Report Name: Microsoft Patch Tuesday, May 2026Generated: 2026-05-19 10:35:02
| Product Name | Prevalence | U | C | H | M | L | A | Comment |
|---|---|---|---|---|---|---|---|---|
| AMD Processor | 0.9 | 1 | 1 | Processor | ||||
| Windows Kernel | 0.9 | 1 | 2 | 3 | Windows Kernel | |||
| Windows SMB Client | 0.9 | 1 | 1 | Windows component | ||||
| Windows TCP/IP | 0.9 | 6 | 3 | 9 | Windows component | |||
| Windows TCP/IP Driver | 0.9 | 1 | 1 | A kernel mode driver | ||||
| Windows Win32k | 0.9 | 4 | 3 | 7 | The Win32k.sys driver is the kernel side of some core parts of the Windows subsystem. Its main functionality is the GUI of Windows; it's responsible for window management. | |||
| .NET Core | 0.8 | 1 | 1 | .NET Core | ||||
| ASP.NET Core | 0.8 | 1 | 1 | An open-source, server-side web-application framework designed for web development | ||||
| Microsoft Cryptographic Services | 0.8 | 1 | 1 | he Cryptographic Services is a Microsoft Windows feature that encrypts and decrypts data on storage devices when they are accessed | ||||
| Microsoft Office | 0.8 | 3 | 1 | 4 | Microsoft Office is a suite of applications designed to help with productivity and completing common tasks on a computer | |||
| Secure Boot | 0.8 | 1 | 1 | Secure boot is a security standard developed by members of the PC industry to help make sure that a device boots using only software that is trusted by the Original Equipment Manufacturer (OEM) | ||||
| Windows 11 Telnet Client | 0.8 | 1 | 1 | Windows component | ||||
| Windows Admin Center | 0.8 | 1 | 1 | Windows component | ||||
| Windows Admin Center in Azure Portal | 0.8 | 1 | 1 | Windows component | ||||
| Windows Ancillary Function Driver for WinSock | 0.8 | 2 | 2 | 4 | Windows component | |||
| Windows Application Identity (AppID) Subsystem | 0.8 | 1 | 1 | Windows component | ||||
| Windows Cloud Files Mini Filter Driver | 0.8 | 1 | 2 | 3 | Windows component | |||
| Windows Common Log File System Driver | 0.8 | 2 | 2 | Common Log File System is a general-purpose logging subsystem that is accessible to both kernel-mode as well as user-mode applications for building high-performance transaction logs | ||||
| Windows DNS Client | 0.8 | 1 | 1 | Windows component | ||||
| Windows DWM Core Library | 0.8 | 2 | 1 | 3 | Windows component | |||
| Windows Event Logging Service | 0.8 | 1 | 1 | Windows component | ||||
| Windows Filtering Platform (WFP) | 0.8 | 1 | 1 | Windows component | ||||
| Windows GDI | 0.8 | 1 | 1 | Windows component | ||||
| Windows Graphics Component | 0.8 | 1 | 1 | Windows component | ||||
| Windows Kernel-Mode Driver | 0.8 | 1 | 1 | Windows component | ||||
| Windows Lightweight Directory Access Protocol (LDAP) | 0.8 | 1 | 1 | Windows component | ||||
| Windows Link-Layer Discovery Protocol (LLDP) | 0.8 | 1 | 1 | Windows component | ||||
| Windows Message Queuing (MSMQ) | 0.8 | 1 | 1 | Windows component | ||||
| Windows Native WiFi Miniport Driver | 0.8 | 1 | 1 | Windows component | ||||
| Windows Netlogon | 0.8 | 1 | 1 | Windows component | ||||
| Windows Print Spooler | 0.8 | 1 | 1 | Windows component | ||||
| Windows Projected File System | 0.8 | 1 | 1 | Windows component | ||||
| Windows Remote Desktop Services | 0.8 | 1 | 1 | Remote Desktop Services, known as Terminal Services in Windows Server 2008 and earlier, is one of the components of Microsoft Windows that allow a user to initiate and control an interactive session on a remote computer or virtual machine over a network connection | ||||
| Windows Rich Text Edit | 0.8 | 2 | 2 | Windows component | ||||
| Windows Storage Spaces Controller | 0.8 | 1 | 1 | Windows component | ||||
| Windows Storport Miniport Driver | 0.8 | 1 | 1 | Windows component | ||||
| Windows TCP/IP Local | 0.8 | 1 | 1 | Windows component | ||||
| Windows Telephony Service | 0.8 | 2 | 1 | 3 | Windows component | |||
| Windows Volume Manager Extension Driver | 0.8 | 1 | 1 | Windows component | ||||
| Windows WAN ARP Driver | 0.8 | 1 | 1 | Windows component | ||||
| .NET | 0.7 | 2 | 2 | .NET | ||||
| Microsoft Excel | 0.6 | 3 | 3 | MS Office product | ||||
| Microsoft Word | 0.6 | 1 | 5 | 6 | Microsoft Word is a widely used commercial word processor developed by Microsoft. It is a component of the Microsoft Office suite of productivity software but can also be purchased as a standalone product. | |||
| Windows Hyper-V | 0.6 | 1 | 1 | Hardware virtualization component of the client editions of Windows NT | ||||
| Azure Connected Machine Agent | 0.5 | 1 | 1 | Azure Connected Machine Agent | ||||
| Azure Logic Apps | 0.5 | 1 | 1 | Azure Logic Apps | ||||
| Azure Machine Learning Notebook | 0.5 | 1 | 1 | Azure Machine Learning Notebook | ||||
| Azure Monitor Agent | 0.5 | 1 | 1 | Azure Monitor Agent | ||||
| Azure Monitor Agent Metrics Extension | 0.5 | 1 | 1 | Azure Monitor Agent Metrics Extension | ||||
| Azure SDK for Java | 0.5 | 1 | 1 | Azure SDK for Java | ||||
| Data Deduplication | 0.5 | 1 | 1 | Data Deduplication | ||||
| GitHub Copilot and Visual Studio Code | 0.5 | 1 | 1 | GitHub Copilot and Visual Studio Code | ||||
| Internet Key Exchange (IKE) Protocol | 0.5 | 1 | 1 | Internet Key Exchange (IKE) Protocol | ||||
| M365 Copilot for Desktop | 0.5 | 1 | 1 | M365 Copilot for Desktop | ||||
| Microsoft 365 Copilot for Android | 0.5 | 1 | 1 | Microsoft 365 Copilot for Android | ||||
| Microsoft Data Formulator | 0.5 | 1 | 1 | Microsoft Data Formulator | ||||
| Microsoft Dynamics 365 Business Central | 0.5 | 1 | 1 | Microsoft Dynamics 365 Business Central | ||||
| Microsoft Dynamics 365 On-Premises | 0.5 | 2 | 2 | Microsoft Dynamics 365 On-Premises | ||||
| Microsoft Message Queuing (MSMQ) | 0.5 | 1 | 1 | Microsoft Message Queuing (MSMQ) | ||||
| Microsoft Office Click-To-Run | 0.5 | 4 | 4 | Microsoft Office Click-To-Run | ||||
| Microsoft Outlook for iOS | 0.5 | 1 | 1 | Microsoft Outlook for iOS | ||||
| Microsoft Power Automate Desktop | 0.5 | 1 | 1 | Microsoft Power Automate Desktop | ||||
| Microsoft PowerPoint for Android | 0.5 | 1 | 1 | Microsoft PowerPoint for Android | ||||
| Microsoft SSO Plugin for Jira & Confluence Elevation of Privilege Vulnerability. Microsoft SSO Plugin for Jira & Confluence | 0.5 | 1 | 1 | Microsoft SSO Plugin for Jira & Confluence Elevation of Privilege Vulnerability. Microsoft SSO Plugin for Jira & Confluence | ||||
| Microsoft SharePoint Server | 0.5 | 5 | 1 | 6 | Microsoft SharePoint Server | |||
| Microsoft Teams | 0.5 | 1 | 1 | Microsoft Teams | ||||
| Microsoft Word for Android | 0.5 | 1 | 1 | Microsoft Word for Android | ||||
| SQL Server | 0.5 | 1 | 1 | SQL Server | ||||
| Visual Studio Code | 0.3 | 4 | 4 | Integrated development environment |
| Vulnerability Type | Criticality | U | C | H | M | L | A |
|---|---|---|---|---|---|---|---|
| Remote Code Execution | 1.0 | 20 | 9 | 29 | |||
| Security Feature Bypass | 0.9 | 2 | 4 | 6 | |||
| Elevation of Privilege | 0.85 | 1 | 25 | 32 | 58 | ||
| Information Disclosure | 0.83 | 2 | 7 | 9 | |||
| Denial of Service | 0.7 | 1 | 7 | 8 | |||
| Spoofing | 0.4 | 7 | 7 | ||||
| Tampering | 0.3 | 2 | 2 |
| Source | U | C | H | M | L | A |
|---|---|---|---|---|---|---|
| Qualys | 1 | 16 | 8 | 25 | ||
| Tenable | 1 | 4 | 5 | 10 | ||
| Rapid7 | 2 | 1 | 3 | |||
| ZDI | 4 | 4 |
1. 
Elevation of Privilege - Windows Kernel (CVE-2026-40369) - Critical [611]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners:PublicExploit:GitHub:ORINIMRON123:CVE-2026-40369-EXPLOIT website | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.9 | 14 | Windows Kernel | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.00023, EPSS Percentile is 0.06592 |
Qualys: Other Microsoft Vulnerability Highlights CVE-2026-33840 is an elevation of privilege vulnerability in Win32k. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2026-33841 is an elevation of privilege vulnerability in the Windows Kernel. The heap-based buffer overflow vulnerability may allow an authenticated attacker to elevate local privileges. CVE-2026-35416 is an elevation of privilege vulnerability in the Windows Ancillary Function Driver for WinSock. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2026-35417 is an elevation of privilege vulnerability in the Windows Win32k. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2026-33837 is an elevation of privilege vulnerability in Windows TCP/IP. The heap-based buffer overflow vulnerability may allow an authenticated attacker to elevate privileges locally. CVE-2026-33835 is an elevation of privilege vulnerability in the Windows Cloud Files Mini Filter Driver. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2026-40369 is an elevation of privilege vulnerability in the Windows Kernel. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2026-40397 is an elevation of privilege vulnerability in the Windows Common Log File System Driver. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2026-40398 is an elevation of privilege vulnerability in the Windows Remote Desktop Services. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
Tenable: CVE-2026-33841, CVE-2026-35420, CVE-2026-40369 | Windows Kernel Elevation of Privilege Vulnerabilities
Tenable: CVE-2026-33841, CVE-2026-35420 and CVE-2026-40369 are EoP vulnerabilities affecting the Windows Kernel. Each of the flaws have been assigned CVSSv3 scores of 7.8 and rated as important. Both CVE-2026-33841 and CVE-2026-40369 were assessed as "Exploitation More Likely," which could be abused by a local attacker to elevate to SYSTEM or Medium/High integrity level in the case of CVE-2026-33841. Including these three EoPs, there have been 13 disclosed Windows Kernel EoP vulnerabilities addressed so far in 2026.
