Overview
On July 15, NSFOCUS CERT monitored that Microsoft released its July security update patch, fixing 622 security issues. These affect widely used products such as Windows, Microsoft Office, Microsoft SQL Server, Visual Studio Code, Microsoft Edge, Azure, etc., which include high-risk vulnerability types such as remote code execution vulnerabilities, information disclosure vulnerabilities, and privilege escalation vulnerabilities.
Among the vulnerabilities fixed in Microsoft’s monthly update this month, 62 are rated as Critical, 553 as Important, 6 as Moderate, and 1 as Low. These include 2 vulnerabilities detected to be actively exploited in the wild:
- Active Directory Federation Services Privilege Escalation Vulnerability (CVE-2026-56155)
- Microsoft SharePoint Server Privilege Escalation Vulnerability (CVE-2026-56164)
Relevant users are requested to update the patches as soon as possible for protection. For the complete list of vulnerabilities, please refer to the Appendix.
Reference Link: https://msrc.microsoft.com/update-guide/releaseNote/2026-Jul
Key Vulnerabilities
Vulnerabilities with significant impact have been filtered from this update based on product popularity and vulnerability importance. Relevant users should focus on these:
Active Directory Federation Services Privilege Escalation Vulnerability (CVE-2026-56155):
A privilege escalation vulnerability exists in Active Directory Federation Services. Due to insufficient granularity of access control in Active Directory Federation Services, an authenticated attacker can trigger the vulnerability by constructing a specially crafted federation authentication request, thereby elevating privileges to administrator on the target server and forging a trusted identity within the domain. This vulnerability is actively exploited in the wild, with a CVSS score of 7.8.
Official Announcement Link: https://msrc.microsoft.com/update-guide/zh-cn/vulnerability/CVE-2026-56155
Microsoft SharePoint Server Privilege Escalation Vulnerability (CVE-2026-56164):
A privilege escalation vulnerability exists in Microsoft SharePoint Server. Due to the lack of an authentication mechanism in key features of SharePoint Server, unauthenticated attackers can exploit this vulnerability over the network, thereby elevating privileges on the target server. This vulnerability is actively exploited in the wild, with a CVSS score of 5.3. Official Announcement Link:
https://msrc.microsoft.com/update-guide/zh-cn/vulnerability/CVE-2026-56164
Microsoft SharePoint Remote Code Execution Vulnerability (CVE-2026-50522):
A remote code execution vulnerability exists in SharePoint. Due to improper handling of XML external data input by the platform, unauthenticated attackers can send specially crafted XML requests to deserialize untrusted data, thereby executing arbitrary code on the target server. CVSS score of 9.8.
Official Announcement Link: https://msrc.microsoft.com/update-guide/zh-cn/vulnerability/CVE-2026-50522
Windows DHCP Server Remote Code Execution Vulnerability (CVE-2026-50518):
A remote code execution vulnerability exists in Windows DHCP Server. Due to improper handling of client network request inputs by the DHCP service, unauthenticated attackers can send specially crafted DHCP packets to trigger a buffer overflow, thereby executing arbitrary code on the target server. CVSS score of 9.8.
Official Announcement Link: https://msrc.microsoft.com/update-guide/zh-cn/vulnerability/CVE-2026-50518
Windows Server Network Driver Remote Code Execution Vulnerability (CVE-2026-56188):
A remote code execution vulnerability exists in the Windows Server Network driver. Due to concurrent use of shared resources and improper synchronization mechanisms in the system network driver, unauthenticated attackers can send specially crafted network packets to trigger a race condition, thereby executing arbitrary code on the target server. CVSS score of 9.8.
Official Announcement Link: https://msrc.microsoft.com/update-guide/zh-cn/vulnerability/CVE-2026-56188
Remote Desktop Protocol Remote Code Execution Vulnerability (CVE-2026-56190):
A remote code execution vulnerability exists in the Remote Desktop Protocol. Due to improper handling of remote connection packets by the system’s RDP service, unauthenticated attackers can send specially crafted Remote Desktop Protocol (RDP) traffic to a system with Network Level Authentication (NLA) disabled, thereby executing arbitrary code on the target host. CVSS score of 9.8.
Official Announcement Link: https://msrc.microsoft.com/update-guide/zh-cn/vulnerability/CVE-2026-56190
Windows VMSwitch Privilege Escalation Vulnerability (CVE-2026-57092):
A privilege escalation vulnerability exists in Windows VMSwitch. Due to a use-after-free issue in Windows VMSwitch, attackers can run code inside a guest virtual machine (Guest VM) and send specially crafted network requests to the Hyper-V virtual switch, causing the host to access invalidated memory, thereby resulting in a denial of service or achieving privilege escalation on the host system. CVSS score of 9.9.
