Report Name: Microsoft Patch Tuesday, March 2026Generated: 2026-03-11 12:26:33
| Product Name | Prevalence | U | C | H | M | L | A | Comment |
|---|---|---|---|---|---|---|---|---|
| Windows Kernel | 0.9 | 3 | 3 | Windows Kernel | ||||
| Windows Win32k | 0.9 | 1 | 1 | The Win32k.sys driver is the kernel side of some core parts of the Windows subsystem. Its main functionality is the GUI of Windows; it's responsible for window management. | ||||
| ASP.NET Core | 0.8 | 1 | 1 | An open-source, server-side web-application framework designed for web development | ||||
| GDI+ | 0.8 | 1 | 1 | GDI+ | ||||
| Hybrid Worker Extension (Arc‑enabled Windows VMs) | 0.8 | 1 | 1 | Windows component | ||||
| Microsoft Brokering File System | 0.8 | 1 | 1 | The Microsoft Brokering File System (BFS) is a Windows component designed to act as an intermediary for file access in isolated (sandboxed) Win32 applications | ||||
| Microsoft Office | 0.8 | 2 | 1 | 3 | Microsoft Office is a suite of applications designed to help with productivity and completing common tasks on a computer | |||
| Performance Counters for Windows | 0.8 | 1 | 1 | Windows component | ||||
| Windows Accessibility Infrastructure (ATBroker.exe) | 0.8 | 2 | 2 | Windows component | ||||
| Windows Admin Center in Azure Portal | 0.8 | 1 | 1 | Windows component | ||||
| Windows Ancillary Function Driver for WinSock | 0.8 | 4 | 4 | Windows component | ||||
| Windows App Installer | 0.8 | 1 | 1 | Windows component | ||||
| Windows Authentication | 0.8 | 1 | 1 | Windows component | ||||
| Windows Bluetooth RFCOM Protocol Driver | 0.8 | 1 | 1 | Windows component | ||||
| Windows Connected Devices Platform Service | 0.8 | 1 | 1 | Windows component | ||||
| Windows DWM Core Library | 0.8 | 1 | 1 | Windows component | ||||
| Windows Device Association Service | 0.8 | 2 | 2 | Windows component | ||||
| Windows Extensible File Allocation Table | 0.8 | 1 | 1 | Windows component | ||||
| Windows Graphics Component | 0.8 | 4 | 4 | Windows component | ||||
| Windows Kerberos | 0.8 | 1 | 1 | Windows component | ||||
| Windows Mobile Broadband Driver | 0.8 | 1 | 1 | Windows component | ||||
| Windows NTFS | 0.8 | 1 | 1 | The default file system of the Windows NT family | ||||
| Windows Print Spooler | 0.8 | 1 | 1 | Windows component | ||||
| Windows Projected File System | 0.8 | 1 | 1 | Windows component | ||||
| Windows Resilient File System (ReFS) | 0.8 | 1 | 1 | Windows component | ||||
| Windows Routing and Remote Access Service (RRAS) | 0.8 | 3 | 3 | Windows component | ||||
| Windows SMB Server | 0.8 | 2 | 2 | Windows component | ||||
| Windows Shell Link Processing | 0.8 | 1 | 1 | Windows component | ||||
| Windows System Image Manager Assessment and Deployment Kit (ADK) | 0.8 | 1 | 1 | Windows component | ||||
| Windows Telephony Service | 0.8 | 1 | 1 | Windows component | ||||
| Windows Universal Disk Format File System Driver (UDFS) | 0.8 | 1 | 1 | Windows component | ||||
| .NET | 0.7 | 2 | 2 | .NET | ||||
| Microsoft Excel | 0.6 | 5 | 5 | MS Office product | ||||
| Windows Hyper-V | 0.6 | 1 | 1 | Hardware virtualization component of the client editions of Windows NT | ||||
| Active Directory Domain Services | 0.5 | 1 | 1 | Active Directory Domain Services | ||||
| Arc Enabled Servers - Azure Connected Machine Agent | 0.5 | 1 | 1 | Arc Enabled Servers - Azure Connected Machine Agent | ||||
| Azure IOT Explorer | 0.5 | 1 | 1 | Azure IOT Explorer | ||||
| Azure IoT Explorer | 0.5 | 3 | 3 | Azure IoT Explorer | ||||
| Azure MCP Server Tools | 0.5 | 1 | 1 | Azure MCP Server Tools | ||||
| Broadcast DVR | 0.5 | 1 | 1 | Broadcast DVR | ||||
| GDI | 0.5 | 1 | 1 | GDI | ||||
| GitHub: Zero Shot SCFoundation | 0.5 | 1 | 1 | GitHub: Zero Shot SCFoundation | ||||
| Linux Azure Diagnostic extension (LAD) | 0.5 | 1 | 1 | Linux Azure Diagnostic extension (LAD) | ||||
| MapUrlToZone | 0.5 | 1 | 1 | MapUrlToZone | ||||
| Microsoft Authenticator | 0.5 | 1 | 1 | Microsoft Authenticator | ||||
| Microsoft Azure AD SSH Login extension for Linux | 0.5 | 1 | 1 | Microsoft Azure AD SSH Login extension for Linux | ||||
| Microsoft SharePoint Server | 0.5 | 3 | 3 | Microsoft SharePoint Server | ||||
| Multiple UNC Provider Kernel Driver | 0.5 | 1 | 1 | Multiple UNC Provider Kernel Driver | ||||
| Push message Routing Service | 0.5 | 1 | 1 | Push message Routing Service | ||||
| SQL Server | 0.5 | 3 | 3 | SQL Server | ||||
| System Center Operations Manager (SCOM) | 0.5 | 1 | 1 | System Center Operations Manager (SCOM) | ||||
| Winlogon | 0.5 | 1 | 1 | Winlogon | ||||
| semantic_kernel | 0.5 | 1 | 1 | Product detected by a:microsoft:semantic_kernel (does NOT exist in CPE dict) |
| Vulnerability Type | Criticality | U | C | H | M | L | A |
|---|---|---|---|---|---|---|---|
| Remote Code Execution | 1.0 | 8 | 9 | 17 | |||
| Security Feature Bypass | 0.9 | 2 | 2 | ||||
| Elevation of Privilege | 0.85 | 1 | 43 | 44 | |||
| Information Disclosure | 0.83 | 8 | 8 | ||||
| Denial of Service | 0.7 | 4 | 4 | ||||
| Spoofing | 0.4 | 4 | 4 |
| Source | U | C | H | M | L | A |
|---|---|---|---|---|---|---|
| Qualys | 2 | 9 | 11 | |||
| Tenable | 3 | 9 | 12 | |||
| Rapid7 | 3 | 3 | ||||
| ZDI | 3 | 2 | 5 |
1. 