2. 
Remote Code Execution - Windows DNS Client (CVE-2026-41096) - High [466]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 1.0 | 10 | CVSS Base Score is 9.8. According to Microsoft data source | |
| 0.3 | 10 | EPSS Probability is 0.00096, EPSS Percentile is 0.26318 |
Qualys: CVE-2026-41096: Windows DNS Client Remote Code Execution Vulnerability A heap-based buffer overflow vulnerability in Microsoft Windows DNS may allow an unauthenticated attacker to execute arbitrary code remotely.
Rapid7: An attacker looking for a master key for Windows assets will pay attention to CVE-2026-41096, a critical RCE in the Windows DNS client implementation. A modern computer talks to DNS the way a child in the back of a car asks “are we there yet?” The variable and complex structure of DNS responses means that DNS client implementations are also complex and thus prone to flaws. Microsoft assesses exploitation as less likely, and we can hope that modern mitigations such as heap address randomization and optional-but-recommended encrypted channel DNS will make weaponization significantly more challenging by putting barriers across specific paths to exploitation. The DNS client on Windows runs as the NetworkService role, rather than SYSTEM, but a foothold is a foothold, and skilled attackers expect to chain exploits together.
ZDI: CVE-2026-41096 - Windows DNS Client Remote Code Execution Vulnerability. This patch fixes a heap-based buffer overflow in the DNS Client triggered by a malicious DNS response. No authentication or user interaction needed, and since the DNS Client runs on virtually every Windows machine, the attack surface is enormous. An attacker with a position to influence DNS responses (MitM, rogue server) could achieve unauthenticated RCE across your enterprise.
3. Remote Code Execution - Windows Netlogon (CVE-2026-41089) - High [466]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 1.0 | 10 | CVSS Base Score is 9.8. According to Microsoft data source | |
| 0.3 | 10 | EPSS Probability is 0.00129, EPSS Percentile is 0.31858 |
Qualys: CVE-2026-41089: Windows Netlogon Remote Code Execution Vulnerability A stack-based buffer overflow vulnerability in Windows Netlogon could allow an unauthenticated attacker to execute code over the network. An attacker may exploit the vulnerability by sending a specially crafted network request to a Windows server that is acting as a domain controller.
Tenable: CVE-2026-41089 | Windows Netlogon Remote Code Execution Vulnerability
Tenable: CVE-2026-41089 is a RCE vulnerability affecting Windows Netlogon, a Windows Server process used for authentication within a domain. It was assigned a CVSSv3 score of 9.8 and rated as critical. A remote, unauthenticated attacker could exploit this flaw by sending a crafted network request to a Windows server running as a domain controller. This packet could exploit a stack-based buffer overflow flaw, allowing the attacker to execute code on an affected system. Despite the critical severity and near perfect CVSSv3 score, this flaw was assessed by Microsoft as “Exploitation Less Likely.”
Rapid7: Anyone responsible for securing a domain controller should prioritize remediation of CVE-2026-41089, which is a critical stack-based buffer overflow in Windows Netlogon with a CVSS v3 base score of 9.8. Exploitation leads to execution in the context of the Netlogon service, so that’s SYSTEM privileges on the domain controller. For most pentesters, that’s the point at which the customer report more or less writes itself. No privileges or user interaction are required, and attack complexity is low, which suggests that creation of a reliable exploit might not be especially difficult for anyone with knowledge of the specific mechanism.
Rapid7: Microsoft assesses exploitation as less likely, but since those exploitability assessments are provided without an accompanying explanation, it’s not clear how much reassurance defenders should take. Anyone who remembers the much-discussed CVE-2020-1472 (aka ZeroLogon) back in 2020 will note that CVE-2026-41089 offers an attacker more immediate control of a domain controller. Patches are available for all versions of Windows Server from 2012 onwards.
ZDI: CVE-2026-41089 - Windows Netlogon Remote Code Execution Vulnerability. This update covers another CVSS 9.8 bug, which is a stack-based buffer overflow that lets an unauthenticated remote attacker execute code on a domain controller by sending a specially crafted network request — no credentials, no user interaction required. Yup – that makes it wormable. This is the highest-impact bug that requires immediate patching: a compromised domain controller is a compromised domain.
4. Remote Code Execution - Windows TCP/IP (CVE-2026-40415) - High [459]
Description: Use after free in
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.9 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 8.1. According to NVD data source | |
| 0.3 | 10 | EPSS Probability is 0.00091, EPSS Percentile is 0.25414 |
ZDI: CVE-2026-40415 - Windows TCP/IP Remote Code Execution Vulnerability. This bug in the TCP/IP stack results from a use-after-free (UAF) and could allow a remote, unauthenticated threat actor to execute code without user interaction. That makes this another wormable bug. However, this one is much less likely to be exploited. The target needs to be under sustained low-memory (memory pressure) conditions, which is pretty rare. Still, no need to tempt fate here. Test and deploy this one quickly.
5. Remote Code Execution - Microsoft SharePoint Server (CVE-2026-33110) - High [452]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | Microsoft SharePoint Server | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0.7 | 10 | EPSS Probability is 0.00621, EPSS Percentile is 0.70291 |
6. Remote Code Execution - Microsoft SharePoint Server (CVE-2026-33112) - High [452]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | Microsoft SharePoint Server | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0.7 | 10 | EPSS Probability is 0.00621, EPSS Percentile is 0.70291 |
7. Remote Code Execution - Microsoft SharePoint Server (CVE-2026-35439) - High [452]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | Microsoft SharePoint Server | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0.7 | 10 | EPSS Probability is 0.00621, EPSS Percentile is 0.70291 |
8. Remote Code Execution - Microsoft SharePoint Server (CVE-2026-40357) - High [452]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | Microsoft SharePoint Server | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0.7 | 10 | EPSS Probability is 0.00621, EPSS Percentile is 0.70291 |
9. 
Security Feature Bypass - Secure Boot (CVE-2026-41097) - High [436]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.8 | 14 | Secure boot is a security standard developed by members of the PC industry to help make sure that a device boots using only software that is trusted by the Original Equipment Manufacturer (OEM) | |
| 0.7 | 10 | CVSS Base Score is 6.7. According to Microsoft data source | |
| 0.5 | 10 | EPSS Probability is 0.00255, EPSS Percentile is 0.48809 |
10. Elevation of Privilege - Windows Win32k (CVE-2026-35417) - High [432]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.9 | 14 | The Win32k.sys driver is the kernel side of some core parts of the Windows subsystem. Its main functionality is the GUI of Windows; it's responsible for window management. | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.3 | 10 | EPSS Probability is 0.00126, EPSS Percentile is 0.31282 |
Qualys: Other Microsoft Vulnerability Highlights CVE-2026-33840 is an elevation of privilege vulnerability in Win32k. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2026-33841 is an elevation of privilege vulnerability in the Windows Kernel. The heap-based buffer overflow vulnerability may allow an authenticated attacker to elevate local privileges. CVE-2026-35416 is an elevation of privilege vulnerability in the Windows Ancillary Function Driver for WinSock. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2026-35417 is an elevation of privilege vulnerability in the Windows Win32k. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2026-33837 is an elevation of privilege vulnerability in Windows TCP/IP. The heap-based buffer overflow vulnerability may allow an authenticated attacker to elevate privileges locally. CVE-2026-33835 is an elevation of privilege vulnerability in the Windows Cloud Files Mini Filter Driver. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2026-40369 is an elevation of privilege vulnerability in the Windows Kernel. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2026-40397 is an elevation of privilege vulnerability in the Windows Common Log File System Driver. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2026-40398 is an elevation of privilege vulnerability in the Windows Remote Desktop Services. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
11. Remote Code Execution - Microsoft Office (CVE-2026-40358) - High [430]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Microsoft Office is a suite of applications designed to help with productivity and completing common tasks on a computer | |
| 0.8 | 10 | CVSS Base Score is 8.4. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00057, EPSS Percentile is 0.17825 |
Qualys: CVE-2026-40358: Microsoft Office Remote Code Execution Vulnerability A use-after-free vulnerability in Microsoft Office could allow an unauthenticated attacker to execute arbitrary code remotely.
12. Remote Code Execution - Microsoft Office (CVE-2026-40363) - High [430]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Microsoft Office is a suite of applications designed to help with productivity and completing common tasks on a computer | |
| 0.8 | 10 | CVSS Base Score is 8.4. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00057, EPSS Percentile is 0.17825 |
Qualys: CVE-2026-40363 & CVE-2026-42831: Microsoft Office Remote Code Execution Vulnerability A heap-based buffer overflow vulnerability in Microsoft Office may allow an unauthenticated attacker to execute arbitrary code remotely.
13. Remote Code Execution - Microsoft Office (CVE-2026-42831) - High [430]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Microsoft Office is a suite of applications designed to help with productivity and completing common tasks on a computer | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00062, EPSS Percentile is 0.19179 |
Qualys: CVE-2026-40363 & CVE-2026-42831: Microsoft Office Remote Code Execution Vulnerability A heap-based buffer overflow vulnerability in Microsoft Office may allow an unauthenticated attacker to execute arbitrary code remotely.
14. Remote Code Execution - Windows GDI (CVE-2026-35421) - High [430]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00062, EPSS Percentile is 0.19179 |
Qualys: CVE-2026-35421: Windows GDI Remote Code Execution Vulnerability A heap-based buffer overflow vulnerability in Windows GDI could allow an unauthenticated attacker to execute arbitrary code remotely.