Official Announcement Link: https://msrc.microsoft.com/update-guide/zh-cn/vulnerability/CVE-2026-57092
Microsoft Exchange Server Spoofing Vulnerability (CVE-2026-55008):
A spoofing vulnerability exists in Exchange Server. Due to the presence of cross-site scripting (XSS) during web page generation, unauthenticated attackers can send a specially crafted email to a user. If the user opens this email in OWA (Outlook Web Access) and meets specific conditions, arbitrary JavaScript code can be executed within the browser context. CVSS score of 9.6.
Official Announcement Link: https://msrc.microsoft.com/update-guide/zh-cn/vulnerability/CVE-2026-55008
Microsoft Copilot Remote Code Execution Vulnerability (CVE-2026-48561):
A remote code execution vulnerability exists in Copilot. Due to the lack of validation or origin checking for input requests by the Copilot program, unauthenticated attackers can entice a user to visit a malicious website to send specially crafted injection instructions, thereby executing arbitrary code on the target device. CVSS score of 9.6.
Official Announcement Link: https://msrc.microsoft.com/update-guide/zh-cn/vulnerability/CVE-2026-48561
Windows BitLocker Security Feature Bypass Vulnerability (CVE-2026-50661):
A security feature bypass vulnerability exists in Windows BitLocker. Due to improper handling of the pre-boot recovery environment validation workflow by BitLocker, an attacker with physical access to the device can trigger the vulnerability by loading specially crafted boot media, thereby bypassing the disk encryption validation mechanism to directly read all data within the encrypted disk. The vulnerability is currently publicly disclosed, with a CVSS score of 6.1.
Official Announcement Link: https://msrc.microsoft.com/update-guide/zh-cn/vulnerability/CVE-2026-50661
Scope of Impact
The following are some of the affected product versions for key focus vulnerabilities. For the scope of products affected by other vulnerabilities, please refer to the official announcement links.
| Vulnerability ID | Affected Product Versions |
| CVE-2026-56155 | Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows Server 2025 Windows Server 2025 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems |
| CVE-2026-56164 CVE-2026-50522 | Microsoft SharePoint Server Subscription Edition Microsoft SharePoint Server 2019 Microsoft SharePoint Enterprise Server 2016 |
| CVE-2026-50518 | Windows Server 2012 R2 Windows Server 2019 Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows Server 2019 (Server Core installation) Windows Server 2012 R2 (Server Core installation) Windows Server 2025 Windows Server 2025 (Server Core installation) Windows Server 2022 |
| CVE-2026-56188 CVE-2026-56190 CVE-2026-57092 | Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 11 Version 26H1 for ARM64-based Systems Windows 11 version 26H1 for x64-based Systems Windows Server 2025 Windows 11 Version 24H2 for x64-based Systems Windows 11 Version 24H2 for ARM64-based Systems Windows 11 Version 25H2 for x64-based Systems Windows 11 Version 25H2 for ARM64-based Systems Windows Server 2025 (Server Core installation) Windows 10 Version 21H2 for 32-bit Systems Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 |
| CVE-2026-55008 | Microsoft Exchange Server Subscription Edition RTM Microsoft Exchange Server 2019 Cumulative Update 15 Microsoft Exchange Server 2019 Cumulative Update 14 Microsoft Exchange Server 2016 Cumulative Update 23 |
| CVE-2026-48561 | Microsoft 365 Copilot for iOS Microsoft 365 Copilot for Android |
| CVE-2026-50661 | Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 22H2 for x64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 11 Version 26H1 for ARM64-based Systems Windows 11 version 26H1 for x64-based Systems Windows Server 2025 Windows 11 Version 24H2 for x64-based Systems Windows 11 Version 24H2 for ARM64-based Systems Windows 11 Version 25H2 for x64-based Systems Windows 11 Version 25H2 for ARM64-based Systems Windows Server 2025 (Server Core installation) Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems |
Mitigation
Patch Update
Currently, Microsoft official has released security patches to fix the above vulnerabilities for supported product versions. It is strongly recommended that affected users install the patches as soon as possible for protection. Official download link: https://msrc.microsoft.com/update-guide/releaseNote/2026-Jul
Note: Due to network issues, computer environment issues, or other reasons, Windows Update patch updates may fail. Users should promptly check whether the patches were successfully updated after installing them. Right-click the Windows icon, select “Settings (N)”, select “Update & Security” – “Windows Update”, and view the prompt information on that page. You can also click “View update history” to view past updates. For updates that have not been successfully installed, you can click on the update name to jump to the official Microsoft download page. It is recommended that users click the link on that page to go to the “Microsoft Update Catalog” website to download the standalone package and install it.