Remote Code Execution - Windows Print Spooler (CVE-2026-23669) - High [419]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
ZDI: CVE-2026-23669 - Windows Print Spooler Remote Code Execution Vulnerability. Just reading the title makes me twitch with remembrances of Print Nightmare from a few years ago. This bug works in the same manner as those exploits. An authenticated attacker sends specially crafted messages to an affected system to gain arbitrary code execution. No user interaction is required. Let’s hope we don’t end up in a new nightmare of spooler exploits. Test and deploy this one quickly.
2. Remote Code Execution - Windows Routing and Remote Access Service (RRAS) (CVE-2026-25172) - High [419]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
3. Remote Code Execution - Windows Routing and Remote Access Service (RRAS) (CVE-2026-26111) - High [419]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
4. 
Elevation of Privilege - Microsoft Azure AD SSH Login extension for Linux (CVE-2026-26148) - High [411]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.4 | 17 | The existence of a private exploit is mentioned on Microsoft:PrivateExploit:PoC website | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.5 | 14 | Microsoft Azure AD SSH Login extension for Linux | |
| 0.8 | 10 | CVSS Base Score is 8.1. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
5. Remote Code Execution - Microsoft Office (CVE-2026-26110) - High [407]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Microsoft Office is a suite of applications designed to help with productivity and completing common tasks on a computer | |
| 0.8 | 10 | CVSS Base Score is 8.4. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: CVE-2026-26110: Microsoft Office Remote Code Execution Vulnerability A type confusion flaw in Microsoft Office could allow an unauthenticated attacker to achieve remote code execution.
Tenable: CVE-2026-26110 and CVE-2026-26113 | Microsoft Office Remote Code Execution Vulnerability
Tenable: CVE-2026-26110 and CVE-2026-26113 are RCE vulnerabilities affecting Microsoft Office. Both received CVSSv3 scores of 8.4 and were rated as critical. A local, unauthenticated attacker could exploit these vulnerabilities to achieve local code execution. Microsoft notes that the preview pane is an attack vector for these flaws and both CVEs were assessed as “Exploitation Less Likely.”
ZDI: CVE-2026-26110/CVE-2026-26113 - Microsoft Office Remote Code Execution Vulnerability. Another month and another pair of Office bugs where the Preview Pane is an exploit vector. I’ve lost count of how many of these bugs have been patched over the last year, but it’s just a matter of time until they start appearing in active exploits. The latest versions of Outlook allow you to hide the Preview Pane, but it isn’t clear if this would mitigate these attacks. The best option is still to test and deploy the update, but considering how many of these patches exist, it’s likely further updates will be needed to fully address these issues.
6. Remote Code Execution - Microsoft Office (CVE-2026-26113) - High [407]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Microsoft Office is a suite of applications designed to help with productivity and completing common tasks on a computer | |
| 0.8 | 10 | CVSS Base Score is 8.4. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: CVE-2026-26113: Microsoft Office Remote Code Execution Vulnerability An untrusted pointer dereference flaw in Microsoft Office could allow an unauthenticated attacker to achieve remote code execution.
Tenable: CVE-2026-26110 and CVE-2026-26113 | Microsoft Office Remote Code Execution Vulnerability
Tenable: CVE-2026-26110 and CVE-2026-26113 are RCE vulnerabilities affecting Microsoft Office. Both received CVSSv3 scores of 8.4 and were rated as critical. A local, unauthenticated attacker could exploit these vulnerabilities to achieve local code execution. Microsoft notes that the preview pane is an attack vector for these flaws and both CVEs were assessed as “Exploitation Less Likely.”
ZDI: CVE-2026-26110/CVE-2026-26113 - Microsoft Office Remote Code Execution Vulnerability. Another month and another pair of Office bugs where the Preview Pane is an exploit vector. I’ve lost count of how many of these bugs have been patched over the last year, but it’s just a matter of time until they start appearing in active exploits. The latest versions of Outlook allow you to hide the Preview Pane, but it isn’t clear if this would mitigate these attacks. The best option is still to test and deploy the update, but considering how many of these patches exist, it’s likely further updates will be needed to fully address these issues.
7. Remote Code Execution - Windows Routing and Remote Access Service (RRAS) (CVE-2026-25173) - High [407]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 8.0. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
8. Remote Code Execution - Windows System Image Manager Assessment and Deployment Kit (ADK) (CVE-2026-25166) - High [407]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
9. Remote Code Execution - semantic_kernel (CVE-2026-26030) - High [404]
Description: Semantic Kernel, Microsoft's semantic kernel Python SDK, has a remote
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | Product detected by a:microsoft:semantic_kernel (does NOT exist in CPE dict) | |
| 1.0 | 10 | CVSS Base Score is 9.9. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00086, EPSS Percentile is 0.247 |
Tenable: Microsoft patched 83 CVEs in its March 2026 Patch Tuesday release, with eight rated critical and 75 rated as important. Our counts omitted one CVE (CVE-2026-26030) assigned by GitHub.
10. Elevation of Privilege - Windows Kernel (CVE-2026-24287) - Medium [397]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.9 | 14 | Windows Kernel | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Tenable: CVE-2026-24287, CVE-2026-24289 and CVE-2026-26132 | Windows Kernel Elevation of Privilege Vulnerability
Tenable: CVE-2026-24287, CVE-2026-24289 and CVE-2026-26132 are EoP vulnerabilities in the Windows Kernel. Each was assigned CVSSv3 scores of 7.8 and rated important. A local, authenticated attacker could exploit these vulnerabilities in order to gain SYSTEM privileges. While Microsoft reports no evidence of exploitation, it did assess CVE-2026-24289 and CVE-2026-26132 as “Exploitation More Likely.” Including these three CVEs, six EoPs affecting Windows Kernel have been patched so far in 2026.