15. Remote Code Execution - Windows Kernel-Mode Driver (CVE-2026-34332) - High [430]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 8.0. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00062, EPSS Percentile is 0.19124 |
16. Remote Code Execution - Windows Native WiFi Miniport Driver (CVE-2026-32161) - High [430]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.0008, EPSS Percentile is 0.23383 |
Qualys: CVE-2026-32161: Windows Native WiFi Miniport Driver Remote Code Execution Vulnerability A race condition in the Windows Native WiFi Miniport Driver could allow an unauthenticated attacker to execute code over an adjacent network.
17. Remote Code Execution - Microsoft SharePoint Server (CVE-2026-40368) - High [428]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | Microsoft SharePoint Server | |
| 0.8 | 10 | CVSS Base Score is 8.0. According to Microsoft data source | |
| 0.6 | 10 | EPSS Probability is 0.00353, EPSS Percentile is 0.57772 |
18. Remote Code Execution - Microsoft Word (CVE-2026-40364) - High [421]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.6 | 14 | Microsoft Word is a widely used commercial word processor developed by Microsoft. It is a component of the Microsoft Office suite of productivity software but can also be purchased as a standalone product. | |
| 0.8 | 10 | CVSS Base Score is 8.4. According to Microsoft data source | |
| 0.4 | 10 | EPSS Probability is 0.00192, EPSS Percentile is 0.4082 |
Qualys: CVE-2026-40364: Microsoft Word Remote Code Execution Vulnerability A type confusion vulnerability in Microsoft Word may allow an unauthenticated attacker to execute arbitrary code remotely.
Tenable: CVE-2026-40361, CVE-2026-40364, CVE-2026-40366 and CVE-2026-40367 | Microsoft Word Remote Code Execution Vulnerabilities
Tenable: CVE-2026-40361, CVE-2026-40364, CVE-2026-40366 and CVE-2026-40367 RCE vulnerabilities affecting Microsoft Word. Each of these RCEs were assigned CVSSv3 scores of 8.4 and rated as critical, though CVE-2026-40361 and CVE-2026-40364 were the only ones assessed to be “Exploitation More Likely.” An attacker could exploit these flaws through social engineering by sending the malicious file to an intended target. Successful exploitation would grant code execution privileges to the attacker. Additionally, Microsoft notes that the Preview Pane is an attack vector for each of these vulnerabilities.
19. Elevation of Privilege - Windows Kernel (CVE-2026-33841) - High [420]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.9 | 14 | Windows Kernel | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00049, EPSS Percentile is 0.15299 |
Qualys: Other Microsoft Vulnerability Highlights CVE-2026-33840 is an elevation of privilege vulnerability in Win32k. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2026-33841 is an elevation of privilege vulnerability in the Windows Kernel. The heap-based buffer overflow vulnerability may allow an authenticated attacker to elevate local privileges. CVE-2026-35416 is an elevation of privilege vulnerability in the Windows Ancillary Function Driver for WinSock. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2026-35417 is an elevation of privilege vulnerability in the Windows Win32k. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2026-33837 is an elevation of privilege vulnerability in Windows TCP/IP. The heap-based buffer overflow vulnerability may allow an authenticated attacker to elevate privileges locally. CVE-2026-33835 is an elevation of privilege vulnerability in the Windows Cloud Files Mini Filter Driver. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2026-40369 is an elevation of privilege vulnerability in the Windows Kernel. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2026-40397 is an elevation of privilege vulnerability in the Windows Common Log File System Driver. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2026-40398 is an elevation of privilege vulnerability in the Windows Remote Desktop Services. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
Tenable: CVE-2026-33841, CVE-2026-35420, CVE-2026-40369 | Windows Kernel Elevation of Privilege Vulnerabilities
Tenable: CVE-2026-33841, CVE-2026-35420 and CVE-2026-40369 are EoP vulnerabilities affecting the Windows Kernel. Each of the flaws have been assigned CVSSv3 scores of 7.8 and rated as important. Both CVE-2026-33841 and CVE-2026-40369 were assessed as "Exploitation More Likely," which could be abused by a local attacker to elevate to SYSTEM or Medium/High integrity level in the case of CVE-2026-33841. Including these three EoPs, there have been 13 disclosed Windows Kernel EoP vulnerabilities addressed so far in 2026.
20. Elevation of Privilege - Windows Kernel (CVE-2026-35420) - High [420]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.9 | 14 | Windows Kernel | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00049, EPSS Percentile is 0.15299 |
Tenable: CVE-2026-33841, CVE-2026-35420, CVE-2026-40369 | Windows Kernel Elevation of Privilege Vulnerabilities
Tenable: CVE-2026-33841, CVE-2026-35420 and CVE-2026-40369 are EoP vulnerabilities affecting the Windows Kernel. Each of the flaws have been assigned CVSSv3 scores of 7.8 and rated as important. Both CVE-2026-33841 and CVE-2026-40369 were assessed as "Exploitation More Likely," which could be abused by a local attacker to elevate to SYSTEM or Medium/High integrity level in the case of CVE-2026-33841. Including these three EoPs, there have been 13 disclosed Windows Kernel EoP vulnerabilities addressed so far in 2026.
21. Elevation of Privilege - Windows TCP/IP (CVE-2026-40399) - High [420]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.9 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00049, EPSS Percentile is 0.15299 |
22. Elevation of Privilege - Windows Win32k (CVE-2026-33840) - High [420]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.9 | 14 | The Win32k.sys driver is the kernel side of some core parts of the Windows subsystem. Its main functionality is the GUI of Windows; it's responsible for window management. | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00066, EPSS Percentile is 0.20371 |
Qualys: Other Microsoft Vulnerability Highlights CVE-2026-33840 is an elevation of privilege vulnerability in Win32k. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2026-33841 is an elevation of privilege vulnerability in the Windows Kernel. The heap-based buffer overflow vulnerability may allow an authenticated attacker to elevate local privileges. CVE-2026-35416 is an elevation of privilege vulnerability in the Windows Ancillary Function Driver for WinSock. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2026-35417 is an elevation of privilege vulnerability in the Windows Win32k. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2026-33837 is an elevation of privilege vulnerability in Windows TCP/IP. The heap-based buffer overflow vulnerability may allow an authenticated attacker to elevate privileges locally. CVE-2026-33835 is an elevation of privilege vulnerability in the Windows Cloud Files Mini Filter Driver. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2026-40369 is an elevation of privilege vulnerability in the Windows Kernel. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2026-40397 is an elevation of privilege vulnerability in the Windows Common Log File System Driver. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2026-40398 is an elevation of privilege vulnerability in the Windows Remote Desktop Services. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
23. Elevation of Privilege - Windows Win32k (CVE-2026-34330) - High [420]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.9 | 14 | The Win32k.sys driver is the kernel side of some core parts of the Windows subsystem. Its main functionality is the GUI of Windows; it's responsible for window management. | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00067, EPSS Percentile is 0.20689 |
24. Elevation of Privilege - Windows Win32k (CVE-2026-34333) - High [420]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.9 | 14 | The Win32k.sys driver is the kernel side of some core parts of the Windows subsystem. Its main functionality is the GUI of Windows; it's responsible for window management. | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00067, EPSS Percentile is 0.20689 |
25. Remote Code Execution - Windows Graphics Component (CVE-2026-40403) - High [419]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0.0 | 10 | EPSS Probability is 0.00017, EPSS Percentile is 0.04398 |
Qualys: CVE-2026-40403: Windows Graphics Component Remote Code Execution Vulnerability A heap-based buffer overflow vulnerability in Windows Win32K – GRFX may allow an authenticated attacker to execute code locally.
26. Remote Code Execution - Windows Volume Manager Extension Driver (CVE-2026-40380) - High [419]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.6 | 10 | CVSS Base Score is 6.2. According to Microsoft data source | |
| 0.3 | 10 | EPSS Probability is 0.00093, EPSS Percentile is 0.25742 |
27. 
Information Disclosure - Windows TCP/IP (CVE-2026-40406) - High [417]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.9 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00085, EPSS Percentile is 0.24462 |
28. Security Feature Bypass - Windows TCP/IP Driver (CVE-2026-35422) - High [417]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.9 | 14 | A kernel mode driver | |
| 0.7 | 10 | CVSS Base Score is 6.5. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00052, EPSS Percentile is 0.16328 |
29. Elevation of Privilege - Windows Admin Center in Azure Portal (CVE-2026-41086) - High [416]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00071, EPSS Percentile is 0.21577 |
30. Elevation of Privilege - Windows Ancillary Function Driver for WinSock (CVE-2026-34344) - High [416]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.3 | 10 | EPSS Probability is 0.00126, EPSS Percentile is 0.31282 |
31. Elevation of Privilege - Windows TCP/IP (CVE-2026-34334) - High [408]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.9 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.00041, EPSS Percentile is 0.12417 |
32. Elevation of Privilege - Windows TCP/IP (CVE-2026-34351) - High [408]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.9 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.00041, EPSS Percentile is 0.12417 |
33. 