Appendix: Vulnerability List
| Affected products | CVE No. | Vulnerability Title | Severity |
|---|---|---|---|
| Azure | CVE-2026-26145 | Microsoft Azure Synapse privilege escalation vulnerability | Critical |
| Apps | CVE-2026-41106 | Microsoft 365 Copilot privilege escalation vulnerability | Critical |
| Windows | CVE-2026-42982 | Windows Secure Kernel Mode privilege escalation vulnerability | Critical |
| Azure | CVE-2026-45499 | Azure OpenAI privilege escalation vulnerability | Critical |
| Apps | CVE-2026-48561 | Microsoft Copilot Remote Code Execution Vulnerability | Critical |
| Windows | CVE-2026-48564 | DHCP Server Service Remote Code Execution Vulnerability | Critical |
| Windows | CVE-2026-49164 | Windows Active Directory Domain Services Remote Code Execution Vulnerability | Critical |
| Windows | CVE-2026-49796 | Windows GDI+ Remote Code Execution Vulnerability | Critical |
| Microsoft Office | CVE-2026-50314 | Microsoft Office Remote Code Execution Vulnerability | Critical |
| Windows | CVE-2026-50327 | Windows Media Remote Code Execution Vulnerability | Critical |
| Windows | CVE-2026-50370 | DHCP Server Service Remote Code Execution Vulnerability | Critical |
| Windows | CVE-2026-50380 | Windows GDI+ Remote Code Execution Vulnerability | Critical |
| Windows | CVE-2026-50382 | DirectX Graphics Kernel remote code execution vulnerability | Critical |
| Windows | CVE-2026-50392 | Windows Secure Kernel Mode privilege escalation vulnerability | Critical |
| Windows | CVE-2026-50444 | Windows Server Update Service (WSUS) Privilege Escalation Vulnerability | Critical |
| Microsoft Office | CVE-2026-50467 | Microsoft Office Remote Code Execution Vulnerability | Critical |
| Windows | CVE-2026-50474 | Remote Desktop Client remote code execution vulnerability | Critical |
| Windows | CVE-2026-50518 | Windows DHCP Server Remote Code Execution Vulnerability | Critical |
| Microsoft Office | CVE-2026-50522 | Microsoft SharePoint Remote Code Execution Vulnerability | Critical |
| Windows | CVE-2026-50655 | Microsoft Windows Media Foundation Remote Code Execution Vulnerability | Critical |
| Windows | CVE-2026-50680 | Windows Hyper-V privilege escalation vulnerability | Critical |
| Windows | CVE-2026-50694 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | Critical |
| Microsoft SQL Server | CVE-2026-54117 | Microsoft SQL Server Remote Code Execution Vulnerability | Critical |
| Microsoft SQL Server | CVE-2026-54118 | Microsoft SQL Server Remote Code Execution Vulnerability | Critical |
| Windows | CVE-2026-54121 | Active Directory Certificate Services privilege escalation vulnerability | Critical |
| Windows | CVE-2026-54127 | Windows Hyper-V privilege escalation vulnerability | Critical |
| Windows | CVE-2026-54128 | Windows DHCP Client Remote Code Execution Vulnerability | Critical |
| Windows | CVE-2026-54982 | Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability | Critical |
| Windows | CVE-2026-54992 | Microsoft Message Queuing Queue Manager remote code execution vulnerability | Critical |
| Windows | CVE-2026-54995 | Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability | Critical |
| Microsoft Exchange Online | CVE-2026-54998 | Microsoft Exchange Online privilege escalation vulnerability | Critical |
| Windows | CVE-2026-54999 | Windows TCP/IP Remote Code Execution Vulnerability | Critical |
| Microsoft Exchange Server Subscription Edition RTM,Microsoft Exchange Server | CVE-2026-55008 | Microsoft Exchange Server spoofing vulnerability | Critical |
| Other | CVE-2026-55010 | Minecraft Bedrock Dedicated Server Remote Code Execution Vulnerability | Critical |
| System Center | CVE-2026-55011 | Microsoft Defender Remote Code Execution Vulnerability | Critical |
| System Center | CVE-2026-55012 | Microsoft Defender Remote Code Execution Vulnerability | Critical |
| Microsoft Office | CVE-2026-55018 | Microsoft Office Remote Code Execution Vulnerability | Critical |
| Microsoft Office | CVE-2026-55022 | Microsoft Office Remote Code Execution Vulnerability | Critical |
| Microsoft Office | CVE-2026-55033 | Microsoft Word remote code execution vulnerability | Critical |
| Microsoft Office | CVE-2026-55040 | Microsoft SharePoint Server Security Function Bypass Vulnerability | Critical |
| Microsoft Office | CVE-2026-55043 | Microsoft PowerPoint remote code execution vulnerability | Critical |
| Microsoft Office | CVE-2026-55045 | Microsoft Office Remote Code Execution Vulnerability | Critical |
| Microsoft Office | CVE-2026-55049 | Microsoft Office Remote Code Execution Vulnerability | Critical |
| Microsoft Office | CVE-2026-55056 | Microsoft Office Remote Code Execution Vulnerability | Critical |
| Microsoft Office | CVE-2026-55120 | Microsoft PowerPoint remote code execution vulnerability | Critical |
| Microsoft Office | CVE-2026-55123 | Microsoft PowerPoint remote code execution vulnerability | Critical |
| Microsoft Office | CVE-2026-55127 | Microsoft Word remote code execution vulnerability | Critical |
| Microsoft Office | CVE-2026-55129 | Microsoft Office Remote Code Execution Vulnerability | Critical |
| Microsoft Office | CVE-2026-55132 | Microsoft Word remote code execution vulnerability | Critical |