11. Elevation of Privilege - Windows Kernel (CVE-2026-24289) - Medium [397]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.9 | 14 | Windows Kernel | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: Other Microsoft Vulnerability Highlights CVE-2026-23668 is an elevation-of-privilege vulnerability in the Windows Graphics Component. Upon successful exploitation of the vulnerability, an attacker could gain administrator privileges. CVE-2026-24289 and CVE-2026-26132 are elevation-of-privilege vulnerabilities in the Windows Kernel. A use-after-free flaw may allow an authenticated attacker to gain SYSTEM privileges. CVE-2026-24291 is an elevation-of-privilege vulnerability in the Windows Accessibility Infrastructure. Upon successful exploitation of the vulnerability, an authenticated attacker could gain SYSTEM privileges. CVE-2026-24294 is an elevation-of-privilege vulnerability in Windows SMB Server. Successful exploitation of the vulnerability may allow an authenticated attacker to gain SYSTEM privilege. CVE-2026-25187 is an elevation-of-privilege vulnerability in Winlogon. Upon successful exploitation of the vulnerability, an authenticated attacker could gain SYSTEM privileges.
Tenable: CVE-2026-24287, CVE-2026-24289 and CVE-2026-26132 | Windows Kernel Elevation of Privilege Vulnerability
Tenable: CVE-2026-24287, CVE-2026-24289 and CVE-2026-26132 are EoP vulnerabilities in the Windows Kernel. Each was assigned CVSSv3 scores of 7.8 and rated important. A local, authenticated attacker could exploit these vulnerabilities in order to gain SYSTEM privileges. While Microsoft reports no evidence of exploitation, it did assess CVE-2026-24289 and CVE-2026-26132 as “Exploitation More Likely.” Including these three CVEs, six EoPs affecting Windows Kernel have been patched so far in 2026.
12. Elevation of Privilege - Windows Kernel (CVE-2026-26132) - Medium [397]
Description: Use after free in
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.9 | 14 | Windows Kernel | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to NVD data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: Other Microsoft Vulnerability Highlights CVE-2026-23668 is an elevation-of-privilege vulnerability in the Windows Graphics Component. Upon successful exploitation of the vulnerability, an attacker could gain administrator privileges. CVE-2026-24289 and CVE-2026-26132 are elevation-of-privilege vulnerabilities in the Windows Kernel. A use-after-free flaw may allow an authenticated attacker to gain SYSTEM privileges. CVE-2026-24291 is an elevation-of-privilege vulnerability in the Windows Accessibility Infrastructure. Upon successful exploitation of the vulnerability, an authenticated attacker could gain SYSTEM privileges. CVE-2026-24294 is an elevation-of-privilege vulnerability in Windows SMB Server. Successful exploitation of the vulnerability may allow an authenticated attacker to gain SYSTEM privilege. CVE-2026-25187 is an elevation-of-privilege vulnerability in Winlogon. Upon successful exploitation of the vulnerability, an authenticated attacker could gain SYSTEM privileges.
Tenable: CVE-2026-24287, CVE-2026-24289 and CVE-2026-26132 | Windows Kernel Elevation of Privilege Vulnerability
Tenable: CVE-2026-24287, CVE-2026-24289 and CVE-2026-26132 are EoP vulnerabilities in the Windows Kernel. Each was assigned CVSSv3 scores of 7.8 and rated important. A local, authenticated attacker could exploit these vulnerabilities in order to gain SYSTEM privileges. While Microsoft reports no evidence of exploitation, it did assess CVE-2026-24289 and CVE-2026-26132 as “Exploitation More Likely.” Including these three CVEs, six EoPs affecting Windows Kernel have been patched so far in 2026.
13. Remote Code Execution - Windows Mobile Broadband Driver (CVE-2026-24288) - Medium [395]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 6.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
14. Elevation of Privilege - Windows Telephony Service (CVE-2026-25188) - Medium [392]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
15. Elevation of Privilege - Windows Win32k (CVE-2026-24285) - Medium [385]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.9 | 14 | The Win32k.sys driver is the kernel side of some core parts of the Windows subsystem. Its main functionality is the GUI of Windows; it's responsible for window management. | |
| 0.7 | 10 | CVSS Base Score is 7.0. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
16. Elevation of Privilege - Hybrid Worker Extension (Arc‑enabled Windows VMs) (CVE-2026-26141) - Medium [380]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
17. Elevation of Privilege - Microsoft Office (CVE-2026-26134) - Medium [380]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Microsoft Office is a suite of applications designed to help with productivity and completing common tasks on a computer | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
18. Elevation of Privilege - Performance Counters for Windows (CVE-2026-25165) - Medium [380]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
19. Elevation of Privilege - Windows Accessibility Infrastructure (ATBroker.exe) (CVE-2026-24291) - Medium [380]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: Other Microsoft Vulnerability Highlights CVE-2026-23668 is an elevation-of-privilege vulnerability in the Windows Graphics Component. Upon successful exploitation of the vulnerability, an attacker could gain administrator privileges. CVE-2026-24289 and CVE-2026-26132 are elevation-of-privilege vulnerabilities in the Windows Kernel. A use-after-free flaw may allow an authenticated attacker to gain SYSTEM privileges. CVE-2026-24291 is an elevation-of-privilege vulnerability in the Windows Accessibility Infrastructure. Upon successful exploitation of the vulnerability, an authenticated attacker could gain SYSTEM privileges. CVE-2026-24294 is an elevation-of-privilege vulnerability in Windows SMB Server. Successful exploitation of the vulnerability may allow an authenticated attacker to gain SYSTEM privilege. CVE-2026-25187 is an elevation-of-privilege vulnerability in Winlogon. Upon successful exploitation of the vulnerability, an authenticated attacker could gain SYSTEM privileges.
20. Elevation of Privilege - Windows Admin Center in Azure Portal (CVE-2026-23660) - Medium [380]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
21. Elevation of Privilege - Windows Ancillary Function Driver for WinSock (CVE-2026-24293) - Medium [380]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
22. Elevation of Privilege - Windows Ancillary Function Driver for WinSock (CVE-2026-25176) - Medium [380]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
23. Elevation of Privilege - Windows Connected Devices Platform Service (CVE-2026-24292) - Medium [380]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
24. Elevation of Privilege - Windows DWM Core Library (CVE-2026-25189) - Medium [380]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
25. Elevation of Privilege - Windows Extensible File Allocation Table (CVE-2026-25174) - Medium [380]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
26. Elevation of Privilege - Windows NTFS (CVE-2026-25175) - Medium [380]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | The default file system of the Windows NT family | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
27. Elevation of Privilege - Windows Projected File System (CVE-2026-24290) - Medium [380]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
28. Elevation of Privilege - Windows Resilient File System (ReFS) (CVE-2026-23673) - Medium [380]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
29. Elevation of Privilege - Windows SMB Server (CVE-2026-24294) - Medium [380]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: Other Microsoft Vulnerability Highlights CVE-2026-23668 is an elevation-of-privilege vulnerability in the Windows Graphics Component. Upon successful exploitation of the vulnerability, an attacker could gain administrator privileges. CVE-2026-24289 and CVE-2026-26132 are elevation-of-privilege vulnerabilities in the Windows Kernel. A use-after-free flaw may allow an authenticated attacker to gain SYSTEM privileges. CVE-2026-24291 is an elevation-of-privilege vulnerability in the Windows Accessibility Infrastructure. Upon successful exploitation of the vulnerability, an authenticated attacker could gain SYSTEM privileges. CVE-2026-24294 is an elevation-of-privilege vulnerability in Windows SMB Server. Successful exploitation of the vulnerability may allow an authenticated attacker to gain SYSTEM privilege. CVE-2026-25187 is an elevation-of-privilege vulnerability in Winlogon. Upon successful exploitation of the vulnerability, an authenticated attacker could gain SYSTEM privileges.