Denial of Service - Windows TCP/IP (CVE-2026-40405) - High [405]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.7 | 15 | Denial of Service | |
| 0.9 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
| 0.3 | 10 | EPSS Probability is 0.00149, EPSS Percentile is 0.34977 |
34. Elevation of Privilege - Microsoft Cryptographic Services (CVE-2026-40377) - High [404]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | he Cryptographic Services is a Microsoft Windows feature that encrypts and decrypts data on storage devices when they are accessed | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00049, EPSS Percentile is 0.15299 |
35. Elevation of Privilege - Windows Admin Center (CVE-2026-35438) - High [404]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 8.3. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00058, EPSS Percentile is 0.182 |
36. Elevation of Privilege - Windows Ancillary Function Driver for WinSock (CVE-2026-41088) - High [404]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00073, EPSS Percentile is 0.22 |
37. Elevation of Privilege - Windows Application Identity (AppID) Subsystem (CVE-2026-34343) - High [404]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00049, EPSS Percentile is 0.15299 |
38. Elevation of Privilege - Windows Cloud Files Mini Filter Driver (CVE-2026-33835) - High [404]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00066, EPSS Percentile is 0.20371 |
Qualys: Other Microsoft Vulnerability Highlights CVE-2026-33840 is an elevation of privilege vulnerability in Win32k. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2026-33841 is an elevation of privilege vulnerability in the Windows Kernel. The heap-based buffer overflow vulnerability may allow an authenticated attacker to elevate local privileges. CVE-2026-35416 is an elevation of privilege vulnerability in the Windows Ancillary Function Driver for WinSock. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2026-35417 is an elevation of privilege vulnerability in the Windows Win32k. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2026-33837 is an elevation of privilege vulnerability in Windows TCP/IP. The heap-based buffer overflow vulnerability may allow an authenticated attacker to elevate privileges locally. CVE-2026-33835 is an elevation of privilege vulnerability in the Windows Cloud Files Mini Filter Driver. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2026-40369 is an elevation of privilege vulnerability in the Windows Kernel. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2026-40397 is an elevation of privilege vulnerability in the Windows Common Log File System Driver. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2026-40398 is an elevation of privilege vulnerability in the Windows Remote Desktop Services. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
39. Elevation of Privilege - Windows Common Log File System Driver (CVE-2026-40397) - High [404]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Common Log File System is a general-purpose logging subsystem that is accessible to both kernel-mode as well as user-mode applications for building high-performance transaction logs | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00067, EPSS Percentile is 0.20689 |
Qualys: Other Microsoft Vulnerability Highlights CVE-2026-33840 is an elevation of privilege vulnerability in Win32k. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2026-33841 is an elevation of privilege vulnerability in the Windows Kernel. The heap-based buffer overflow vulnerability may allow an authenticated attacker to elevate local privileges. CVE-2026-35416 is an elevation of privilege vulnerability in the Windows Ancillary Function Driver for WinSock. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2026-35417 is an elevation of privilege vulnerability in the Windows Win32k. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2026-33837 is an elevation of privilege vulnerability in Windows TCP/IP. The heap-based buffer overflow vulnerability may allow an authenticated attacker to elevate privileges locally. CVE-2026-33835 is an elevation of privilege vulnerability in the Windows Cloud Files Mini Filter Driver. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2026-40369 is an elevation of privilege vulnerability in the Windows Kernel. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2026-40397 is an elevation of privilege vulnerability in the Windows Common Log File System Driver. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2026-40398 is an elevation of privilege vulnerability in the Windows Remote Desktop Services. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
40. Elevation of Privilege - Windows Common Log File System Driver (CVE-2026-40407) - High [404]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Common Log File System is a general-purpose logging subsystem that is accessible to both kernel-mode as well as user-mode applications for building high-performance transaction logs | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00049, EPSS Percentile is 0.15299 |
41. Elevation of Privilege - Windows DWM Core Library (CVE-2026-42896) - High [404]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00067, EPSS Percentile is 0.20689 |
42. Elevation of Privilege - Windows Message Queuing (MSMQ) (CVE-2026-33838) - High [404]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.0005, EPSS Percentile is 0.15508 |
43. Elevation of Privilege - Windows Storage Spaces Controller (CVE-2026-35415) - High [404]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00067, EPSS Percentile is 0.20689 |
44. Elevation of Privilege - Windows TCP/IP Local (CVE-2026-33837) - High [404]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00066, EPSS Percentile is 0.20371 |
Qualys: Other Microsoft Vulnerability Highlights CVE-2026-33840 is an elevation of privilege vulnerability in Win32k. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2026-33841 is an elevation of privilege vulnerability in the Windows Kernel. The heap-based buffer overflow vulnerability may allow an authenticated attacker to elevate local privileges. CVE-2026-35416 is an elevation of privilege vulnerability in the Windows Ancillary Function Driver for WinSock. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2026-35417 is an elevation of privilege vulnerability in the Windows Win32k. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2026-33837 is an elevation of privilege vulnerability in Windows TCP/IP. The heap-based buffer overflow vulnerability may allow an authenticated attacker to elevate privileges locally. CVE-2026-33835 is an elevation of privilege vulnerability in the Windows Cloud Files Mini Filter Driver. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2026-40369 is an elevation of privilege vulnerability in the Windows Kernel. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2026-40397 is an elevation of privilege vulnerability in the Windows Common Log File System Driver. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2026-40398 is an elevation of privilege vulnerability in the Windows Remote Desktop Services. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
45. Elevation of Privilege - Windows Telephony Service (CVE-2026-34338) - High [404]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00049, EPSS Percentile is 0.15299 |
46. Elevation of Privilege - Windows Telephony Service (CVE-2026-40382) - High [404]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00049, EPSS Percentile is 0.15299 |
47. Elevation of Privilege - Windows WAN ARP Driver (CVE-2026-40408) - High [404]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00049, EPSS Percentile is 0.15299 |
48. Remote Code Execution - Microsoft Dynamics 365 On-Premises (CVE-2026-42833) - High [404]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | Microsoft Dynamics 365 On-Premises | |
| 0.9 | 10 | CVSS Base Score is 9.1. According to Microsoft data source | |
| 0.3 | 10 | EPSS Probability is 0.00097, EPSS Percentile is 0.26588 |
49. Remote Code Execution - Microsoft Dynamics 365 On-Premises (CVE-2026-42898) - High [404]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | Microsoft Dynamics 365 On-Premises | |
| 1.0 | 10 | CVSS Base Score is 9.9. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00085, EPSS Percentile is 0.24376 |
Qualys: CVE-2026-42898: Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability A code-injection vulnerability in Microsoft Dynamics 365 (on-premises) may allow an authenticated attacker to execute code over the network.
ZDI: CVE-2026-42898 - Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability. This bug rates a CVSS 9.9(!) and represents a code injection in Dynamics 365. It allows any authenticated user to execute code with a scope change, meaning exploitation can break out and affect resources beyond the vulnerable component itself. Scope changes are pretty rare, so if you’re running Dynamics 365 On-Prem, definitely test and deploy this patch quickly.
50. Remote Code Execution - Microsoft Message Queuing (MSMQ) (CVE-2026-34329) - High [404]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | Microsoft Message Queuing (MSMQ) | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0.3 | 10 | EPSS Probability is 0.00096, EPSS Percentile is 0.26336 |
51. Information Disclosure - Windows DWM Core Library (CVE-2026-34336) - High [400]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00049, EPSS Percentile is 0.15299 |
52. Elevation of Privilege - Windows SMB Client (CVE-2026-40410) - Medium [397]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.9 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 7.0. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.13909 |
53. Elevation of Privilege - Windows Win32k (CVE-2026-33839) - Medium [397]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.9 | 14 | The Win32k.sys driver is the kernel side of some core parts of the Windows subsystem. Its main functionality is the GUI of Windows; it's responsible for window management. | |
| 0.7 | 10 | CVSS Base Score is 7.0. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.00041, EPSS Percentile is 0.12417 |
54. Elevation of Privilege - Windows Win32k (CVE-2026-34331) - Medium [397]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.9 | 14 | The Win32k.sys driver is the kernel side of some core parts of the Windows subsystem. Its main functionality is the GUI of Windows; it's responsible for window management. | |
| 0.7 | 10 | CVSS Base Score is 7.0. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.00041, EPSS Percentile is 0.12417 |
55. Elevation of Privilege - Windows Win32k (CVE-2026-34347) - Medium [397]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.9 | 14 | The Win32k.sys driver is the kernel side of some core parts of the Windows subsystem. Its main functionality is the GUI of Windows; it's responsible for window management. | |
| 0.7 | 10 | CVSS Base Score is 7.0. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.13909 |
56. Remote Code Execution - Microsoft Excel (CVE-2026-40359) - Medium [397]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.6 | 14 | MS Office product | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00062, EPSS Percentile is 0.19179 |
57. Remote Code Execution - Microsoft Excel (CVE-2026-40362) - Medium [397]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.6 | 14 | MS Office product | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00062, EPSS Percentile is 0.19179 |
58. Remote Code Execution - Microsoft Word (CVE-2026-40361) - Medium [397]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.6 | 14 | Microsoft Word is a widely used commercial word processor developed by Microsoft. It is a component of the Microsoft Office suite of productivity software but can also be purchased as a standalone product. | |
| 0.8 | 10 | CVSS Base Score is 8.4. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00075, EPSS Percentile is 0.22334 |
Qualys: CVE-2026-40361 & CVE-2026-40366: Microsoft Word Remote Code Execution Vulnerability A use-after-free vulnerability in Microsoft Word may allow an unauthenticated attacker to execute arbitrary code remotely.
Tenable: CVE-2026-40361, CVE-2026-40364, CVE-2026-40366 and CVE-2026-40367 | Microsoft Word Remote Code Execution Vulnerabilities
Tenable: CVE-2026-40361, CVE-2026-40364, CVE-2026-40366 and CVE-2026-40367 RCE vulnerabilities affecting Microsoft Word. Each of these RCEs were assigned CVSSv3 scores of 8.4 and rated as critical, though CVE-2026-40361 and CVE-2026-40364 were the only ones assessed to be “Exploitation More Likely.” An attacker could exploit these flaws through social engineering by sending the malicious file to an intended target. Successful exploitation would grant code execution privileges to the attacker. Additionally, Microsoft notes that the Preview Pane is an attack vector for each of these vulnerabilities.
59. Remote Code Execution - Microsoft Word (CVE-2026-40366) - Medium [397]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.6 | 14 | Microsoft Word is a widely used commercial word processor developed by Microsoft. It is a component of the Microsoft Office suite of productivity software but can also be purchased as a standalone product. | |
| 0.8 | 10 | CVSS Base Score is 8.4. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00057, EPSS Percentile is 0.17825 |
Qualys: CVE-2026-40361 & CVE-2026-40366: Microsoft Word Remote Code Execution Vulnerability A use-after-free vulnerability in Microsoft Word may allow an unauthenticated attacker to execute arbitrary code remotely.
Tenable: CVE-2026-40361, CVE-2026-40364, CVE-2026-40366 and CVE-2026-40367 | Microsoft Word Remote Code Execution Vulnerabilities
Tenable: CVE-2026-40361, CVE-2026-40364, CVE-2026-40366 and CVE-2026-40367 RCE vulnerabilities affecting Microsoft Word. Each of these RCEs were assigned CVSSv3 scores of 8.4 and rated as critical, though CVE-2026-40361 and CVE-2026-40364 were the only ones assessed to be “Exploitation More Likely.” An attacker could exploit these flaws through social engineering by sending the malicious file to an intended target. Successful exploitation would grant code execution privileges to the attacker. Additionally, Microsoft notes that the Preview Pane is an attack vector for each of these vulnerabilities.