| Microsoft Office | CVE-2026-55140 | Microsoft Office Remote Code Execution Vulnerability | Critical |
| Microsoft Dynamics | CVE-2026-55944 | Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability | Critical |
| Windows | CVE-2026-56159 | DHCP Server Service Remote Code Execution Vulnerability | Critical |
| Windows | CVE-2026-56188 | Windows Server Network driver remote code execution vulnerability | Critical |
| Windows | CVE-2026-56189 | Microsoft Windows Media Foundation Remote Code Execution Vulnerability | Critical |
| Windows | CVE-2026-57087 | Microsoft Windows Media Foundation Remote Code Execution Vulnerability | Critical |
| Windows | CVE-2026-57090 | Microsoft Windows Media Foundation Remote Code Execution Vulnerability | Critical |
| Windows | CVE-2026-57092 | Microsoft Windows VMSwitch Privilege Escalation Vulnerability | Critical |
| Windows | CVE-2026-57094 | Microsoft Windows Media Foundation Remote Code Execution Vulnerability | Critical |
| Azure | CVE-2026-57100 | Microsoft Entra Provisioning Service privilege escalation vulnerability | Critical |
| Windows | CVE-2026-58542 | Windows Media Remote Code Execution Vulnerability | Critical |
| Windows | CVE-2026-58608 | Windows Print Spooler Remote Code Execution Vulnerability | Critical |
| Microsoft Office | CVE-2026-58644 | Microsoft SharePoint Remote Code Execution Vulnerability | Critical |
| Windows | CVE-2026-33842 | Windows File Explorer Information Disclosure Vulnerability | Important |
| Windows | CVE-2026-34328 | Windows Audio Service Information Disclosure Vulnerability | Important |
| Windows | CVE-2026-34346 | Windows Ancillary Function Driver for WinSock information disclosure vulnerability | Important |
| Windows | CVE-2026-34348 | Windows Event Logging Service Information Disclosure Vulnerability | Important |
| Windows | CVE-2026-34349 | Windows Media Information Disclosure Vulnerability | Important |
| Windows | CVE-2026-40378 | Windows Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability | Important |
| Windows | CVE-2026-40400 | Windows PowerShell remote code execution vulnerability | Important |
| Windows | CVE-2026-40422 | Windows File Explorer Information Disclosure Vulnerability | Important |
| Windows | CVE-2026-41087 | Windows File Explorer Information Disclosure Vulnerability | Important |
| Visual Studio Code | CVE-2026-41109 | GitHub Copilot and Visual Studio Code security feature bypass vulnerability | Important |
| Windows | CVE-2026-42900 | Microsoft Windows App Store privilege escalation vulnerability | Important |
| Windows | CVE-2026-42975 | Windows Bluetooth Port Driver Remote Code Execution | Important |
| Windows | CVE-2026-42990 | SQL Server ODBC driver privilege escalation vulnerability | Important |
| Windows | CVE-2026-44800 | Windows Push Notifications privilege escalation vulnerability | Important |
| Windows | CVE-2026-44806 | Windows Secure Channel denial of service vulnerability | Important |
| Visual Studio Code | CVE-2026-45496 | Visual Studio Code security feature bypass vulnerability | Important |
| Microsoft.AspNet.OData,Microsoft.AspNetCore.OData | CVE-2026-45646 | OData for ASP.NET and ASP.NET Core Denial of Service Vulnerability | Important |
| Visual Studio Code | CVE-2026-47282 | GitHub Copilot and Visual Studio Code Information Disclosure Vulnerability | Important |
| Microsoft Office | CVE-2026-47290 | Microsoft Office Remote Code Execution Vulnerability | Important |
| Microsoft SQL Server | CVE-2026-47295 | Microsoft SQL Server Privilege Escalation Vulnerability | Important |
| Microsoft SQL Server | CVE-2026-47296 | Microsoft SQL Server Privilege Escalation Vulnerability | Important |
| .NET 8.0 installed on Windows,.NET 8.0 installed on Linux,.NET 9.0 installed on Linux,Microsoft Visual Studio,.NET 10.0 installed on Linux,.NET 8.0 installed on Mac OS,.NET 9.0 installed on Windows,.NET 9.0 installed on Mac OS,.NET 10.0 installed on Mac OS | CVE-2026-47300 | ASP.NET Core privilege escalation vulnerability | Important |
| Windows,System Center | CVE-2026-47301 | Configuration Manager privilege escalation vulnerability | Important |
| Microsoft .NET Framework,.NET 8.0 installed on Windows,.NET 10.0 installed on Windows,Microsoft Visual Studio,.NET 8.0 installed on Linux,.NET 9.0 installed on Linux,.NET 10.0 installed on Linux,.NET 8.0 installed on Mac OS,.NET 9.0 installed on Windows,.NET 9.0 installed on Mac OS,.NET 10.0 installed on Mac OS | CVE-2026-47302 | .NET Denial of Service Vulnerability | Important |
| .NET 8.0 installed on Windows,.NET 9.0 installed on Linux,.NET 8.0 installed on Linux,Microsoft Visual Studio,.NET 10.0 installed on Linux,.NET 8.0 installed on Mac OS,.NET 9.0 installed on Windows,.NET 9.0 installed on Mac OS,.NET 10.0 installed on Mac OS | CVE-2026-47303 | ASP.NET Core privilege escalation vulnerability | Important |
| Microsoft Visual Studio | CVE-2026-47304 | .NET security feature bypass vulnerability | Important |
| Microsoft Visual Studio | CVE-2026-47305 | Visual Studio Remote Code Execution Vulnerability | Important |
| Azure | CVE-2026-47632 | Azure Monitor Agent Metrics Extension privilege escalation vulnerability | Important |
| Microsoft Office | CVE-2026-47642 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Windows | CVE-2026-48571 | Windows App Package Installer Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-48572 | Windows App Package Installer Privilege Escalation Vulnerability | Important |
| Microsoft Office | CVE-2026-48580 | Microsoft Excel Information Disclosure Vulnerability | Important |
| Device | CVE-2026-48581 | Surface Broker SDMA privilege escalation vulnerability | Important |
| Windows | CVE-2026-49162 | Microsoft Brokering File System Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-49165 | Microsoft Windows App Store Information Disclosure Vulnerability | Important |
| Windows | CVE-2026-49166 | Windows Print Configuration Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-49167 | Windows Kernel privilege escalation vulnerability | Important |
| Windows | CVE-2026-49168 | Storage Spaces Direct Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-49169 | Windows DNS Server Remote Code Execution Vulnerability | Important |
| Windows | CVE-2026-49170 | Windows StateRepository API Server file privilege escalation vulnerability | Important |
| Windows | CVE-2026-49171 | Windows Speech Runtime privilege escalation vulnerability | Important |
| Windows | CVE-2026-49172 | Windows FTP Service Remote Code Execution Vulnerability | Important |
| Windows | CVE-2026-49173 | Windows Kernel privilege escalation vulnerability | Important |
| Windows | CVE-2026-49174 | DNS Client Tampering Vulnerability | Important |
| Windows | CVE-2026-49175 | Windows DNS Client Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-49176 | Windows WalletService privilege escalation vulnerability | Important |
| Windows | CVE-2026-49177 | Windows TCP/IP Information Disclosure Vulnerability | Important |
| Windows | CVE-2026-49178 | Windows Active Directory Domain Services Remote Code Execution Vulnerability | Important |
| Windows | CVE-2026-49180 | Universal Plug and Play (upnp.dll) information disclosure vulnerability | Important |
| Windows | CVE-2026-49181 | Windows DHCP Client Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-49183 | Windows Clipboard Server Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-49184 | Windows NTFS Remote Code Execution Vulnerability | Important |
| Windows | CVE-2026-49783 | Secure Boot security feature bypass vulnerability | Important |
| Windows | CVE-2026-49784 | Microsoft Windows App Store privilege escalation vulnerability | Important |
| Windows | CVE-2026-49787 | HTTP.sys denial of service vulnerability | Important |
| Windows | CVE-2026-49788 | HTTP/2 denial of service vulnerability | Important |
| Windows | CVE-2026-49789 | Windows NTFS privilege escalation vulnerability | Important |
| Windows | CVE-2026-49790 | Windows Universal Disk Format File System Driver (UDFS) Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-49791 | Windows Routing and Remote Access Service (RRAS) Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-49792 | Windows Resilient File System (ReFS) Remote Code Execution Vulnerability | Important |
| Windows | CVE-2026-49793 | Windows Resilient File System (ReFS) Remote Code Execution Vulnerability | Important |
| Windows | CVE-2026-49794 | Windows USB Audio Class Driver Information Disclosure Vulnerability | Important |
| Windows | CVE-2026-49795 | Windows Kernel privilege escalation vulnerability | Important |
| Windows | CVE-2026-49797 | Windows NTFS Remote Code Execution Vulnerability | Important |
| Windows | CVE-2026-49798 | Windows Kernel privilege escalation vulnerability | Important |
| Windows | CVE-2026-49799 | Windows Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability | Important |
| Windows | CVE-2026-49800 | Windows Web Proxy Auto-Discovery Protocol (WPAD) Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-49801 | Windows SMB Information Disclosure Vulnerability | Important |
| Windows | CVE-2026-49802 | Windows USB Print Driver privilege escalation vulnerability | Important |
| Windows | CVE-2026-49803 | Windows AppX Deployment Extensions privilege escalation vulnerability | Important |
| Windows | CVE-2026-49804 | Windows USB Video Driver privilege escalation vulnerability | Important |
| Windows | CVE-2026-49805 | Win32k Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-49806 | Windows USB Print Driver privilege escalation vulnerability | Important |
| Windows | CVE-2026-49807 | Windows DirectX Information Disclosure Vulnerability | Important |
| Windows | CVE-2026-49808 | Windows Kernel privilege escalation vulnerability | Important |
| Windows | CVE-2026-50293 | Windows Internal Task Bar Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-50294 | Windows Kernel Information Disclosure Vulnerability | Important |
| Windows | CVE-2026-50295 | Windows Zero Trust DNS security feature bypass vulnerability | Important |
| Windows | CVE-2026-50296 | DirectX Graphics Kernel privilege escalation vulnerability | Important |
| Windows | CVE-2026-50297 | Win32k Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-50298 | Windows Spaceport.sys privilege escalation vulnerability | Important |