30. Elevation of Privilege - Windows SMB Server (CVE-2026-26128) - Medium [380]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
31. Elevation of Privilege - Windows Universal Disk Format File System Driver (UDFS) (CVE-2026-23672) - Medium [380]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
32. 
Security Feature Bypass - Windows Kerberos (CVE-2026-24297) - Medium [377]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 6.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
33. 
Information Disclosure - GDI+ (CVE-2026-25181) - Medium [376]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.8 | 14 | GDI+ | |
| 0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
34. Remote Code Execution - Microsoft Excel (CVE-2026-26107) - Medium [373]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.6 | 14 | MS Office product | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
35. Remote Code Execution - Microsoft Excel (CVE-2026-26108) - Medium [373]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.6 | 14 | MS Office product | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
36. Remote Code Execution - Microsoft Excel (CVE-2026-26109) - Medium [373]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.6 | 14 | MS Office product | |
| 0.8 | 10 | CVSS Base Score is 8.4. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
37. Remote Code Execution - Microsoft Excel (CVE-2026-26112) - Medium [373]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.6 | 14 | MS Office product | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
38. Remote Code Execution - GitHub: Zero Shot SCFoundation (CVE-2026-23654) - Medium [369]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | GitHub: Zero Shot SCFoundation | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
39. Remote Code Execution - Microsoft SharePoint Server (CVE-2026-26106) - Medium [369]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | Microsoft SharePoint Server | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
40. Remote Code Execution - Microsoft SharePoint Server (CVE-2026-26114) - Medium [369]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | Microsoft SharePoint Server | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
41. Elevation of Privilege - Microsoft Brokering File System (CVE-2026-25167) - Medium [368]
Description: Use after free in
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | The Microsoft Brokering File System (BFS) is a Windows component designed to act as an intermediary for file access in isolated (sandboxed) Win32 applications | |
| 0.7 | 10 | CVSS Base Score is 7.4. According to NVD data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
42. Elevation of Privilege - Windows Ancillary Function Driver for WinSock (CVE-2026-25178) - Medium [368]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 7.0. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
43. Elevation of Privilege - Windows Ancillary Function Driver for WinSock (CVE-2026-25179) - Medium [368]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 7.0. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
44. Elevation of Privilege - Windows Authentication (CVE-2026-25171) - Medium [368]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 7.0. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
45. Elevation of Privilege - Windows Bluetooth RFCOM Protocol Driver (CVE-2026-23671) - Medium [368]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 7.0. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
46. Elevation of Privilege - Windows Device Association Service (CVE-2026-24295) - Medium [368]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 7.0. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
47. Elevation of Privilege - Windows Device Association Service (CVE-2026-24296) - Medium [368]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 7.0. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
48. Elevation of Privilege - Windows Graphics Component (CVE-2026-23668) - Medium [368]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 7.0. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: Other Microsoft Vulnerability Highlights CVE-2026-23668 is an elevation-of-privilege vulnerability in the Windows Graphics Component. Upon successful exploitation of the vulnerability, an attacker could gain administrator privileges. CVE-2026-24289 and CVE-2026-26132 are elevation-of-privilege vulnerabilities in the Windows Kernel. A use-after-free flaw may allow an authenticated attacker to gain SYSTEM privileges. CVE-2026-24291 is an elevation-of-privilege vulnerability in the Windows Accessibility Infrastructure. Upon successful exploitation of the vulnerability, an authenticated attacker could gain SYSTEM privileges. CVE-2026-24294 is an elevation-of-privilege vulnerability in Windows SMB Server. Successful exploitation of the vulnerability may allow an authenticated attacker to gain SYSTEM privilege. CVE-2026-25187 is an elevation-of-privilege vulnerability in Winlogon. Upon successful exploitation of the vulnerability, an authenticated attacker could gain SYSTEM privileges.
ZDI: CVE-2026-23668 - Windows Graphics Component Elevation of Privilege Vulnerability. This vulnerability was submitted to the ZDI program by Marcin Wiązowski as two separate bugs, and it demonstrates the need for variant investigations when creating security patches. Both cases are caused by the lack of proper locking when performing operations on an object. However, in one case, it’s in the cdd.dll driver while the other is in the win32kfull driver. Either way, an attacker could use these to elevate privileges to SYSTEM and execute arbitrary code. Since the fix for both is to add object locking to the GDI object, the cases are combined into a single CVE. That’s not a problem, but it does show how variants can occur, and fixes should be as broad as possible.
49. Elevation of Privilege - .NET (CVE-2026-26131) - Medium [363]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.7 | 14 | .NET | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Tenable: .NET updates this month also include patches to address CVE-2026-26131, an important severity EoP vulnerability for.NET 10 installations on Linux.
50. Remote Code Execution - GDI (CVE-2026-25190) - Medium [357]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | GDI | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
51. 
Denial of Service - ASP.NET Core (CVE-2026-26130) - Medium [353]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.7 | 15 | Denial of Service | |
| 0.8 | 14 | An open-source, server-side web-application framework designed for web development | |
| 0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
52. Information Disclosure - Windows Accessibility Infrastructure (ATBroker.exe) (CVE-2026-25186) - Medium [352]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.8 | 14 | Windows component | |
| 0.6 | 10 | CVSS Base Score is 5.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
53. Information Disclosure - Windows Graphics Component (CVE-2026-25180) - Medium [352]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.8 | 14 | Windows component | |
| 0.6 | 10 | CVSS Base Score is 5.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
54. Information Disclosure - Microsoft Excel (CVE-2026-26144) - Medium [343]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.6 | 14 | MS Office product | |
| 0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: CVE-2026-26144: Microsoft Excel Information Disclosure Vulnerability An attacker who successfully exploited this vulnerability could potentially read portions of heap memory.
ZDI: CVE-2026-26144 - Microsoft Excel Information Disclosure Vulnerability. This is a fascinating bug and an attack scenario we’re likely to see more often. The vulnerability is a simple cross-site scripting (XSS) bug in Excel, but an attacker could use it to cause the Copilot Agent to exfiltrate data off the target. This essentially makes it a zero-click information disclosure. Although not stated, the disclosure is likely at the level of the logged-on user, so there isn’t a privilege escalation component. Info disclosures rarely get rated Critical, but it makes sense here.
55. Elevation of Privilege - Active Directory Domain Services (CVE-2026-25177) - Medium [342]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.5 | 14 | Active Directory Domain Services | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
56. Elevation of Privilege - Azure MCP Server Tools (CVE-2026-26118) - Medium [342]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.5 | 14 | Azure MCP Server Tools | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Tenable: CVE-2026-26118 | Azure MCP Server Tools Elevation of Privilege Vulnerability
Tenable: CVE-2026-26118 is an EoP vulnerability in Azure Model Context Protocol (MCP) Server. An attacker could exploit this vulnerability by sending a crafted input to a vulnerable Azure MCP Server that accepts user-provided parameters. Successful exploitation would grant an attacker to elevate privileges using an obtained managed identity token.
57. Elevation of Privilege - Multiple UNC Provider Kernel Driver (CVE-2026-24283) - Medium [342]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.5 | 14 | Multiple UNC Provider Kernel Driver | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
58. Elevation of Privilege - SQL Server (CVE-2026-21262) - Medium [342]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.5 | 14 | SQL Server | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: CVE-2026-21262: SQL Server Elevation of Privilege Vulnerability SQL Server is Microsoft’s relational database management system (RDBMS) for storing, managing, and retrieving data in enterprise environments. An improper access control flaw in SQL Server may allow an authenticated attacker to elevate their privileges across the network. Upon successful exploitation of the vulnerability, an attacker could gain SQL sysadmin privileges.
Tenable: Microsoft’s March 2026 Patch Tuesday Addresses 83 CVEs (CVE-2026-21262, CVE-2026-26127)
Tenable: CVE-2026-21262, CVE-2026-26115 and CVE-2026-26116 | SQL Server Elevation of Privilege Vulnerability
Tenable: CVE-2026-21262, CVE-2026-26115 and CVE-2026-26116 are EoP vulnerabilities affecting Microsoft SQL Server. Each of these flaws received a CVSSv3 score of 8.8 and were rated as important. While each of these were assessed as “Exploitation Less Likely” according to Microsoft’s Exploitability Index, CVE-2026-21262 was publicly disclosed as a zero-day. While no exploitation has been reported by Microsoft, a successful exploit of any one of these three flaws would result in an attacker gaining SQL sysadmin privileges.
Rapid7: SQL Server often goes several months in a row without any mention on Patch Tuesday. Today, however, all versions from the latest and greatest SQL Server 2025 back as far as SQL Server 2016 SP3 receive patches for CVE-2026-21262, a SQL Server elevation of privilege vulnerability. This isn’t just any elevation of privilege vulnerability, either; the advisory notes that an authorized attacker can elevate privileges to sysadmin over a network. The CVSS v3 base score of 8.8 is just below the threshold for critical severity, since low-level privileges are required.
Rapid7: Anyone paying for Extended Security Updates (ESU) for SQL Server 2014 or SQL Server 2012 may be forgiven for wondering why there’s no security update for those venerable versions of the world’s most widely deployed closed-source database product. We can hope that the vulnerability described by CVE-2026-21262 was introduced in newer codebases only.
59. Elevation of Privilege - SQL Server (CVE-2026-26115) - Medium [342]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.5 | 14 | SQL Server | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Tenable: CVE-2026-21262, CVE-2026-26115 and CVE-2026-26116 | SQL Server Elevation of Privilege Vulnerability
Tenable: CVE-2026-21262, CVE-2026-26115 and CVE-2026-26116 are EoP vulnerabilities affecting Microsoft SQL Server. Each of these flaws received a CVSSv3 score of 8.8 and were rated as important. While each of these were assessed as “Exploitation Less Likely” according to Microsoft’s Exploitability Index, CVE-2026-21262 was publicly disclosed as a zero-day. While no exploitation has been reported by Microsoft, a successful exploit of any one of these three flaws would result in an attacker gaining SQL sysadmin privileges.
60. Elevation of Privilege - SQL Server (CVE-2026-26116) - Medium [342]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.5 | 14 | SQL Server | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Tenable: CVE-2026-21262, CVE-2026-26115 and CVE-2026-26116 | SQL Server Elevation of Privilege Vulnerability
Tenable: CVE-2026-21262, CVE-2026-26115 and CVE-2026-26116 are EoP vulnerabilities affecting Microsoft SQL Server. Each of these flaws received a CVSSv3 score of 8.8 and were rated as important. While each of these were assessed as “Exploitation Less Likely” according to Microsoft’s Exploitability Index, CVE-2026-21262 was publicly disclosed as a zero-day. While no exploitation has been reported by Microsoft, a successful exploit of any one of these three flaws would result in an attacker gaining SQL sysadmin privileges.
61. Elevation of Privilege - System Center Operations Manager (SCOM) (CVE-2026-20967) - Medium [342]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.5 | 14 | System Center Operations Manager (SCOM) | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
62. Security Feature Bypass - MapUrlToZone (CVE-2026-23674) - Medium [339]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.5 | 14 | MapUrlToZone | |
| 0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
63. Denial of Service - .NET (CVE-2026-26127) - Medium [336]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.7 | 15 | Denial of Service | |
| 0.7 | 14 | .NET | |
| 0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: CVE-2026-26127: .NET Denial of Service Vulnerability A .NET out-of-bounds read flaw could allow an unauthenticated attacker to launch a denial-of-service attack.
Tenable: Microsoft’s March 2026 Patch Tuesday Addresses 83 CVEs (CVE-2026-21262, CVE-2026-26127)
Tenable: CVE-2026-26127 |.NET Denial of Service Vulnerability
Tenable: CVE-2026-26127 is a denial of service (DoS) vulnerability affecting.NET 9.0 and 10.0 on Windows, Mac OS and Linux. It received a CVSSv3 score of 7.5 and was rated as important. According to Microsoft, this vulnerability was publicly disclosed prior to patches being made available. Although it was publicly disclosed, Microsoft assesses that exploitation is unlikely for this DoS vulnerability.
Rapid7: Attackers fond of low-effort denial of service attacks against .NET applications will be checking out CVE-2026-26127 today. Microsoft is aware of public disclosure. While the immediate impact of exploitation is likely contained to denial of service by triggering a crash, opportunities for other types of attacks might emerge during a service reboot. Alternatively, if a log forwarder or security agent is impacted, even for a brief period of time, an attacker might carry out an attack in that moment hoping to evade detection under cover of this artificial darkness. Even if a low-skilled attacker simply causes downtime, in some contexts that could be enough to cause an SLA breach or loss of revenue, or at the very least cause a bleary-eyed defender to get paged in the middle of the night.
64. Elevation of Privilege - Windows Hyper-V (CVE-2026-25170) - Medium [335]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.6 | 14 | Hardware virtualization component of the client editions of Windows NT | |
| 0.7 | 10 | CVSS Base Score is 7.0. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
65. Elevation of Privilege - Arc Enabled Servers - Azure Connected Machine Agent (CVE-2026-26117) - Medium [330]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.5 | 14 | Arc Enabled Servers - Azure Connected Machine Agent | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
66. Elevation of Privilege - Linux Azure Diagnostic extension (LAD) (CVE-2026-23665) - Medium [330]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.5 | 14 | Linux Azure Diagnostic extension (LAD) | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
67. Elevation of Privilege - Winlogon (CVE-2026-25187) - Medium [330]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.5 | 14 | Winlogon | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: Other Microsoft Vulnerability Highlights CVE-2026-23668 is an elevation-of-privilege vulnerability in the Windows Graphics Component. Upon successful exploitation of the vulnerability, an attacker could gain administrator privileges. CVE-2026-24289 and CVE-2026-26132 are elevation-of-privilege vulnerabilities in the Windows Kernel. A use-after-free flaw may allow an authenticated attacker to gain SYSTEM privileges. CVE-2026-24291 is an elevation-of-privilege vulnerability in the Windows Accessibility Infrastructure. Upon successful exploitation of the vulnerability, an authenticated attacker could gain SYSTEM privileges. CVE-2026-24294 is an elevation-of-privilege vulnerability in Windows SMB Server. Successful exploitation of the vulnerability may allow an authenticated attacker to gain SYSTEM privilege. CVE-2026-25187 is an elevation-of-privilege vulnerability in Winlogon. Upon successful exploitation of the vulnerability, an authenticated attacker could gain SYSTEM privileges.
68. Denial of Service - Windows Graphics Component (CVE-2026-25168) - Medium [329]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.7 | 15 | Denial of Service | |
| 0.8 | 14 | Windows component | |
| 0.6 | 10 | CVSS Base Score is 6.2. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
69. Denial of Service - Windows Graphics Component (CVE-2026-25169) - Medium [329]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.7 | 15 | Denial of Service | |
| 0.8 | 14 | Windows component | |
| 0.6 | 10 | CVSS Base Score is 6.2. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
70. Information Disclosure - Azure IoT Explorer (CVE-2026-23661) - Medium [326]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.5 | 14 | Azure IoT Explorer | |
| 0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
71. Information Disclosure - Azure IoT Explorer (CVE-2026-23662) - Medium [326]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.5 | 14 | Azure IoT Explorer | |
| 0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
72. Information Disclosure - Azure IoT Explorer (CVE-2026-23664) - Medium [326]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.5 | 14 | Azure IoT Explorer | |
| 0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
73. Elevation of Privilege - Broadcast DVR (CVE-2026-23667) - Medium [318]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.5 | 14 | Broadcast DVR | |
| 0.7 | 10 | CVSS Base Score is 7.0. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
74. Elevation of Privilege - Push message Routing Service (CVE-2026-24282) - Medium [306]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.5 | 14 | Push message Routing Service | |
| 0.6 | 10 | CVSS Base Score is 5.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
75. Information Disclosure - Microsoft Authenticator (CVE-2026-26123) - Medium [302]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.5 | 14 | Microsoft Authenticator | |
| 0.6 | 10 | CVSS Base Score is 5.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Rapid7: Microsoft Authenticator mobile app users on both iOS and Android should update to the latest version to prevent exploitation of CVE-2026-26123, which involves a malicious app disguising itself as Microsoft Authenticator. Exploitation succeeds when the malicious app receives enough information to impersonate the user. The legitimate Authenticator app could be installed on a personal device, but often provides multi-factor authentication (MFA) codes for production services in a bring-your-own-device context. Typically, users can choose their own authenticator app. Accordingly, defenders should consider how well their mobile device management policy covers app choice enforcement and patching for MFA apps.
76. 
Spoofing - Windows App Installer (CVE-2026-23656) - Medium [276]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.4 | 15 | Spoofing | |
| 0.8 | 14 | Windows component | |
| 0.6 | 10 | CVSS Base Score is 5.9. According to NVD data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
77. Spoofing - Windows Shell Link Processing (CVE-2026-25185) - Medium [264]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.4 | 15 | Spoofing | |
| 0.8 | 14 | Windows component | |
| 0.5 | 10 | CVSS Base Score is 5.3. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
78. Spoofing - Azure IOT Explorer (CVE-2026-26121) - Medium [250]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.4 | 15 | Spoofing | |
| 0.5 | 14 | Azure IOT Explorer | |
| 0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
79. Spoofing - Microsoft SharePoint Server (CVE-2026-26105) - Medium [250]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.4 | 15 | Spoofing | |
| 0.5 | 14 | Microsoft SharePoint Server | |
| 0.8 | 10 | CVSS Base Score is 8.1. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Remote Code Execution (17)ZDI: CVE-2026-23669 - Windows Print Spooler Remote Code Execution Vulnerability. Just reading the title makes me twitch with remembrances of Print Nightmare from a few years ago. This bug works in the same manner as those exploits. An authenticated attacker sends specially crafted messages to an affected system to gain arbitrary code execution. No user interaction is required. Let’s hope we don’t end up in a new nightmare of spooler exploits. Test and deploy this one quickly.
Qualys: CVE-2026-26113: Microsoft Office Remote Code Execution Vulnerability An untrusted pointer dereference flaw in Microsoft Office could allow an unauthenticated attacker to achieve remote code execution.
Qualys: CVE-2026-26110: Microsoft Office Remote Code Execution Vulnerability A type confusion flaw in Microsoft Office could allow an unauthenticated attacker to achieve remote code execution.
Tenable: CVE-2026-26110 and CVE-2026-26113 | Microsoft Office Remote Code Execution Vulnerability
Tenable: CVE-2026-26110 and CVE-2026-26113 are RCE vulnerabilities affecting Microsoft Office. Both received CVSSv3 scores of 8.4 and were rated as critical. A local, unauthenticated attacker could exploit these vulnerabilities to achieve local code execution. Microsoft notes that the preview pane is an attack vector for these flaws and both CVEs were assessed as “Exploitation Less Likely.”
ZDI: CVE-2026-26110/CVE-2026-26113 - Microsoft Office Remote Code Execution Vulnerability. Another month and another pair of Office bugs where the Preview Pane is an exploit vector. I’ve lost count of how many of these bugs have been patched over the last year, but it’s just a matter of time until they start appearing in active exploits. The latest versions of Outlook allow you to hide the Preview Pane, but it isn’t clear if this would mitigate these attacks. The best option is still to test and deploy the update, but considering how many of these patches exist, it’s likely further updates will be needed to fully address these issues.
Tenable: Microsoft patched 83 CVEs in its March 2026 Patch Tuesday release, with eight rated critical and 75 rated as important. Our counts omitted one CVE (CVE-2026-26030) assigned by GitHub.
Elevation of Privilege (44)Qualys: Other Microsoft Vulnerability Highlights CVE-2026-23668 is an elevation-of-privilege vulnerability in the Windows Graphics Component. Upon successful exploitation of the vulnerability, an attacker could gain administrator privileges. CVE-2026-24289 and CVE-2026-26132 are elevation-of-privilege vulnerabilities in the Windows Kernel. A use-after-free flaw may allow an authenticated attacker to gain SYSTEM privileges. CVE-2026-24291 is an elevation-of-privilege vulnerability in the Windows Accessibility Infrastructure. Upon successful exploitation of the vulnerability, an authenticated attacker could gain SYSTEM privileges. CVE-2026-24294 is an elevation-of-privilege vulnerability in Windows SMB Server. Successful exploitation of the vulnerability may allow an authenticated attacker to gain SYSTEM privilege. CVE-2026-25187 is an elevation-of-privilege vulnerability in Winlogon. Upon successful exploitation of the vulnerability, an authenticated attacker could gain SYSTEM privileges.
Tenable: CVE-2026-24287, CVE-2026-24289 and CVE-2026-26132 | Windows Kernel Elevation of Privilege Vulnerability
Tenable: CVE-2026-24287, CVE-2026-24289 and CVE-2026-26132 are EoP vulnerabilities in the Windows Kernel. Each was assigned CVSSv3 scores of 7.8 and rated important. A local, authenticated attacker could exploit these vulnerabilities in order to gain SYSTEM privileges. While Microsoft reports no evidence of exploitation, it did assess CVE-2026-24289 and CVE-2026-26132 as “Exploitation More Likely.” Including these three CVEs, six EoPs affecting Windows Kernel have been patched so far in 2026.
Qualys: Other Microsoft Vulnerability Highlights CVE-2026-23668 is an elevation-of-privilege vulnerability in the Windows Graphics Component. Upon successful exploitation of the vulnerability, an attacker could gain administrator privileges. CVE-2026-24289 and CVE-2026-26132 are elevation-of-privilege vulnerabilities in the Windows Kernel. A use-after-free flaw may allow an authenticated attacker to gain SYSTEM privileges. CVE-2026-24291 is an elevation-of-privilege vulnerability in the Windows Accessibility Infrastructure. Upon successful exploitation of the vulnerability, an authenticated attacker could gain SYSTEM privileges. CVE-2026-24294 is an elevation-of-privilege vulnerability in Windows SMB Server. Successful exploitation of the vulnerability may allow an authenticated attacker to gain SYSTEM privilege. CVE-2026-25187 is an elevation-of-privilege vulnerability in Winlogon. Upon successful exploitation of the vulnerability, an authenticated attacker could gain SYSTEM privileges.
Qualys: Other Microsoft Vulnerability Highlights CVE-2026-23668 is an elevation-of-privilege vulnerability in the Windows Graphics Component. Upon successful exploitation of the vulnerability, an attacker could gain administrator privileges. CVE-2026-24289 and CVE-2026-26132 are elevation-of-privilege vulnerabilities in the Windows Kernel. A use-after-free flaw may allow an authenticated attacker to gain SYSTEM privileges. CVE-2026-24291 is an elevation-of-privilege vulnerability in the Windows Accessibility Infrastructure. Upon successful exploitation of the vulnerability, an authenticated attacker could gain SYSTEM privileges. CVE-2026-24294 is an elevation-of-privilege vulnerability in Windows SMB Server. Successful exploitation of the vulnerability may allow an authenticated attacker to gain SYSTEM privilege. CVE-2026-25187 is an elevation-of-privilege vulnerability in Winlogon. Upon successful exploitation of the vulnerability, an authenticated attacker could gain SYSTEM privileges.
Qualys: Other Microsoft Vulnerability Highlights CVE-2026-23668 is an elevation-of-privilege vulnerability in the Windows Graphics Component. Upon successful exploitation of the vulnerability, an attacker could gain administrator privileges. CVE-2026-24289 and CVE-2026-26132 are elevation-of-privilege vulnerabilities in the Windows Kernel. A use-after-free flaw may allow an authenticated attacker to gain SYSTEM privileges. CVE-2026-24291 is an elevation-of-privilege vulnerability in the Windows Accessibility Infrastructure. Upon successful exploitation of the vulnerability, an authenticated attacker could gain SYSTEM privileges. CVE-2026-24294 is an elevation-of-privilege vulnerability in Windows SMB Server. Successful exploitation of the vulnerability may allow an authenticated attacker to gain SYSTEM privilege. CVE-2026-25187 is an elevation-of-privilege vulnerability in Winlogon. Upon successful exploitation of the vulnerability, an authenticated attacker could gain SYSTEM privileges.
ZDI: CVE-2026-23668 - Windows Graphics Component Elevation of Privilege Vulnerability. This vulnerability was submitted to the ZDI program by Marcin Wiązowski as two separate bugs, and it demonstrates the need for variant investigations when creating security patches. Both cases are caused by the lack of proper locking when performing operations on an object. However, in one case, it’s in the cdd.dll driver while the other is in the win32kfull driver. Either way, an attacker could use these to elevate privileges to SYSTEM and execute arbitrary code. Since the fix for both is to add object locking to the GDI object, the cases are combined into a single CVE. That’s not a problem, but it does show how variants can occur, and fixes should be as broad as possible.
Tenable: .NET updates this month also include patches to address CVE-2026-26131, an important severity EoP vulnerability for.NET 10 installations on Linux.
Tenable: CVE-2026-26118 | Azure MCP Server Tools Elevation of Privilege Vulnerability
Tenable: CVE-2026-26118 is an EoP vulnerability in Azure Model Context Protocol (MCP) Server. An attacker could exploit this vulnerability by sending a crafted input to a vulnerable Azure MCP Server that accepts user-provided parameters. Successful exploitation would grant an attacker to elevate privileges using an obtained managed identity token.
Qualys: CVE-2026-21262: SQL Server Elevation of Privilege Vulnerability SQL Server is Microsoft’s relational database management system (RDBMS) for storing, managing, and retrieving data in enterprise environments. An improper access control flaw in SQL Server may allow an authenticated attacker to elevate their privileges across the network. Upon successful exploitation of the vulnerability, an attacker could gain SQL sysadmin privileges.
Tenable: Microsoft’s March 2026 Patch Tuesday Addresses 83 CVEs (CVE-2026-21262, CVE-2026-26127)
Tenable: CVE-2026-21262, CVE-2026-26115 and CVE-2026-26116 | SQL Server Elevation of Privilege Vulnerability
Tenable: CVE-2026-21262, CVE-2026-26115 and CVE-2026-26116 are EoP vulnerabilities affecting Microsoft SQL Server. Each of these flaws received a CVSSv3 score of 8.8 and were rated as important. While each of these were assessed as “Exploitation Less Likely” according to Microsoft’s Exploitability Index, CVE-2026-21262 was publicly disclosed as a zero-day. While no exploitation has been reported by Microsoft, a successful exploit of any one of these three flaws would result in an attacker gaining SQL sysadmin privileges.
Rapid7: SQL Server often goes several months in a row without any mention on Patch Tuesday. Today, however, all versions from the latest and greatest SQL Server 2025 back as far as SQL Server 2016 SP3 receive patches for CVE-2026-21262, a SQL Server elevation of privilege vulnerability. This isn’t just any elevation of privilege vulnerability, either; the advisory notes that an authorized attacker can elevate privileges to sysadmin over a network. The CVSS v3 base score of 8.8 is just below the threshold for critical severity, since low-level privileges are required.
Rapid7: Anyone paying for Extended Security Updates (ESU) for SQL Server 2014 or SQL Server 2012 may be forgiven for wondering why there’s no security update for those venerable versions of the world’s most widely deployed closed-source database product. We can hope that the vulnerability described by CVE-2026-21262 was introduced in newer codebases only.
Qualys: Other Microsoft Vulnerability Highlights CVE-2026-23668 is an elevation-of-privilege vulnerability in the Windows Graphics Component. Upon successful exploitation of the vulnerability, an attacker could gain administrator privileges. CVE-2026-24289 and CVE-2026-26132 are elevation-of-privilege vulnerabilities in the Windows Kernel. A use-after-free flaw may allow an authenticated attacker to gain SYSTEM privileges. CVE-2026-24291 is an elevation-of-privilege vulnerability in the Windows Accessibility Infrastructure. Upon successful exploitation of the vulnerability, an authenticated attacker could gain SYSTEM privileges. CVE-2026-24294 is an elevation-of-privilege vulnerability in Windows SMB Server. Successful exploitation of the vulnerability may allow an authenticated attacker to gain SYSTEM privilege. CVE-2026-25187 is an elevation-of-privilege vulnerability in Winlogon. Upon successful exploitation of the vulnerability, an authenticated attacker could gain SYSTEM privileges.
Security Feature Bypass (2)Information Disclosure (8)Qualys: CVE-2026-26144: Microsoft Excel Information Disclosure Vulnerability An attacker who successfully exploited this vulnerability could potentially read portions of heap memory.
ZDI: CVE-2026-26144 - Microsoft Excel Information Disclosure Vulnerability. This is a fascinating bug and an attack scenario we’re likely to see more often. The vulnerability is a simple cross-site scripting (XSS) bug in Excel, but an attacker could use it to cause the Copilot Agent to exfiltrate data off the target. This essentially makes it a zero-click information disclosure. Although not stated, the disclosure is likely at the level of the logged-on user, so there isn’t a privilege escalation component. Info disclosures rarely get rated Critical, but it makes sense here.
Rapid7: Microsoft Authenticator mobile app users on both iOS and Android should update to the latest version to prevent exploitation of CVE-2026-26123, which involves a malicious app disguising itself as Microsoft Authenticator. Exploitation succeeds when the malicious app receives enough information to impersonate the user. The legitimate Authenticator app could be installed on a personal device, but often provides multi-factor authentication (MFA) codes for production services in a bring-your-own-device context. Typically, users can choose their own authenticator app. Accordingly, defenders should consider how well their mobile device management policy covers app choice enforcement and patching for MFA apps.
Denial of Service (4)Qualys: CVE-2026-26127: .NET Denial of Service Vulnerability A .NET out-of-bounds read flaw could allow an unauthenticated attacker to launch a denial-of-service attack.
Tenable: Microsoft’s March 2026 Patch Tuesday Addresses 83 CVEs (CVE-2026-21262, CVE-2026-26127)
Tenable: CVE-2026-26127 |.NET Denial of Service Vulnerability
Tenable: CVE-2026-26127 is a denial of service (DoS) vulnerability affecting.NET 9.0 and 10.0 on Windows, Mac OS and Linux. It received a CVSSv3 score of 7.5 and was rated as important. According to Microsoft, this vulnerability was publicly disclosed prior to patches being made available. Although it was publicly disclosed, Microsoft assesses that exploitation is unlikely for this DoS vulnerability.
Rapid7: Attackers fond of low-effort denial of service attacks against .NET applications will be checking out CVE-2026-26127 today. Microsoft is aware of public disclosure. While the immediate impact of exploitation is likely contained to denial of service by triggering a crash, opportunities for other types of attacks might emerge during a service reboot. Alternatively, if a log forwarder or security agent is impacted, even for a brief period of time, an attacker might carry out an attack in that moment hoping to evade detection under cover of this artificial darkness. Even if a low-skilled attacker simply causes downtime, in some contexts that could be enough to cause an SLA breach or loss of revenue, or at the very least cause a bleary-eyed defender to get paged in the middle of the night.
Spoofing (4)