60. Remote Code Execution - Microsoft Word (CVE-2026-40367) - Medium [397]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.6 | 14 | Microsoft Word is a widely used commercial word processor developed by Microsoft. It is a component of the Microsoft Office suite of productivity software but can also be purchased as a standalone product. | |
| 0.8 | 10 | CVSS Base Score is 8.4. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00057, EPSS Percentile is 0.17825 |
Qualys: CVE-2026-40367: Microsoft Word Remote Code Execution Vulnerability A pointer dereference vulnerability in Microsoft Word allows an unauthenticated attacker to execute code locally.
Tenable: CVE-2026-40361, CVE-2026-40364, CVE-2026-40366 and CVE-2026-40367 | Microsoft Word Remote Code Execution Vulnerabilities
Tenable: CVE-2026-40361, CVE-2026-40364, CVE-2026-40366 and CVE-2026-40367 RCE vulnerabilities affecting Microsoft Word. Each of these RCEs were assigned CVSSv3 scores of 8.4 and rated as critical, though CVE-2026-40361 and CVE-2026-40364 were the only ones assessed to be “Exploitation More Likely.” An attacker could exploit these flaws through social engineering by sending the malicious file to an intended target. Successful exploitation would grant code execution privileges to the attacker. Additionally, Microsoft notes that the Preview Pane is an attack vector for each of these vulnerabilities.
61. Denial of Service - Windows TCP/IP (CVE-2026-40413) - Medium [394]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.7 | 15 | Denial of Service | |
| 0.9 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 7.4. According to Microsoft data source | |
| 0.3 | 10 | EPSS Probability is 0.00122, EPSS Percentile is 0.30767 |
62. Denial of Service - Windows TCP/IP (CVE-2026-40414) - Medium [394]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.7 | 15 | Denial of Service | |
| 0.9 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 7.4. According to Microsoft data source | |
| 0.3 | 10 | EPSS Probability is 0.00122, EPSS Percentile is 0.30767 |
63. Elevation of Privilege - Windows Ancillary Function Driver for WinSock (CVE-2026-35416) - Medium [392]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 7.0. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00061, EPSS Percentile is 0.18875 |
Qualys: Other Microsoft Vulnerability Highlights CVE-2026-33840 is an elevation of privilege vulnerability in Win32k. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2026-33841 is an elevation of privilege vulnerability in the Windows Kernel. The heap-based buffer overflow vulnerability may allow an authenticated attacker to elevate local privileges. CVE-2026-35416 is an elevation of privilege vulnerability in the Windows Ancillary Function Driver for WinSock. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2026-35417 is an elevation of privilege vulnerability in the Windows Win32k. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2026-33837 is an elevation of privilege vulnerability in Windows TCP/IP. The heap-based buffer overflow vulnerability may allow an authenticated attacker to elevate privileges locally. CVE-2026-33835 is an elevation of privilege vulnerability in the Windows Cloud Files Mini Filter Driver. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2026-40369 is an elevation of privilege vulnerability in the Windows Kernel. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2026-40397 is an elevation of privilege vulnerability in the Windows Common Log File System Driver. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2026-40398 is an elevation of privilege vulnerability in the Windows Remote Desktop Services. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
64. Elevation of Privilege - Windows Cloud Files Mini Filter Driver (CVE-2026-34337) - Medium [392]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.00041, EPSS Percentile is 0.12417 |
65. Elevation of Privilege - Windows Cloud Files Mini Filter Driver (CVE-2026-35418) - Medium [392]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.00041, EPSS Percentile is 0.12417 |
66. Elevation of Privilege - Windows Event Logging Service (CVE-2026-33834) - Medium [392]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.13942 |
67. Elevation of Privilege - Windows Remote Desktop Services (CVE-2026-40398) - Medium [392]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Remote Desktop Services, known as Terminal Services in Windows Server 2008 and earlier, is one of the components of Microsoft Windows that allow a user to initiate and control an interactive session on a remote computer or virtual machine over a network connection | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.0003, EPSS Percentile is 0.08691 |
Qualys: Other Microsoft Vulnerability Highlights CVE-2026-33840 is an elevation of privilege vulnerability in Win32k. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2026-33841 is an elevation of privilege vulnerability in the Windows Kernel. The heap-based buffer overflow vulnerability may allow an authenticated attacker to elevate local privileges. CVE-2026-35416 is an elevation of privilege vulnerability in the Windows Ancillary Function Driver for WinSock. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2026-35417 is an elevation of privilege vulnerability in the Windows Win32k. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2026-33837 is an elevation of privilege vulnerability in Windows TCP/IP. The heap-based buffer overflow vulnerability may allow an authenticated attacker to elevate privileges locally. CVE-2026-33835 is an elevation of privilege vulnerability in the Windows Cloud Files Mini Filter Driver. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2026-40369 is an elevation of privilege vulnerability in the Windows Kernel. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2026-40397 is an elevation of privilege vulnerability in the Windows Common Log File System Driver. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2026-40398 is an elevation of privilege vulnerability in the Windows Remote Desktop Services. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
68. Elevation of Privilege - Windows Rich Text Edit (CVE-2026-21530) - Medium [392]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 6.7. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00054, EPSS Percentile is 0.16773 |
69. Elevation of Privilege - Windows Rich Text Edit (CVE-2026-32170) - Medium [392]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 6.7. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00054, EPSS Percentile is 0.16773 |
70. Remote Code Execution - Microsoft Data Formulator (CVE-2026-41094) - Medium [392]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | Microsoft Data Formulator | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00067, EPSS Percentile is 0.20674 |
71. Remote Code Execution - Microsoft SharePoint Server (CVE-2026-40365) - Medium [392]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | Microsoft SharePoint Server | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00071, EPSS Percentile is 0.21577 |
Qualys: CVE-2026-40365: Microsoft SharePoint Server Remote Code Execution Vulnerability An insufficient access-control granularity flaw in Microsoft Office SharePoint Server allows an authenticated attacker to execute arbitrary code remotely.
72. Remote Code Execution - SQL Server (CVE-2026-40370) - Medium [392]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | SQL Server | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00069, EPSS Percentile is 0.21064 |
73. Elevation of Privilege - Microsoft SSO Plugin for Jira & Confluence Elevation of Privilege Vulnerability. Microsoft SSO Plugin for Jira & Confluence (CVE-2026-41103) - Medium [389]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.5 | 14 | Microsoft SSO Plugin for Jira & Confluence Elevation of Privilege Vulnerability. Microsoft SSO Plugin for Jira & Confluence | |
| 0.9 | 10 | CVSS Base Score is 9.1. According to Microsoft data source | |
| 0.4 | 10 | EPSS Probability is 0.00171, EPSS Percentile is 0.37961 |
Qualys: CVE-2026-41103: Microsoft SSO Plugin for Jira & Confluence Elevation of Privilege Vulnerability Incorrect implementation of the authentication algorithm in the Microsoft SSO Plugin for Jira & Confluence may allow an unauthenticated attacker to elevate their privileges across the network. An attacker could exploit this vulnerability by sending a specially crafted SSO response during the login process that tricks the system into accepting a forged identity. This could allow the attacker to sign in without authenticating the user through Microsoft Entra ID.
Tenable: Microsoft’s May 2026 Patch Tuesday Addresses 118 CVEs (CVE-2026-41103)
Tenable: CVE-2026-41103 | Microsoft SSO Plugin for Jira & Confluence Elevation of Privilege Vulnerability
Tenable: CVE-2026-41103 is an elevation of privilege vulnerability affecting Microsoft Single-Sign-On (SSO) Plugin for Jira & Confluence. It was assigned a CVSSv3 score of 9.1 and is rated as critical. It was assessed as "Exploitation More Likely" according to Microsoft's Exploitability Index. An unauthorized attacker could exploit this vulnerability during the process of logging in by sending a specially crafted response message. Successful exploitation would allow the attacker to sign-in using a forged identity without Microsoft Entra ID authentication, enabling access to or allowing an attacker to modify data in Jira and Confluence. However, the accessible information is not unfettered, as it is limited by the access defined by the targeted servers for the authorized user.
Rapid7: If you’re still self-hosting Atlassian JIRA or Confluence and relying on the Microsoft Entra ID authentication plugin, you’ll want to know about CVE-2026-41103. This critical elevation of privilege vulnerability allows an unauthorized attacker to impersonate an existing user by presenting forged credentials, thus bypassing Entra ID. Microsoft expects that exploitation is more likely. Even if you can’t always find what you want on the corporate Confluence, a motivated attacker probably will. Curiously, the patch links on the advisory lead to older versions of the plugins published in 2024.
74. Elevation of Privilege - .NET (CVE-2026-32177) - Medium [387]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.7 | 14 | .NET | |
| 0.7 | 10 | CVSS Base Score is 7.3. According to Microsoft data source | |
| 0.3 | 10 | EPSS Probability is 0.00096, EPSS Percentile is 0.2627 |
75. Elevation of Privilege - .NET (CVE-2026-35433) - Medium [387]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.7 | 14 | .NET | |
| 0.7 | 10 | CVSS Base Score is 7.3. According to Microsoft data source | |
| 0.3 | 10 | EPSS Probability is 0.00122, EPSS Percentile is 0.30673 |
76. Elevation of Privilege - AMD Processor (CVE-2025-54518) - Medium [385]
Description: {'ms_cve_data_all': 'AMD: CVE-2025-54518 CPU OP Cache Corruption', 'nvd_cve_data_all': 'Improper isolation of shared resources within the CPU operation cache on Zen 2-based products could allow an attacker to corrupt instructions executed at a different privilege level, potentially resulting in privilege escalation.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Improper isolation of shared resources within the CPU operation cache on Zen 2-based products could allow an attacker to corrupt instructions executed at a different privilege level, potentially resulting in privilege escalation.', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.9 | 14 | Processor | |
| 0.7 | 10 | CVSS Base Score is 7.3. According to Vulners data source | |
| 0.0 | 10 | EPSS Probability is 0.00013, EPSS Percentile is 0.02045 |
Tenable: Microsoft patched 118 CVEs in its May 2026 Patch Tuesday release, with 16 rated critical and 102 rated as important. Our counts omitted CVE-2025-54518, an AMD CPU OP Cache Corruption vulnerability issued by AMD.
77. Denial of Service - Windows TCP/IP (CVE-2026-40401) - Medium [382]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.7 | 15 | Denial of Service | |
| 0.9 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 7.1. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00049, EPSS Percentile is 0.15268 |
78. Elevation of Privilege - Windows Hyper-V (CVE-2026-40402) - Medium [382]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.6 | 14 | Hardware virtualization component of the client editions of Windows NT | |
| 0.9 | 10 | CVSS Base Score is 9.3. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00057, EPSS Percentile is 0.17825 |
Qualys: CVE-2026-40402: Windows Hyper-V Elevation of Privilege Vulnerability A use-after-free vulnerability in Windows Hyper-V may allow an unauthenticated attacker to elevate local privileges. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges.
79. Elevation of Privilege - Windows Ancillary Function Driver for WinSock (CVE-2026-34345) - Medium [380]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 7.0. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.00041, EPSS Percentile is 0.12417 |
80. Elevation of Privilege - Windows Link-Layer Discovery Protocol (LLDP) (CVE-2026-34341) - Medium [380]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 7.0. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.13909 |
81. Elevation of Privilege - Windows Print Spooler (CVE-2026-34342) - Medium [380]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 7.0. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.00041, EPSS Percentile is 0.12589 |
82. Elevation of Privilege - Windows Projected File System (CVE-2026-34340) - Medium [380]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 7.0. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.13909 |
83. Elevation of Privilege - Windows Telephony Service (CVE-2026-42825) - Medium [380]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 7.0. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.13909 |
84. Denial of Service - Windows Storport Miniport Driver (CVE-2026-34350) - Medium [377]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.7 | 15 | Denial of Service | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 6.5. According to Microsoft data source | |
| 0.3 | 10 | EPSS Probability is 0.00092, EPSS Percentile is 0.25545 |
85. Elevation of Privilege - Azure Logic Apps (CVE-2026-42823) - Medium [377]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.5 | 14 | Azure Logic Apps | |
| 1.0 | 10 | CVSS Base Score is 9.9. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00071, EPSS Percentile is 0.21577 |
86. Security Feature Bypass - GitHub Copilot and Visual Studio Code (CVE-2026-41109) - Medium [375]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.5 | 14 | GitHub Copilot and Visual Studio Code | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00067, EPSS Percentile is 0.20674 |
87. Information Disclosure - Microsoft Excel (CVE-2026-40360) - Medium [367]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.6 | 14 | MS Office product | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00062, EPSS Percentile is 0.19179 |
88. Denial of Service - ASP.NET Core (CVE-2026-42899) - Medium [365]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.7 | 15 | Denial of Service | |
| 0.8 | 14 | An open-source, server-side web-application framework designed for web development | |
| 0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.00047, EPSS Percentile is 0.14405 |
89. Information Disclosure - Windows 11 Telnet Client (CVE-2026-35423) - Medium [364]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.8 | 14 | Windows component | |
| 0.5 | 10 | CVSS Base Score is 5.4. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00057, EPSS Percentile is 0.17649 |
90. Information Disclosure - Windows DWM Core Library (CVE-2026-35419) - Medium [364]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.8 | 14 | Windows component | |
| 0.6 | 10 | CVSS Base Score is 5.5. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.00042, EPSS Percentile is 0.12855 |
91. Security Feature Bypass - Azure SDK for Java (CVE-2026-33117) - Medium [363]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.5 | 14 | Azure SDK for Java | |
| 0.9 | 10 | CVSS Base Score is 9.1. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.0003, EPSS Percentile is 0.08608 |
92. Elevation of Privilege - Azure Monitor Agent (CVE-2026-32204) - Medium [354]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.5 | 14 | Azure Monitor Agent | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00073, EPSS Percentile is 0.22 |
93. Elevation of Privilege - Data Deduplication (CVE-2026-41095) - Medium [354]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.5 | 14 | Data Deduplication | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00049, EPSS Percentile is 0.15299 |
94. Elevation of Privilege - Microsoft Office Click-To-Run (CVE-2026-35436) - Medium [354]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.5 | 14 | Microsoft Office Click-To-Run | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.13942 |
95. Elevation of Privilege - Microsoft Office Click-To-Run (CVE-2026-40418) - Medium [354]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.5 | 14 | Microsoft Office Click-To-Run | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00049, EPSS Percentile is 0.15299 |
96. Elevation of Privilege - Microsoft Office Click-To-Run (CVE-2026-40419) - Medium [354]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.5 | 14 | Microsoft Office Click-To-Run | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00049, EPSS Percentile is 0.15299 |
97. Elevation of Privilege - Microsoft Office Click-To-Run (CVE-2026-40420) - Medium [354]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.5 | 14 | Microsoft Office Click-To-Run | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.13942 |
98. Security Feature Bypass - Windows Filtering Platform (WFP) (CVE-2026-32209) - Medium [353]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.8 | 14 | Windows component | |
| 0.4 | 10 | CVSS Base Score is 4.4. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.0004, EPSS Percentile is 0.12215 |
99. Information Disclosure - Microsoft Power Automate Desktop (CVE-2026-40374) - Medium [350]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.5 | 14 | Microsoft Power Automate Desktop | |
| 0.7 | 10 | CVSS Base Score is 6.5. According to Microsoft data source | |
| 0.3 | 10 | EPSS Probability is 0.00122, EPSS Percentile is 0.30786 |
100. Elevation of Privilege - Azure Connected Machine Agent (CVE-2026-40381) - Medium [342]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.5 | 14 | Azure Connected Machine Agent | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.13942 |
101. Elevation of Privilege - Azure Monitor Agent Metrics Extension (CVE-2026-42830) - Medium [342]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.5 | 14 | Azure Monitor Agent Metrics Extension | |
| 0.7 | 10 | CVSS Base Score is 6.5. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00059, EPSS Percentile is 0.18491 |
102. Elevation of Privilege - Microsoft Dynamics 365 Business Central (CVE-2026-40417) - Medium [342]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.5 | 14 | Microsoft Dynamics 365 Business Central | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.13942 |
103. Denial of Service - Windows Lightweight Directory Access Protocol (LDAP) (CVE-2026-34339) - Medium [341]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.7 | 15 | Denial of Service | |
| 0.8 | 14 | Windows component | |
| 0.6 | 10 | CVSS Base Score is 5.5. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.00042, EPSS Percentile is 0.12853 |
104. Denial of Service - Internet Key Exchange (IKE) Protocol (CVE-2026-35424) - Medium [339]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.7 | 15 | Denial of Service | |
| 0.5 | 14 | Internet Key Exchange (IKE) Protocol | |
| 0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
| 0.3 | 10 | EPSS Probability is 0.00105, EPSS Percentile is 0.2807 |
105. Remote Code Execution - Visual Studio Code (CVE-2026-41611) - Medium [335]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.3 | 14 | Integrated development environment | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.00037, EPSS Percentile is 0.11135 |
106. Elevation of Privilege - Visual Studio Code (CVE-2026-41613) - Medium [332]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.3 | 14 | Integrated development environment | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00065, EPSS Percentile is 0.20194 |
107. Information Disclosure - Microsoft Word (CVE-2026-35440) - Medium [331]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.6 | 14 | Microsoft Word is a widely used commercial word processor developed by Microsoft. It is a component of the Microsoft Office suite of productivity software but can also be purchased as a standalone product. | |
| 0.6 | 10 | CVSS Base Score is 5.5. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.00042, EPSS Percentile is 0.1296 |
108. Information Disclosure - Microsoft Word (CVE-2026-40421) - Medium [319]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.6 | 14 | Microsoft Word is a widely used commercial word processor developed by Microsoft. It is a component of the Microsoft Office suite of productivity software but can also be purchased as a standalone product. | |
| 0.4 | 10 | CVSS Base Score is 4.3. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00053, EPSS Percentile is 0.16448 |
109. 
Spoofing - Microsoft Office (CVE-2026-42832) - Medium [311]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.4 | 15 | Spoofing | |
| 0.8 | 14 | Microsoft Office is a suite of applications designed to help with productivity and completing common tasks on a computer | |
| 0.8 | 10 | CVSS Base Score is 7.7. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.00046, EPSS Percentile is 0.14224 |
110. Security Feature Bypass - Visual Studio Code (CVE-2026-41610) - Medium [294]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.3 | 14 | Integrated development environment | |
| 0.6 | 10 | CVSS Base Score is 6.3. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.00036, EPSS Percentile is 0.10773 |
111. Information Disclosure - Visual Studio Code (CVE-2026-41612) - Medium [281]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.3 | 14 | Integrated development environment | |
| 0.6 | 10 | CVSS Base Score is 5.5. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.00036, EPSS Percentile is 0.10692 |
112. Spoofing - Azure Machine Learning Notebook (CVE-2026-33833) - Medium [273]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.4 | 15 | Spoofing | |
| 0.5 | 14 | Azure Machine Learning Notebook | |
| 0.8 | 10 | CVSS Base Score is 8.2. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00051, EPSS Percentile is 0.15798 |
113. 
Tampering - .NET Core (CVE-2026-32175) - Medium [258]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.3 | 15 | Tampering | |
| 0.8 | 14 | .NET Core | |
| 0.4 | 10 | CVSS Base Score is 4.3. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00084, EPSS Percentile is 0.24201 |
114. Spoofing - M365 Copilot for Desktop (CVE-2026-41614) - Medium [250]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.4 | 15 | Spoofing | |
| 0.5 | 14 | M365 Copilot for Desktop | |
| 0.6 | 10 | CVSS Base Score is 6.2. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.0005, EPSS Percentile is 0.15659 |
115. Spoofing - Microsoft PowerPoint for Android (CVE-2026-41102) - Medium [250]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.4 | 15 | Spoofing | |
| 0.5 | 14 | Microsoft PowerPoint for Android | |
| 0.7 | 10 | CVSS Base Score is 7.1. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.13437 |
116. Spoofing - Microsoft Word for Android (CVE-2026-41101) - Medium [250]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.4 | 15 | Spoofing | |
| 0.5 | 14 | Microsoft Word for Android | |
| 0.7 | 10 | CVSS Base Score is 7.1. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.13437 |
117. Tampering - Microsoft Outlook for iOS (CVE-2026-42893) - Medium [244]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.3 | 15 | Tampering | |
| 0.5 | 14 | Microsoft Outlook for iOS | |
| 0.7 | 10 | CVSS Base Score is 7.4. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00054, EPSS Percentile is 0.16762 |
118. Spoofing - Microsoft Teams (CVE-2026-32185) - Medium [238]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.4 | 15 | Spoofing | |
| 0.5 | 14 | Microsoft Teams | |
| 0.6 | 10 | CVSS Base Score is 5.5. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.00042, EPSS Percentile is 0.1296 |
119. Spoofing - Microsoft 365 Copilot for Android (CVE-2026-41100) - Medium [214]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.4 | 15 | Spoofing | |
| 0.5 | 14 | Microsoft 365 Copilot for Android | |
| 0.4 | 10 | CVSS Base Score is 4.4. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.0004, EPSS Percentile is 0.12215 |
Elevation of Privilege (1)Qualys: Other Microsoft Vulnerability Highlights CVE-2026-33840 is an elevation of privilege vulnerability in Win32k. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2026-33841 is an elevation of privilege vulnerability in the Windows Kernel. The heap-based buffer overflow vulnerability may allow an authenticated attacker to elevate local privileges. CVE-2026-35416 is an elevation of privilege vulnerability in the Windows Ancillary Function Driver for WinSock. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2026-35417 is an elevation of privilege vulnerability in the Windows Win32k. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2026-33837 is an elevation of privilege vulnerability in Windows TCP/IP. The heap-based buffer overflow vulnerability may allow an authenticated attacker to elevate privileges locally. CVE-2026-33835 is an elevation of privilege vulnerability in the Windows Cloud Files Mini Filter Driver. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2026-40369 is an elevation of privilege vulnerability in the Windows Kernel. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2026-40397 is an elevation of privilege vulnerability in the Windows Common Log File System Driver. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2026-40398 is an elevation of privilege vulnerability in the Windows Remote Desktop Services. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
Tenable: CVE-2026-33841, CVE-2026-35420, CVE-2026-40369 | Windows Kernel Elevation of Privilege Vulnerabilities
Tenable: CVE-2026-33841, CVE-2026-35420 and CVE-2026-40369 are EoP vulnerabilities affecting the Windows Kernel. Each of the flaws have been assigned CVSSv3 scores of 7.8 and rated as important. Both CVE-2026-33841 and CVE-2026-40369 were assessed as "Exploitation More Likely," which could be abused by a local attacker to elevate to SYSTEM or Medium/High integrity level in the case of CVE-2026-33841. Including these three EoPs, there have been 13 disclosed Windows Kernel EoP vulnerabilities addressed so far in 2026.
Remote Code Execution (29)Qualys: CVE-2026-41096: Windows DNS Client Remote Code Execution Vulnerability A heap-based buffer overflow vulnerability in Microsoft Windows DNS may allow an unauthenticated attacker to execute arbitrary code remotely.
Rapid7: An attacker looking for a master key for Windows assets will pay attention to CVE-2026-41096, a critical RCE in the Windows DNS client implementation. A modern computer talks to DNS the way a child in the back of a car asks “are we there yet?” The variable and complex structure of DNS responses means that DNS client implementations are also complex and thus prone to flaws. Microsoft assesses exploitation as less likely, and we can hope that modern mitigations such as heap address randomization and optional-but-recommended encrypted channel DNS will make weaponization significantly more challenging by putting barriers across specific paths to exploitation. The DNS client on Windows runs as the NetworkService role, rather than SYSTEM, but a foothold is a foothold, and skilled attackers expect to chain exploits together.
ZDI: CVE-2026-41096 - Windows DNS Client Remote Code Execution Vulnerability. This patch fixes a heap-based buffer overflow in the DNS Client triggered by a malicious DNS response. No authentication or user interaction needed, and since the DNS Client runs on virtually every Windows machine, the attack surface is enormous. An attacker with a position to influence DNS responses (MitM, rogue server) could achieve unauthenticated RCE across your enterprise.
Qualys: CVE-2026-41089: Windows Netlogon Remote Code Execution Vulnerability A stack-based buffer overflow vulnerability in Windows Netlogon could allow an unauthenticated attacker to execute code over the network. An attacker may exploit the vulnerability by sending a specially crafted network request to a Windows server that is acting as a domain controller.
Tenable: CVE-2026-41089 | Windows Netlogon Remote Code Execution Vulnerability
Tenable: CVE-2026-41089 is a RCE vulnerability affecting Windows Netlogon, a Windows Server process used for authentication within a domain. It was assigned a CVSSv3 score of 9.8 and rated as critical. A remote, unauthenticated attacker could exploit this flaw by sending a crafted network request to a Windows server running as a domain controller. This packet could exploit a stack-based buffer overflow flaw, allowing the attacker to execute code on an affected system. Despite the critical severity and near perfect CVSSv3 score, this flaw was assessed by Microsoft as “Exploitation Less Likely.”
Rapid7: Anyone responsible for securing a domain controller should prioritize remediation of CVE-2026-41089, which is a critical stack-based buffer overflow in Windows Netlogon with a CVSS v3 base score of 9.8. Exploitation leads to execution in the context of the Netlogon service, so that’s SYSTEM privileges on the domain controller. For most pentesters, that’s the point at which the customer report more or less writes itself. No privileges or user interaction are required, and attack complexity is low, which suggests that creation of a reliable exploit might not be especially difficult for anyone with knowledge of the specific mechanism.
Rapid7: Microsoft assesses exploitation as less likely, but since those exploitability assessments are provided without an accompanying explanation, it’s not clear how much reassurance defenders should take. Anyone who remembers the much-discussed CVE-2020-1472 (aka ZeroLogon) back in 2020 will note that CVE-2026-41089 offers an attacker more immediate control of a domain controller. Patches are available for all versions of Windows Server from 2012 onwards.
ZDI: CVE-2026-41089 - Windows Netlogon Remote Code Execution Vulnerability. This update covers another CVSS 9.8 bug, which is a stack-based buffer overflow that lets an unauthenticated remote attacker execute code on a domain controller by sending a specially crafted network request — no credentials, no user interaction required. Yup – that makes it wormable. This is the highest-impact bug that requires immediate patching: a compromised domain controller is a compromised domain.
ZDI: CVE-2026-40415 - Windows TCP/IP Remote Code Execution Vulnerability. This bug in the TCP/IP stack results from a use-after-free (UAF) and could allow a remote, unauthenticated threat actor to execute code without user interaction. That makes this another wormable bug. However, this one is much less likely to be exploited. The target needs to be under sustained low-memory (memory pressure) conditions, which is pretty rare. Still, no need to tempt fate here. Test and deploy this one quickly.
Qualys: CVE-2026-40365: Microsoft SharePoint Server Remote Code Execution Vulnerability An insufficient access-control granularity flaw in Microsoft Office SharePoint Server allows an authenticated attacker to execute arbitrary code remotely.
Qualys: CVE-2026-40363 & CVE-2026-42831: Microsoft Office Remote Code Execution Vulnerability A heap-based buffer overflow vulnerability in Microsoft Office may allow an unauthenticated attacker to execute arbitrary code remotely.
Qualys: CVE-2026-40358: Microsoft Office Remote Code Execution Vulnerability A use-after-free vulnerability in Microsoft Office could allow an unauthenticated attacker to execute arbitrary code remotely.
Qualys: CVE-2026-35421: Windows GDI Remote Code Execution Vulnerability A heap-based buffer overflow vulnerability in Windows GDI could allow an unauthenticated attacker to execute arbitrary code remotely.
Qualys: CVE-2026-32161: Windows Native WiFi Miniport Driver Remote Code Execution Vulnerability A race condition in the Windows Native WiFi Miniport Driver could allow an unauthenticated attacker to execute code over an adjacent network.
Qualys: CVE-2026-40364: Microsoft Word Remote Code Execution Vulnerability A type confusion vulnerability in Microsoft Word may allow an unauthenticated attacker to execute arbitrary code remotely.
Qualys: CVE-2026-40361 & CVE-2026-40366: Microsoft Word Remote Code Execution Vulnerability A use-after-free vulnerability in Microsoft Word may allow an unauthenticated attacker to execute arbitrary code remotely.
Qualys: CVE-2026-40367: Microsoft Word Remote Code Execution Vulnerability A pointer dereference vulnerability in Microsoft Word allows an unauthenticated attacker to execute code locally.
Tenable: CVE-2026-40361, CVE-2026-40364, CVE-2026-40366 and CVE-2026-40367 | Microsoft Word Remote Code Execution Vulnerabilities
Tenable: CVE-2026-40361, CVE-2026-40364, CVE-2026-40366 and CVE-2026-40367 RCE vulnerabilities affecting Microsoft Word. Each of these RCEs were assigned CVSSv3 scores of 8.4 and rated as critical, though CVE-2026-40361 and CVE-2026-40364 were the only ones assessed to be “Exploitation More Likely.” An attacker could exploit these flaws through social engineering by sending the malicious file to an intended target. Successful exploitation would grant code execution privileges to the attacker. Additionally, Microsoft notes that the Preview Pane is an attack vector for each of these vulnerabilities.
Qualys: CVE-2026-40403: Windows Graphics Component Remote Code Execution Vulnerability A heap-based buffer overflow vulnerability in Windows Win32K – GRFX may allow an authenticated attacker to execute code locally.
Qualys: CVE-2026-42898: Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability A code-injection vulnerability in Microsoft Dynamics 365 (on-premises) may allow an authenticated attacker to execute code over the network.
ZDI: CVE-2026-42898 - Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability. This bug rates a CVSS 9.9(!) and represents a code injection in Dynamics 365. It allows any authenticated user to execute code with a scope change, meaning exploitation can break out and affect resources beyond the vulnerable component itself. Scope changes are pretty rare, so if you’re running Dynamics 365 On-Prem, definitely test and deploy this patch quickly.
Security Feature Bypass (6)Elevation of Privilege (57)Qualys: Other Microsoft Vulnerability Highlights CVE-2026-33840 is an elevation of privilege vulnerability in Win32k. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2026-33841 is an elevation of privilege vulnerability in the Windows Kernel. The heap-based buffer overflow vulnerability may allow an authenticated attacker to elevate local privileges. CVE-2026-35416 is an elevation of privilege vulnerability in the Windows Ancillary Function Driver for WinSock. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2026-35417 is an elevation of privilege vulnerability in the Windows Win32k. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2026-33837 is an elevation of privilege vulnerability in Windows TCP/IP. The heap-based buffer overflow vulnerability may allow an authenticated attacker to elevate privileges locally. CVE-2026-33835 is an elevation of privilege vulnerability in the Windows Cloud Files Mini Filter Driver. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2026-40369 is an elevation of privilege vulnerability in the Windows Kernel. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2026-40397 is an elevation of privilege vulnerability in the Windows Common Log File System Driver. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2026-40398 is an elevation of privilege vulnerability in the Windows Remote Desktop Services. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
Qualys: Other Microsoft Vulnerability Highlights CVE-2026-33840 is an elevation of privilege vulnerability in Win32k. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2026-33841 is an elevation of privilege vulnerability in the Windows Kernel. The heap-based buffer overflow vulnerability may allow an authenticated attacker to elevate local privileges. CVE-2026-35416 is an elevation of privilege vulnerability in the Windows Ancillary Function Driver for WinSock. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2026-35417 is an elevation of privilege vulnerability in the Windows Win32k. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2026-33837 is an elevation of privilege vulnerability in Windows TCP/IP. The heap-based buffer overflow vulnerability may allow an authenticated attacker to elevate privileges locally. CVE-2026-33835 is an elevation of privilege vulnerability in the Windows Cloud Files Mini Filter Driver. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2026-40369 is an elevation of privilege vulnerability in the Windows Kernel. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2026-40397 is an elevation of privilege vulnerability in the Windows Common Log File System Driver. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2026-40398 is an elevation of privilege vulnerability in the Windows Remote Desktop Services. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
Tenable: CVE-2026-33841, CVE-2026-35420, CVE-2026-40369 | Windows Kernel Elevation of Privilege Vulnerabilities
Tenable: CVE-2026-33841, CVE-2026-35420 and CVE-2026-40369 are EoP vulnerabilities affecting the Windows Kernel. Each of the flaws have been assigned CVSSv3 scores of 7.8 and rated as important. Both CVE-2026-33841 and CVE-2026-40369 were assessed as "Exploitation More Likely," which could be abused by a local attacker to elevate to SYSTEM or Medium/High integrity level in the case of CVE-2026-33841. Including these three EoPs, there have been 13 disclosed Windows Kernel EoP vulnerabilities addressed so far in 2026.
Qualys: Other Microsoft Vulnerability Highlights CVE-2026-33840 is an elevation of privilege vulnerability in Win32k. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2026-33841 is an elevation of privilege vulnerability in the Windows Kernel. The heap-based buffer overflow vulnerability may allow an authenticated attacker to elevate local privileges. CVE-2026-35416 is an elevation of privilege vulnerability in the Windows Ancillary Function Driver for WinSock. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2026-35417 is an elevation of privilege vulnerability in the Windows Win32k. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2026-33837 is an elevation of privilege vulnerability in Windows TCP/IP. The heap-based buffer overflow vulnerability may allow an authenticated attacker to elevate privileges locally. CVE-2026-33835 is an elevation of privilege vulnerability in the Windows Cloud Files Mini Filter Driver. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2026-40369 is an elevation of privilege vulnerability in the Windows Kernel. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2026-40397 is an elevation of privilege vulnerability in the Windows Common Log File System Driver. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2026-40398 is an elevation of privilege vulnerability in the Windows Remote Desktop Services. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
Qualys: Other Microsoft Vulnerability Highlights CVE-2026-33840 is an elevation of privilege vulnerability in Win32k. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2026-33841 is an elevation of privilege vulnerability in the Windows Kernel. The heap-based buffer overflow vulnerability may allow an authenticated attacker to elevate local privileges. CVE-2026-35416 is an elevation of privilege vulnerability in the Windows Ancillary Function Driver for WinSock. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2026-35417 is an elevation of privilege vulnerability in the Windows Win32k. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2026-33837 is an elevation of privilege vulnerability in Windows TCP/IP. The heap-based buffer overflow vulnerability may allow an authenticated attacker to elevate privileges locally. CVE-2026-33835 is an elevation of privilege vulnerability in the Windows Cloud Files Mini Filter Driver. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2026-40369 is an elevation of privilege vulnerability in the Windows Kernel. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2026-40397 is an elevation of privilege vulnerability in the Windows Common Log File System Driver. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2026-40398 is an elevation of privilege vulnerability in the Windows Remote Desktop Services. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
Qualys: Other Microsoft Vulnerability Highlights CVE-2026-33840 is an elevation of privilege vulnerability in Win32k. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2026-33841 is an elevation of privilege vulnerability in the Windows Kernel. The heap-based buffer overflow vulnerability may allow an authenticated attacker to elevate local privileges. CVE-2026-35416 is an elevation of privilege vulnerability in the Windows Ancillary Function Driver for WinSock. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2026-35417 is an elevation of privilege vulnerability in the Windows Win32k. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2026-33837 is an elevation of privilege vulnerability in Windows TCP/IP. The heap-based buffer overflow vulnerability may allow an authenticated attacker to elevate privileges locally. CVE-2026-33835 is an elevation of privilege vulnerability in the Windows Cloud Files Mini Filter Driver. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2026-40369 is an elevation of privilege vulnerability in the Windows Kernel. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2026-40397 is an elevation of privilege vulnerability in the Windows Common Log File System Driver. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2026-40398 is an elevation of privilege vulnerability in the Windows Remote Desktop Services. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
Qualys: Other Microsoft Vulnerability Highlights CVE-2026-33840 is an elevation of privilege vulnerability in Win32k. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2026-33841 is an elevation of privilege vulnerability in the Windows Kernel. The heap-based buffer overflow vulnerability may allow an authenticated attacker to elevate local privileges. CVE-2026-35416 is an elevation of privilege vulnerability in the Windows Ancillary Function Driver for WinSock. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2026-35417 is an elevation of privilege vulnerability in the Windows Win32k. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2026-33837 is an elevation of privilege vulnerability in Windows TCP/IP. The heap-based buffer overflow vulnerability may allow an authenticated attacker to elevate privileges locally. CVE-2026-33835 is an elevation of privilege vulnerability in the Windows Cloud Files Mini Filter Driver. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2026-40369 is an elevation of privilege vulnerability in the Windows Kernel. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2026-40397 is an elevation of privilege vulnerability in the Windows Common Log File System Driver. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2026-40398 is an elevation of privilege vulnerability in the Windows Remote Desktop Services. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
Qualys: Other Microsoft Vulnerability Highlights CVE-2026-33840 is an elevation of privilege vulnerability in Win32k. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2026-33841 is an elevation of privilege vulnerability in the Windows Kernel. The heap-based buffer overflow vulnerability may allow an authenticated attacker to elevate local privileges. CVE-2026-35416 is an elevation of privilege vulnerability in the Windows Ancillary Function Driver for WinSock. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2026-35417 is an elevation of privilege vulnerability in the Windows Win32k. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2026-33837 is an elevation of privilege vulnerability in Windows TCP/IP. The heap-based buffer overflow vulnerability may allow an authenticated attacker to elevate privileges locally. CVE-2026-33835 is an elevation of privilege vulnerability in the Windows Cloud Files Mini Filter Driver. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2026-40369 is an elevation of privilege vulnerability in the Windows Kernel. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2026-40397 is an elevation of privilege vulnerability in the Windows Common Log File System Driver. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2026-40398 is an elevation of privilege vulnerability in the Windows Remote Desktop Services. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
Qualys: CVE-2026-41103: Microsoft SSO Plugin for Jira & Confluence Elevation of Privilege Vulnerability Incorrect implementation of the authentication algorithm in the Microsoft SSO Plugin for Jira & Confluence may allow an unauthenticated attacker to elevate their privileges across the network. An attacker could exploit this vulnerability by sending a specially crafted SSO response during the login process that tricks the system into accepting a forged identity. This could allow the attacker to sign in without authenticating the user through Microsoft Entra ID.
Tenable: Microsoft’s May 2026 Patch Tuesday Addresses 118 CVEs (CVE-2026-41103)
Tenable: CVE-2026-41103 | Microsoft SSO Plugin for Jira & Confluence Elevation of Privilege Vulnerability
Tenable: CVE-2026-41103 is an elevation of privilege vulnerability affecting Microsoft Single-Sign-On (SSO) Plugin for Jira & Confluence. It was assigned a CVSSv3 score of 9.1 and is rated as critical. It was assessed as "Exploitation More Likely" according to Microsoft's Exploitability Index. An unauthorized attacker could exploit this vulnerability during the process of logging in by sending a specially crafted response message. Successful exploitation would allow the attacker to sign-in using a forged identity without Microsoft Entra ID authentication, enabling access to or allowing an attacker to modify data in Jira and Confluence. However, the accessible information is not unfettered, as it is limited by the access defined by the targeted servers for the authorized user.
Rapid7: If you’re still self-hosting Atlassian JIRA or Confluence and relying on the Microsoft Entra ID authentication plugin, you’ll want to know about CVE-2026-41103. This critical elevation of privilege vulnerability allows an unauthorized attacker to impersonate an existing user by presenting forged credentials, thus bypassing Entra ID. Microsoft expects that exploitation is more likely. Even if you can’t always find what you want on the corporate Confluence, a motivated attacker probably will. Curiously, the patch links on the advisory lead to older versions of the plugins published in 2024.
Tenable: Microsoft patched 118 CVEs in its May 2026 Patch Tuesday release, with 16 rated critical and 102 rated as important. Our counts omitted CVE-2025-54518, an AMD CPU OP Cache Corruption vulnerability issued by AMD.
Qualys: CVE-2026-40402: Windows Hyper-V Elevation of Privilege Vulnerability A use-after-free vulnerability in Windows Hyper-V may allow an unauthenticated attacker to elevate local privileges. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges.
Information Disclosure (9)Denial of Service (8)Spoofing (7)Tampering (2)