| Windows | CVE-2026-50299 | Windows Storage Spaces Direct Remote Code Execution Vulnerability | Important |
| Windows | CVE-2026-50300 | Windows DWM Core Library Information Disclosure Vulnerability | Important |
| Microsoft Office | CVE-2026-50301 | Microsoft Office Remote Code Execution Vulnerability | Important |
| Windows | CVE-2026-50302 | Windows Cryptographic Services security feature bypass vulnerability | Important |
| Windows | CVE-2026-50303 | Windows Key Guard security feature bypass vulnerability | Important |
| Windows | CVE-2026-50304 | Windows Active Directory Federation Services Denial of Service Vulnerability | Important |
| Windows | CVE-2026-50305 | Microsoft Brokering File System Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-50306 | Windows TCP/IP privilege escalation vulnerability | Important |
| Windows | CVE-2026-50307 | Windows TCP/IP privilege escalation vulnerability | Important |
| Windows | CVE-2026-50308 | Windows NTFS Remote Code Execution Vulnerability | Important |
| Windows | CVE-2026-50309 | Windows NTFS Remote Code Execution Vulnerability | Important |
| Windows | CVE-2026-50310 | Windows Human Interface Device Information Disclosure Vulnerability | Important |
| Windows | CVE-2026-50311 | Windows Server privilege escalation vulnerability | Important |
| Windows | CVE-2026-50312 | Windows Ancillary Function Driver for WinSock Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-50313 | Windows NTFS Remote Code Execution Vulnerability | Important |
| Windows | CVE-2026-50315 | Windows Image Acquisition privilege escalation vulnerability | Important |
| Windows | CVE-2026-50316 | Windows Kernel Information Disclosure Vulnerability | Important |
| Windows | CVE-2026-50317 | Windows Operating Systems Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-50318 | Windows Resilient File System (ReFS) Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-50321 | Windows USB Driver Escalation Vulnerability | Important |
| Windows | CVE-2026-50322 | Windows Runtime Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-50323 | Windows Runtime Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-50324 | Windows Active Directory Federation Services Denial of Service Vulnerability | Important |
| Windows | CVE-2026-50325 | Win32k Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-50326 | Windows Unified Consent System Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-50328 | Windows Server Update Service (WSUS) Tampering Vulnerability | Important |
| Windows | CVE-2026-50329 | Microsoft DWM Core Library Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-50330 | Windows Remote Desktop Client Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-50331 | Windows Application Model Core API privilege escalation vulnerability | Important |
| Windows | CVE-2026-50332 | Windows Kernel privilege escalation vulnerability | Important |
| Windows | CVE-2026-50333 | Windows Spaceport.sys privilege escalation vulnerability | Important |
| Windows | CVE-2026-50334 | Windows Push Notification Information Disclosure Vulnerability | Important |
| Windows | CVE-2026-50335 | Windows Operating Systems Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-50336 | Windows Media Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-50337 | Windows Notification privilege escalation vulnerability | Important |
| Azure | CVE-2026-50338 | Azure Spring Apps Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-50339 | Windows Push Notification Information Disclosure Vulnerability | Important |
| Windows | CVE-2026-50340 | Windows Runtime Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-50341 | Windows NTFS Information Disclosure Vulnerability | Important |
| Windows | CVE-2026-50342 | Windows MIDI Service Module Elevation of Privileges Vulnerability | Important |
| Windows | CVE-2026-50343 | Microsoft Install Service privilege escalation vulnerability | Important |
| Windows | CVE-2026-50344 | Windows OLE privilege escalation vulnerability | Important |
| Windows | CVE-2026-50345 | Windows Runtime Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-50346 | Netlogon RPC privilege escalation vulnerability | Important |
| Windows | CVE-2026-50347 | Windows Data.dll Remote Code Execution Vulnerability | Important |
| Windows | CVE-2026-50348 | Windows Runtime Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-50350 | Windows Trusted Runtime Interface Driver Information Disclosure Vulnerability | Important |
| Windows | CVE-2026-50351 | Windows Audio Compression Manager (ACM) Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-50352 | Windows Cryptographic Services Information Disclosure Vulnerability | Important |
| Windows | CVE-2026-50353 | DirectX Graphics Kernel privilege escalation vulnerability | Important |
| Windows | CVE-2026-50354 | Windows Kernel privilege escalation vulnerability | Important |
| Windows | CVE-2026-50355 | Windows Active Directory Federation Services Denial of Service Vulnerability | Important |
| Windows | CVE-2026-50356 | Microsoft Windows App Store privilege escalation vulnerability | Important |
| Windows | CVE-2026-50357 | Windows Resilient File System (ReFS) Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-50358 | Windows Media Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-50359 | Microsoft XML Core Services privilege escalation vulnerability | Important |
| Windows | CVE-2026-50360 | Windows SMB Server Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-50361 | Microsoft Brokering File System Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-50362 | Windows Resilient File System (ReFS) Remote Code Execution Vulnerability | Important |
| Windows | CVE-2026-50363 | Windows Push Notifications privilege escalation vulnerability | Important |
| Windows | CVE-2026-50364 | Windows Backup Service privilege escalation vulnerability | Important |
| Windows | CVE-2026-50365 | Remote Access Management service/API (RPC server) privilege escalation vulnerability | Important |
| Windows | CVE-2026-50366 | Windows Active Directory Domain Services Denial of Service Vulnerability | Important |
| Windows | CVE-2026-50367 | Windows Sensor Data Service privilege escalation vulnerability | Important |
| Windows | CVE-2026-50368 | Windows Active Directory Federation Services Denial of Service Vulnerability | Important |
| Windows | CVE-2026-50369 | Windows Remote Desktop Services privilege escalation vulnerability | Important |
| Windows | CVE-2026-50371 | Windows LUA File Virtualization Filter Driver Escalation Vulnerability | Important |
| Windows | CVE-2026-50372 | Windows Redirected Drive Buffering System Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-50373 | Windows Search Service privilege escalation vulnerability | Important |
| Windows | CVE-2026-50374 | Windows Cloud Files Mini Filter Driver privilege escalation vulnerability | Important |
| Windows | CVE-2026-50375 | DirectX Graphics Kernel privilege escalation vulnerability | Important |
| Windows | CVE-2026-50376 | Windows Remote Desktop Client information disclosure vulnerability | Important |
| Windows | CVE-2026-50377 | Windows Kernel privilege escalation vulnerability | Important |
| Windows | CVE-2026-50378 | Windows Key Guard privilege escalation vulnerability | Important |
| Windows | CVE-2026-50379 | Windows Media Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-50381 | Composite Image File System driver (cimfs.sys) information disclosure vulnerability | Important |
| Windows | CVE-2026-50383 | Windows Print Spooler Information Disclosure Vulnerability | Important |
| Windows | CVE-2026-50384 | Windows Clip Service privilege escalation vulnerability | Important |
| Windows | CVE-2026-50385 | Windows Runtime Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-50386 | Windows NTFS Remote Code Execution Vulnerability | Important |
| Windows,Microsoft Office | CVE-2026-50387 | Windows GDI privilege escalation vulnerability | Important |
| Windows | CVE-2026-50388 | Windows NTFS Remote Code Execution Vulnerability | Important |
| Windows | CVE-2026-50389 | Windows File Explorer Information Disclosure Vulnerability | Important |
| Windows | CVE-2026-50390 | Windows Kernel privilege escalation vulnerability | Important |
| Windows | CVE-2026-50391 | Windows Group Policy Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-50393 | Windows Kernel-Mode Driver privilege escalation vulnerability | Important |
| Windows | CVE-2026-50394 | Windows Media Information Disclosure Vulnerability | Important |
| Windows | CVE-2026-50396 | Windows Kernel-Mode Driver privilege escalation vulnerability | Important |
| Windows | CVE-2026-50397 | Windows Kernel privilege escalation vulnerability | Important |
| Windows | CVE-2026-50398 | Windows Media Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-50399 | Windows Kernel privilege escalation vulnerability | Important |
| Windows | CVE-2026-50400 | Windows App Package Installer Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-50401 | Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability | Important |
| Windows | CVE-2026-50402 | NTFS privilege escalation vulnerability | Important |
| Windows | CVE-2026-50403 | Windows Runtime Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-50404 | Windows Media Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-50405 | Windows Filtering Platform Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-50406 | Windows Backup Engine Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-50407 | Windows Resilient File System (ReFS) Privilege Escalation Vulnerability | Important |
| Microsoft Office | CVE-2026-50408 | Microsoft Excel Information Disclosure Vulnerability | Important |
| Windows | CVE-2026-50409 | Windows Overlay Filter Information Disclosure Vulnerability | Important |
| Windows | CVE-2026-50410 | Windows Runtime Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-50411 | Windows Active Directory Federation Services Denial of Service Vulnerability | Important |
| Windows | CVE-2026-50412 | Windows NTFS privilege escalation vulnerability | Important |
| Windows | CVE-2026-50413 | Windows Runtime Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-50414 | Windows Media Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-50415 | Windows Media Information Disclosure Vulnerability | Important |
| Windows | CVE-2026-50416 | Win32k information leakage vulnerability | Important |
| Windows | CVE-2026-50417 | Windows NTFS Remote Code Execution Vulnerability | Important |
| Windows | CVE-2026-50418 | Windows System Secure Function Bypass Vulnerability | Important |
| Windows | CVE-2026-50419 | Windows Kernel Information Disclosure Vulnerability | Important |
| Windows | CVE-2026-50420 | HTTP.sys information disclosure vulnerability | Important |
| Windows | CVE-2026-50421 | Windows Connected User Experiences and Telemetry privilege escalation vulnerability | Important |
| Windows | CVE-2026-50422 | Windows NTFS privilege escalation vulnerability | Important |
| Windows | CVE-2026-50423 | Windows Kernel privilege escalation vulnerability | Important |
| Windows | CVE-2026-50424 | Windows Domain Controller Denial of Service Vulnerability | Important |
| Windows | CVE-2026-50425 | Windows Internal System User Profile privilege escalation vulnerability | Important |
| Windows | CVE-2026-50426 | Windows DNS Server Remote Code Execution Vulnerability | Important |
| Windows | CVE-2026-50427 | Content Delivery Manager Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-50428 | Windows Container Isolation FS Filter Driver (unionfs.sys) Information Disclosure Vulnerability | Important |
| Windows | CVE-2026-50429 | Windows Kernel Information Disclosure Vulnerability | Important |
| Windows | CVE-2026-50430 | Windows Push Notification Information Disclosure Vulnerability | Important |
| Windows | CVE-2026-50431 | Windows Quality of Service (QoS) Packet Scheduler information disclosure vulnerability | Important |
| Windows | CVE-2026-50432 | Window Virtual Filtering Platform (VFP) Denial of Service Vulnerability | Important |
| Windows | CVE-2026-50433 | Windows Media Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-50434 | Windows Push Notification Information Disclosure Vulnerability | Important |
| Windows | CVE-2026-50435 | Windows Overlay Filter privilege escalation vulnerability | Important |
| Windows | CVE-2026-50436 | Windows Kernel privilege escalation vulnerability | Important |
| Windows | CVE-2026-50437 | Windows DWM Core Library Information Disclosure Vulnerability | Important |
| Apps | CVE-2026-50438 | Microsoft PC Manager privilege escalation vulnerability | Important |
| Windows | CVE-2026-50439 | Microsoft Message Queuing Queue Manager remote code execution vulnerability | Important |
| Windows | CVE-2026-50440 | Windows Audio Service privilege escalation vulnerability | Important |
| Windows | CVE-2026-50441 | Windows Resilient File System (ReFS) Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-50442 | Windows File Explorer Information Disclosure Vulnerability | Important |
| Windows | CVE-2026-50445 | Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability | Important |
| Windows | CVE-2026-50447 | Windows Message Queuing Service (MSMQ) Remote Code Execution Vulnerability | Important |
| Windows | CVE-2026-50448 | Windows NTFS Remote Code Execution Vulnerability | Important |
| Windows | CVE-2026-50449 | Windows Runtime Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-50450 | Windows Network Connections Service privilege escalation vulnerability | Important |
| Windows | CVE-2026-50451 | Windows Routing and Remote Access Service (RRAS) Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-50452 | Windows Runtime Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-50453 | Windows USB Audio Class Driver Information Disclosure Vulnerability | Important |
| Windows | CVE-2026-50454 | Windows User Interface Core Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-50455 | Universal Plug and Play (upnp.dll) information disclosure vulnerability | Important |
| Windows | CVE-2026-50456 | Windows File Explorer Information Disclosure Vulnerability | Important |
| Windows | CVE-2026-50457 | Windows Runtime Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-50458 | Microsoft Brokering File System Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-50459 | Windows Kernel privilege escalation vulnerability | Important |
| Windows | CVE-2026-50460 | Windows Runtime Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-50461 | Windows NTFS Remote Code Execution Vulnerability | Important |
| Windows | CVE-2026-50462 | Windows Ancillary Function Driver for WinSock Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-50463 | Windows Kernel Information Disclosure Vulnerability | Important |
| Windows | CVE-2026-50465 | Windows DNS Client Tampering Vulnerability | Important |
| Windows | CVE-2026-50466 | Microsoft Brokering File System Privilege Escalation Vulnerability | Important |
| Microsoft SQL Server | CVE-2026-50468 | Microsoft SQL Server Information Disclosure Vulnerability | Important |
| Windows | CVE-2026-50469 | Windows Projected File System Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-50470 | Windows Network Policy Server SNMP Information Disclosure Vulnerability | Important |
| Windows | CVE-2026-50471 | Windows NTFS Remote Code Execution Vulnerability | Important |
| Windows | CVE-2026-50473 | Windows File Explorer Information Disclosure Vulnerability | Important |
| Windows | CVE-2026-50475 | Windows Kernel Information Disclosure Vulnerability | