-2026-31659","cveTitle":"batman-adv: reject oversized global TT response buffers","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-01T14:44:21-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31659","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31659","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31659","version":1,"revisionDate":"2026-04-26T01:09:16-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"bc5c6489-0c41-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31659","version":2,"revisionDate":"2026-04-27T14:38:22-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f15cb3ba-4642-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31659","version":4,"revisionDate":"2026-04-29T14:44:37-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"5127e7f2-d943-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31659","version":5,"revisionDate":"2026-05-01T14:44:21-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"35eac038-6c45-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31659","version":3,"revisionDate":"2026-04-29T01:05:21-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c958fe7d-6743-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00009c18407a","releaseDate":"2026-04-26T01:09:15-07:00","cveNumber":"CVE-2026-31679","cveTitle":"openvswitch: validate MPLS set/set_masked payload length","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:54:40-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31679","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31679","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31679","version":1,"revisionDate":"2026-04-26T01:09:15-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ba5c6489-0c41-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31679","version":1.1,"revisionDate":"2026-04-27T14:46:53-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ce7110ef-4742-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31679","version":3,"revisionDate":"2026-04-29T14:54:40-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b832975a-db43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31679","version":2,"revisionDate":"2026-04-29T01:42:22-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"eaa069ac-6c43-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00003546a2ef","releaseDate":"2026-04-26T01:09:10-07:00","cveNumber":"CVE-2026-31625","cveTitle":"HID: alps: fix NULL pointer dereference in alps_raw_event()","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-01T14:44:14-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31625","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31625","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31625","version":1,"revisionDate":"2026-04-26T01:09:10-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"af862283-0c41-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31625","version":2,"revisionDate":"2026-04-27T14:38:16-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"eb5cb3ba-4642-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31625","version":3,"revisionDate":"2026-04-29T01:04:09-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a22f3f4e-6743-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31625","version":4,"revisionDate":"2026-04-29T14:44:25-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"5ef587ec-d943-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31625","version":5,"revisionDate":"2026-05-01T14:44:14-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e1667234-6c45-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000095d1fa4c","releaseDate":"2026-04-26T01:09:09-07:00","cveNumber":"CVE-2026-31674","cveTitle":"netfilter: ip6t_rt: reject oversized addrnr in rt_mt6_check()","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:54:25-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31674","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31674","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31674","version":1.1,"revisionDate":"2026-04-27T14:46:48-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e17f79e8-4742-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31674","version":3,"revisionDate":"2026-04-29T14:54:25-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"4de21f4e-db43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31674","version":1,"revisionDate":"2026-04-26T01:09:09-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a6d9fd87-0c41-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31674","version":2,"revisionDate":"2026-04-29T01:42:14-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"2e3135a5-6c43-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000099d1fa4c","releaseDate":"2026-04-26T01:09:04-07:00","cveNumber":"CVE-2026-31634","cveTitle":"rxrpc: fix reference count leak in rxrpc_server_keyring()","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-01T14:44:08-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31634","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31634","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31634","version":1,"revisionDate":"2026-04-26T01:09:04-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"9f862283-0c41-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31634","version":2,"revisionDate":"2026-04-27T14:38:10-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"fb2884b3-4642-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31634","version":3,"revisionDate":"2026-04-29T01:04:40-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"890cb866-6743-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31634","version":4,"revisionDate":"2026-04-29T14:44:12-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"30eb0be0-d943-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31634","version":5,"revisionDate":"2026-05-01T14:44:08-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"581c7832-6c45-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000f2150e7d","releaseDate":"2026-04-26T01:09:04-07:00","cveNumber":"CVE-2026-31682","cveTitle":"bridge: br_nd_send: linearize skb before parsing ND options","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:54:10-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31682","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31682","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31682","version":1.1,"revisionDate":"2026-04-27T14:46:43-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"da7f79e8-4742-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31682","version":2,"revisionDate":"2026-04-29T01:42:04-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"296415a1-6c43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31682","version":1,"revisionDate":"2026-04-26T01:09:04-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"0c050382-0c41-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31682","version":3,"revisionDate":"2026-04-29T14:54:10-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"df584b45-db43-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000046752536","releaseDate":"2026-04-26T01:08:58-07:00","cveNumber":"CVE-2026-31578","cveTitle":"media: as102: fix to not free memory after the device is registered in as102_usb_probe()","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-01T14:43:59-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31578","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31578","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31578","version":1,"revisionDate":"2026-04-26T01:08:58-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"6d92a17c-0c41-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31578","version":1.1,"revisionDate":"2026-04-27T14:38:04-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c82884b3-4642-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31578","version":2,"revisionDate":"2026-04-29T01:03:29-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"33faf83a-6743-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31578","version":4,"revisionDate":"2026-04-29T14:43:59-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"5fe49fd9-d943-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31578","version":5,"revisionDate":"2026-05-01T14:43:59-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ce285e2b-6c45-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31578","version":3,"revisionDate":"2026-04-29T01:46:46-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b11ead44-6d43-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000094d1fa4c","releaseDate":"2026-04-26T01:08:57-07:00","cveNumber":"CVE-2026-31684","cveTitle":"net: sched: act_csum: validate nested VLAN headers","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-01T14:46:02-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31684","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31684","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31684","version":1,"revisionDate":"2026-04-26T01:08:57-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"6b92a17c-0c41-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31684","version":2,"revisionDate":"2026-04-27T14:46:37-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"263b5ee2-4742-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31684","version":3,"revisionDate":"2026-04-29T14:53:53-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"adb0863b-db43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31684","version":4,"revisionDate":"2026-05-01T14:46:02-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"40f85279-6c45-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00000f8cd6f0","releaseDate":"2026-04-26T01:08:52-07:00","cveNumber":"CVE-2026-31586","cveTitle":"mm: blk-cgroup: fix use-after-free in cgwb_release_workfn()","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-01T14:43:52-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31586","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31586","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31586","version":1.1,"revisionDate":"2026-04-27T14:37:58-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b79dd3ac-4642-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31586","version":3,"revisionDate":"2026-04-29T14:43:46-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"8150dcd2-d943-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31586","version":5,"revisionDate":"2026-05-01T14:43:52-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c4285e2b-6c45-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31586","version":1,"revisionDate":"2026-04-26T01:08:52-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e06ad47b-0c41-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31586","version":2,"revisionDate":"2026-04-29T01:46:39-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a91ead44-6d43-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31586","version":4,"revisionDate":"2026-04-30T01:09:52-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"76c5b949-3144-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000c3730465","releaseDate":"2026-04-26T01:08:51-07:00","cveNumber":"CVE-2026-31681","cveTitle":"netfilter: xt_multiport: validate range encoding in checkentry","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-01T14:45:56-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31681","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31681","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31681","version":2,"revisionDate":"2026-04-27T14:46:31-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f91062dc-4742-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31681","version":3,"revisionDate":"2026-04-29T14:53:40-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"3a57fd33-db43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31681","version":1,"revisionDate":"2026-04-26T01:08:51-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"de6ad47b-0c41-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31681","version":4,"revisionDate":"2026-05-01T14:45:56-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"24402074-6c45-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00003d2ee008","releaseDate":"2026-04-26T01:08:46-07:00","cveNumber":"CVE-2026-31595","cveTitle":"PCI: endpoint: pci-epf-vntb: Stop cmd_handler work in epf_ntb_epc_cleanup","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-01T14:43:45-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31595","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31595","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31595","version":1,"revisionDate":"2026-04-26T01:08:46-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"7be5a976-0c41-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31595","version":2,"revisionDate":"2026-04-27T14:37:53-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b29dd3ac-4642-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31595","version":3,"revisionDate":"2026-04-29T14:43:34-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"0aa9f0c8-d943-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31595","version":4,"revisionDate":"2026-05-01T14:43:45-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d0bcca26-6c45-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000001a498d7","releaseDate":"2026-04-26T01:08:45-07:00","cveNumber":"CVE-2026-31678","cveTitle":"openvswitch: defer tunnel netdev_put to RCU release","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:53:27-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31678","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31678","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31678","version":2,"revisionDate":"2026-04-27T14:46:26-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"df1062dc-4742-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31678","version":1,"revisionDate":"2026-04-26T01:08:45-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"42f21374-0c41-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31678","version":3,"revisionDate":"2026-04-29T14:53:27-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c6ca3630-db43-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000028ff5cc2","releaseDate":"2026-04-26T01:08:39-07:00","cveNumber":"CVE-2026-31680","cveTitle":"net: ipv6: flowlabel: defer exclusive option free until RCU teardown","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:53:11-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31680","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31680","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31680","version":2,"revisionDate":"2026-04-27T14:46:20-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"571aa7d5-4742-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31680","version":1,"revisionDate":"2026-04-26T01:08:39-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"2ef21374-0c41-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31680","version":3,"revisionDate":"2026-04-29T14:53:11-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f810a826-db43-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000045752536","releaseDate":"2026-04-26T01:08:35-07:00","cveNumber":"CVE-2026-31588","cveTitle":"KVM: x86: Use scratch field in MMIO fragment to hold small write values","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-01T14:43:39-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31588","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31588","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31588","version":1.1,"revisionDate":"2026-04-27T14:37:41-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"783edba5-4642-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31588","version":3,"revisionDate":"2026-04-29T14:43:09-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"2100a9bf-d943-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31588","version":5,"revisionDate":"2026-05-01T14:43:39-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a17c7224-6c45-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31588","version":1,"revisionDate":"2026-04-26T01:08:35-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"049af06d-0c41-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31588","version":2,"revisionDate":"2026-04-29T01:46:21-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d587e637-6d43-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31588","version":4,"revisionDate":"2026-04-30T01:09:31-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"eb00943d-3144-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00009f18407a","releaseDate":"2026-04-26T01:08:28-07:00","cveNumber":"CVE-2026-31649","cveTitle":"net: stmmac: fix integer underflow in chain mode","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-01T14:43:32-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31649","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31649","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31649","version":1.1,"revisionDate":"2026-04-27T14:46:44-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"dc7f79e8-4742-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31649","version":2,"revisionDate":"2026-04-29T01:04:55-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b0a3d96c-6743-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31649","version":4,"revisionDate":"2026-04-29T14:42:54-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"168aa4b2-d943-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31649","version":1,"revisionDate":"2026-04-26T01:08:28-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f799f06d-0c41-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31649","version":3,"revisionDate":"2026-04-29T01:46:14-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f4c87731-6d43-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31649","version":5,"revisionDate":"2026-05-01T14:43:32-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"9666c51e-6c45-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00005fe8ab07","releaseDate":"2026-04-26T01:08:27-07:00","cveNumber":"CVE-2026-31676","cveTitle":"rxrpc: only handle RESPONSE during service challenge","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-01T14:45:49-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31676","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31676","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31676","version":2,"revisionDate":"2026-04-27T14:46:09-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"86e513cf-4742-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31676","version":3,"revisionDate":"2026-04-29T14:52:41-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b6559b13-db43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31676","version":4,"revisionDate":"2026-05-01T14:45:49-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"3bdc336d-6c45-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31676","version":1,"revisionDate":"2026-04-26T01:08:27-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f599f06d-0c41-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00003046a2ef","releaseDate":"2026-04-26T01:08:22-07:00","cveNumber":"CVE-2026-31675","cveTitle":"net/sched: sch_netem: fix out-of-bounds access in packet corruption","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:52:28-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31675","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31675","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31675","version":1.1,"revisionDate":"2026-04-27T14:46:03-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"79e513cf-4742-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31675","version":3,"revisionDate":"2026-04-29T14:52:28-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"0950620c-db43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31675","version":1,"revisionDate":"2026-04-26T01:08:22-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"2fbefd66-0c41-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31675","version":2,"revisionDate":"2026-04-29T01:41:43-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"79032392-6c43-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00009d18407a","releaseDate":"2026-04-26T01:08:17-07:00","cveNumber":"CVE-2026-31669","cveTitle":"mptcp: fix slab-use-after-free in __inet_lookup_established","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-01T14:43:25-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31669","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31669","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31669","version":1.1,"revisionDate":"2026-04-27T14:46:33-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"1d3b5ee2-4742-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31669","version":2,"revisionDate":"2026-04-29T01:06:11-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b1d3039d-6743-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31669","version":4,"revisionDate":"2026-04-29T14:42:30-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a78ba1a5-d943-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31669","version":1,"revisionDate":"2026-04-26T01:08:17-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"1bbefd66-0c41-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31669","version":3,"revisionDate":"2026-04-29T01:45:59-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"6deb282b-6d43-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31669","version":5,"revisionDate":"2026-04-30T01:42:17-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"dbf470d1-3544-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31669","version":6,"revisionDate":"2026-05-01T14:43:25-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f2b47a18-6c45-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00002f46a2ef","releaseDate":"2026-04-26T01:08:16-07:00","cveNumber":"CVE-2026-31685","cveTitle":"netfilter: ip6t_eui64: reject invalid MAC header for all packets","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-01T14:45:42-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31685","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31685","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31685","version":2,"revisionDate":"2026-04-27T14:45:57-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"0edb30c8-4742-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31685","version":3,"revisionDate":"2026-04-29T14:52:12-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"fd526900-db43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31685","version":4,"revisionDate":"2026-05-01T14:45:42-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"36dc336d-6c45-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31685","version":1,"revisionDate":"2026-04-26T01:08:16-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"17befd66-0c41-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00003246a2ef","releaseDate":"2026-04-26T01:08:11-07:00","cveNumber":"CVE-2026-31655","cveTitle":"pmdomain: imx8mp-blk-ctrl: Keep the NOC_HDCP clock enabled","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-01T14:43:18-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31655","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31655","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31655","version":1,"revisionDate":"2026-04-26T01:08:11-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"5f2f5a63-0c41-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31655","version":3,"revisionDate":"2026-04-29T14:42:19-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ec6dea9e-d943-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31655","version":2,"revisionDate":"2026-04-27T14:46:27-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"1f76b2de-4742-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31655","version":4,"revisionDate":"2026-05-01T14:43:18-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"eab47a18-6c45-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000006a498d7","releaseDate":"2026-04-26T01:08:04-07:00","cveNumber":"CVE-2026-31628","cveTitle":"x86/CPU: Fix FPDSS on Zen1","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-01T14:43:12-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31628","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31628","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31628","version":1,"revisionDate":"2026-04-26T01:08:04-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a0ab375c-0c41-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31628","version":1.1,"revisionDate":"2026-04-27T14:46:22-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d61062dc-4742-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31628","version":2,"revisionDate":"2026-04-29T01:04:24-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"19e7845a-6743-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31628","version":5,"revisionDate":"2026-05-01T14:43:12-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b86f210f-6c45-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31628","version":3,"revisionDate":"2026-04-29T01:45:49-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"1fd6f920-6d43-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31628","version":4,"revisionDate":"2026-04-29T14:42:05-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"163c449a-d943-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000a118407a","releaseDate":"2026-04-26T01:07:45-07:00","cveNumber":"CVE-2026-31629","cveTitle":"nfc: llcp: add missing return after LLCP_CLOSED checks","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-01T14:43:05-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31629","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31629","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31629","version":1.1,"revisionDate":"2026-04-27T14:46:05-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"7ee513cf-4742-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31629","version":2,"revisionDate":"2026-04-29T01:04:29-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"21e7845a-6743-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31629","version":3,"revisionDate":"2026-04-29T01:45:33-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"7da0371d-6d43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31629","version":6,"revisionDate":"2026-05-01T14:43:05-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b26f210f-6c45-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31629","version":1,"revisionDate":"2026-04-26T01:07:45-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e5352252-0c41-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31629","version":4,"revisionDate":"2026-04-29T14:41:27-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"3e6e477e-d943-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31629","version":5,"revisionDate":"2026-04-30T01:41:34-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"fa55a3b7-3544-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000d15b427e","releaseDate":"2026-04-26T01:07:39-07:00","cveNumber":"CVE-2026-31591","cveTitle":"KVM: SEV: Lock all vCPUs when synchronzing VMSAs for SNP launch finish","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:41:14-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31591","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31591","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31591","version":1.1,"revisionDate":"2026-04-27T14:46:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"72e513cf-4742-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31591","version":1,"revisionDate":"2026-04-26T01:07:39-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d4352252-0c41-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31591","version":2,"revisionDate":"2026-04-29T14:41:14-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"679e4f76-d943-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000a018407a","releaseDate":"2026-04-26T01:07:33-07:00","cveNumber":"CVE-2026-31639","cveTitle":"rxrpc: Fix key reference count leak from call->key","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-01T14:42:57-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31639","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31639","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31639","version":2,"revisionDate":"2026-04-27T14:45:54-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f0da30c8-4742-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31639","version":3,"revisionDate":"2026-04-29T14:40:57-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"101f096d-d943-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31639","version":4,"revisionDate":"2026-05-01T14:42:57-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"85a75c06-6c45-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31639","version":1,"revisionDate":"2026-04-26T01:07:33-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"3ca3054c-0c41-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000002a498d7","releaseDate":"2026-04-26T01:07:28-07:00","cveNumber":"CVE-2026-31668","cveTitle":"seg6: separate dst_cache for input and output paths in seg6 lwtunnel","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-01T14:42:51-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31668","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31668","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31668","version":1,"revisionDate":"2026-04-26T01:07:28-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"57c45348-0c41-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31668","version":2,"revisionDate":"2026-04-27T14:45:48-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e9da30c8-4742-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31668","version":4,"revisionDate":"2026-04-29T14:40:44-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f9cf5866-d943-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31668","version":3,"revisionDate":"2026-04-29T01:06:06-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"87e4d898-6743-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31668","version":5,"revisionDate":"2026-05-01T14:42:51-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"85700808-6c45-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000fc5c53aa","releaseDate":"2026-04-26T01:07:22-07:00","cveNumber":"CVE-2026-31657","cveTitle":"batman-adv: hold claim backbone gateways by reference","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-01T14:42:44-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31657","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31657","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31657","version":1.1,"revisionDate":"2026-04-27T14:45:42-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ea215dc1-4742-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31657","version":2,"revisionDate":"2026-04-29T01:05:11-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b9ebec73-6743-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31657","version":3,"revisionDate":"2026-04-29T01:45:20-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"1f045f15-6d43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31657","version":4,"revisionDate":"2026-04-29T14:40:31-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b50ac35f-d943-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31657","version":5,"revisionDate":"2026-05-01T14:42:44-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d9623bfe-6b45-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31657","version":1,"revisionDate":"2026-04-26T01:07:22-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b0e1ef43-0c41-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000cb730465","releaseDate":"2026-04-26T01:07:10-07:00","cveNumber":"CVE-2026-31601","cveTitle":"vfio/xe: Reorganize the init to decouple migration from reset","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:40:06-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31601","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31601","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31601","version":2,"revisionDate":"2026-04-27T14:45:29-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"0d8e4abb-4742-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31601","version":1,"revisionDate":"2026-04-26T01:07:10-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"4f94863d-0c41-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31601","version":3,"revisionDate":"2026-04-29T14:40:06-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"4e26ba4e-d943-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000f4150e7d","releaseDate":"2026-04-26T01:06:57-07:00","cveNumber":"CVE-2026-31662","cveTitle":"tipc: fix bc_ackers underflow on duplicate GRP_ACK_MSG","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-01T14:42:37-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31662","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31662","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31662","version":1.1,"revisionDate":"2026-04-27T14:45:18-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a2a605b5-4742-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31662","version":5,"revisionDate":"2026-05-01T14:42:37-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d2623bfe-6b45-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31662","version":1,"revisionDate":"2026-04-26T01:06:57-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"1af16f37-0c41-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31662","version":2,"revisionDate":"2026-04-29T01:05:40-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"cf6d0685-6743-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31662","version":3,"revisionDate":"2026-04-29T01:45:03-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"11861e08-6d43-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31662","version":4,"revisionDate":"2026-04-29T14:39:36-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"4b896e3c-d943-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000074172f4e","releaseDate":"2026-04-26T01:06:50-07:00","cveNumber":"CVE-2026-31587","cveTitle":"ASoC: qcom: q6apm: move component registration to unmanaged version","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-01T14:42:31-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31587","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31587","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31587","version":1,"revisionDate":"2026-04-26T01:06:50-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e07d4a34-0c41-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31587","version":1.1,"revisionDate":"2026-04-27T14:45:12-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"665057ae-4742-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31587","version":4,"revisionDate":"2026-05-01T14:42:31-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d79406f8-6b45-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31587","version":2,"revisionDate":"2026-04-29T01:44:56-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d1cf2702-6d43-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31587","version":3,"revisionDate":"2026-04-29T14:39:24-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"bbe3be35-d943-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000a318407a","releaseDate":"2026-04-26T01:06:38-07:00","cveNumber":"CVE-2026-31609","cveTitle":"smb: client: avoid double-free in smbd_free_send_io() after smbd_send_batch_flush()","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-01T01:02:29-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31609","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31609","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31609","version":1,"revisionDate":"2026-04-26T01:06:38-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"aaf0cd2d-0c41-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31609","version":1.1,"revisionDate":"2026-04-27T14:45:01-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"841455a8-4742-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31609","version":2,"revisionDate":"2026-04-29T14:38:59-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"9702bf2a-d943-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31609","version":3,"revisionDate":"2026-04-30T14:38:37-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"6304a140-a244-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31609","version":4,"revisionDate":"2026-05-01T01:02:29-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c6937f6c-f944-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000f9150e7d","releaseDate":"2026-04-26T01:06:27-07:00","cveNumber":"CVE-2026-31612","cveTitle":"ksmbd: validate EaNameLength in smb2_get_ea()","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-01T14:42:24-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31612","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31612","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31612","version":1.1,"revisionDate":"2026-04-27T14:44:50-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"4bd75ca2-4742-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31612","version":3,"revisionDate":"2026-04-29T15:01:09-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"5e05b53e-dc43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31612","version":4,"revisionDate":"2026-05-01T01:02:45-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"68c81c77-f944-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31612","version":5,"revisionDate":"2026-05-01T14:42:24-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"cc9406f8-6b45-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31612","version":1,"revisionDate":"2026-04-26T01:06:27-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"297b5b23-0c41-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31612","version":2,"revisionDate":"2026-04-29T01:44:43-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"808b01fa-6c43-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000938ab51f","releaseDate":"2026-04-26T01:06:21-07:00","cveNumber":"CVE-2026-31623","cveTitle":"net: usb: cdc-phonet: fix skb frags[] overflow in rx_complete()","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-01T14:42:17-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31623","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31623","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31623","version":1.1,"revisionDate":"2026-04-27T14:44:45-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"40d75ca2-4742-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31623","version":3,"revisionDate":"2026-04-29T15:01:03-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"0301a538-dc43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31623","version":1,"revisionDate":"2026-04-26T01:06:21-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"1a7b5b23-0c41-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31623","version":2,"revisionDate":"2026-04-29T01:44:36-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"7b8b01fa-6c43-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31623","version":4,"revisionDate":"2026-04-30T01:07:06-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"98bbe0e9-3044-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31623","version":5,"revisionDate":"2026-05-01T14:42:17-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"4420a9ef-6b45-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000d8a287ab","releaseDate":"2026-04-26T01:06:15-07:00","cveNumber":"CVE-2026-31594","cveTitle":"PCI: endpoint: pci-epf-vntb: Remove duplicate resource teardown","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-01T14:42:10-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31594","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31594","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31594","version":2,"revisionDate":"2026-04-27T14:44:39-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"1fb8f29b-4742-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31594","version":3,"revisionDate":"2026-04-29T15:00:56-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e500a538-dc43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31594","version":1,"revisionDate":"2026-04-26T01:06:15-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"fd0f1a1d-0c41-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31594","version":4,"revisionDate":"2026-05-01T14:42:10-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"3d20a9ef-6b45-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000c4730465","releaseDate":"2026-04-26T01:05:57-07:00","cveNumber":"CVE-2026-31671","cveTitle":"xfrm_user: fix info leak in build_report()","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-01T14:42:03-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31671","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31671","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31671","version":1,"revisionDate":"2026-04-26T01:05:57-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a9207310-0c41-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31671","version":2,"revisionDate":"2026-04-27T14:44:23-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c4138e8f-4742-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31671","version":4,"revisionDate":"2026-04-29T15:00:36-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"21c69d2c-dc43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31671","version":3,"revisionDate":"2026-04-29T01:06:21-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"90fbdc9e-6743-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31671","version":5,"revisionDate":"2026-05-01T14:42:03-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ded754e9-6b45-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000ff5c53aa","releaseDate":"2026-04-26T01:05:51-07:00","cveNumber":"CVE-2026-31627","cveTitle":"i2c: s3c24xx: check the size of the SMBUS message before using it","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-01T14:41:56-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31627","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31627","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31627","version":1.1,"revisionDate":"2026-04-27T14:44:17-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ae138e8f-4742-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31627","version":2,"revisionDate":"2026-04-29T01:04:19-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b9c56554-6743-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31627","version":4,"revisionDate":"2026-04-29T15:00:29-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"70d98c26-dc43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31627","version":5,"revisionDate":"2026-05-01T14:41:56-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"fcbc97e1-6b45-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31627","version":1,"revisionDate":"2026-04-26T01:05:51-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a115d30e-0c41-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31627","version":3,"revisionDate":"2026-04-29T01:44:07-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"02355bea-6c43-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000030ff5cc2","releaseDate":"2026-04-26T01:05:45-07:00","cveNumber":"CVE-2026-31600","cveTitle":"arm64: mm: Handle invalid large leaf mappings correctly","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T15:00:22-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31600","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31600","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31600","version":3,"revisionDate":"2026-04-29T15:00:22-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a5e47d20-dc43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31600","version":1,"revisionDate":"2026-04-26T01:05:45-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b6974f08-0c41-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31600","version":2,"revisionDate":"2026-04-27T14:44:11-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"67e03a8e-4742-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000069924b17","releaseDate":"2026-04-26T01:05:40-07:00","cveNumber":"CVE-2026-32147","cveTitle":"SFTP chroot bypass via path traversal in SSH_FXP_FSETSTAT","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T01:40:02-07:00","cweList":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"cweDetailsListForSearch":["cwe: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","cweUrl: https://cwe.mitre.org/data/definitions/22.html"],"mitreText":"CVE-2026-32147","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32147","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"EEF","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","https://cwe.mitre.org/data/definitions/22.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-32147","version":1,"revisionDate":"2026-04-26T01:05:40-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"61bf0f0a-0c41-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-32147","version":2,"revisionDate":"2026-04-27T14:44:01-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"6e7d5788-4742-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-32147","version":3,"revisionDate":"2026-04-29T01:40:02-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c52f6654-6c43-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000f6150e7d","releaseDate":"2026-04-26T01:05:39-07:00","cveNumber":"CVE-2026-31642","cveTitle":"rxrpc: Fix call removal to use RCU safe deletion","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-01T14:41:49-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31642","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31642","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31642","version":1.1,"revisionDate":"2026-04-27T14:44:05-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"767d5788-4742-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31642","version":2,"revisionDate":"2026-04-29T01:04:50-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a8a3d96c-6743-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31642","version":3,"revisionDate":"2026-04-29T01:43:58-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"dafc16e2-6c43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31642","version":4,"revisionDate":"2026-04-29T15:00:12-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"7de47d20-dc43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31642","version":1,"revisionDate":"2026-04-26T01:05:39-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a2974f08-0c41-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31642","version":5,"revisionDate":"2026-05-01T14:41:49-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"bf30d7e1-6b45-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000ca730465","releaseDate":"2026-04-26T01:05:33-07:00","cveNumber":"CVE-2026-31611","cveTitle":"ksmbd: require 3 sub-authorities before reading sub_auth[2]","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-01T14:41:43-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31611","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31611","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31611","version":1.1,"revisionDate":"2026-04-27T14:44:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"52fb4282-4742-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31611","version":3,"revisionDate":"2026-04-29T15:00:06-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b73d9419-dc43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31611","version":4,"revisionDate":"2026-05-01T01:02:40-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f32ccf70-f944-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31611","version":5,"revisionDate":"2026-05-01T14:41:43-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"428a89db-6b45-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31611","version":1,"revisionDate":"2026-04-26T01:05:33-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d07c3f02-0c41-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31611","version":2,"revisionDate":"2026-04-29T01:43:49-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"907c7cda-6c43-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000008a498d7","releaseDate":"2026-04-26T01:05:27-07:00","cveNumber":"CVE-2026-31608","cveTitle":"smb: server: avoid double-free in smb_direct_free_sendmsg after smb_direct_flush_send_list()","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-02T01:42:00-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31608","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31608","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31608","version":1.1,"revisionDate":"2026-04-27T14:43:54-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"47fb4282-4742-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31608","version":2,"revisionDate":"2026-04-29T14:59:59-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f4b9dc12-dc43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31608","version":4,"revisionDate":"2026-05-01T01:02:24-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b2466866-f944-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31608","version":5,"revisionDate":"2026-05-02T01:42:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c909ea18-c845-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31608","version":1,"revisionDate":"2026-04-26T01:05:27-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b97c3f02-0c41-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31608","version":3,"revisionDate":"2026-04-30T14:38:30-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"9a492441-a244-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000fec9a362","releaseDate":"2026-04-26T01:05:18-07:00","cveNumber":"CVE-2026-23414","cveTitle":"tls: Purge async_hold in tls_decrypt_async_wait()","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:48:15-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-23414","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-23414","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-23414","version":2,"revisionDate":"2026-04-27T14:43:44-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"5421337c-4742-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-23414","version":3,"revisionDate":"2026-04-29T14:48:15-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"7b85fa73-da43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-23414","version":1,"revisionDate":"2026-04-26T01:05:18-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"9e4dc8fa-0b41-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000958ab51f","releaseDate":"2026-04-26T01:05:17-07:00","cveNumber":"CVE-2026-31603","cveTitle":"staging: sm750fb: fix division by zero in ps_to_hz()","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-01T14:41:36-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31603","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31603","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31603","version":3,"revisionDate":"2026-04-29T14:59:50-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c3b9dc12-dc43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31603","version":5,"revisionDate":"2026-05-01T14:41:36-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"318a89db-6b45-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31603","version":1,"revisionDate":"2026-04-26T01:05:17-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"994dc8fa-0b41-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31603","version":2,"revisionDate":"2026-04-27T14:43:48-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"6ed1cd80-4742-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31603","version":4,"revisionDate":"2026-05-01T01:02:09-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"183b4d5e-f944-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000029ff5cc2","releaseDate":"2026-04-26T01:05:06-07:00","cveNumber":"CVE-2026-31670","cveTitle":"net: rfkill: prevent unlimited numbers of rfkill events from being created","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-01T14:41:29-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31670","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31670","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31670","version":1,"revisionDate":"2026-04-26T01:05:06-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ba2996f6-0b41-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31670","version":2,"revisionDate":"2026-04-27T14:43:37-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"3a6c6275-4742-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31670","version":3,"revisionDate":"2026-04-29T01:06:16-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b4d3039d-6743-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31670","version":4,"revisionDate":"2026-04-29T14:59:36-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b7f37806-dc43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31670","version":5,"revisionDate":"2026-05-01T14:41:29-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f9fac9d1-6b45-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000b8f81604","releaseDate":"2026-04-26T01:05:06-07:00","cveNumber":"CVE-2026-23360","cveTitle":"nvme: fix admin queue leak on controller reset","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:47:46-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-23360","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-23360","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-23360","version":2,"revisionDate":"2026-04-27T14:43:32-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"326c6275-4742-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-23360","version":1,"revisionDate":"2026-04-26T01:05:06-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c0e66cf4-0b41-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-23360","version":3,"revisionDate":"2026-04-29T14:47:46-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"0caaee5e-da43-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000044752536","releaseDate":"2026-04-26T01:05:00-07:00","cveNumber":"CVE-2026-31598","cveTitle":"ocfs2: fix possible deadlock between unlink and dio_end_io_write","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-02T01:41:49-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31598","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31598","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31598","version":1,"revisionDate":"2026-04-26T01:05:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"922b60f0-0b41-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31598","version":2,"revisionDate":"2026-04-27T14:43:31-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"2f6c6275-4742-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31598","version":3,"revisionDate":"2026-04-29T14:59:29-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"8df37806-dc43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31598","version":5,"revisionDate":"2026-05-01T14:41:22-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f4fac9d1-6b45-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31598","version":4,"revisionDate":"2026-05-01T01:01:53-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e141de55-f944-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31598","version":6,"revisionDate":"2026-05-02T01:41:49-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"44961d13-c845-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00005bb4601d","releaseDate":"2026-04-26T01:05:00-07:00","cveNumber":"CVE-2026-41411","cveTitle":"Vim: Command injection via backtick expansion in tag filenames","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T01:39:36-07:00","cweList":["CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"],"cweDetailsListForSearch":["cwe: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","cweUrl: https://cwe.mitre.org/data/definitions/78.html"],"mitreText":"CVE-2026-41411","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-41411","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"GitHub_M","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"6.6","temporalScore":"6.6","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L","vectorStringSource":"GitHub_M","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","https://cwe.mitre.org/data/definitions/78.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-41411","version":2,"revisionDate":"2026-04-27T14:43:27-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"3342136f-4742-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-41411","version":3,"revisionDate":"2026-04-29T01:06:56-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"15f8fbb6-6743-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-41411","version":1,"revisionDate":"2026-04-26T01:05:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ce0a59ee-0b41-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-41411","version":4,"revisionDate":"2026-04-29T01:39:36-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"6ad4d545-6c43-f111-93fa-000d3afbc7d7"}]}],"@odata.nextLink":"https://api.msrc.microsoft.com/sug/v2.0/sugodata/v2.0/us-EN/vulnerability?$skip=500"}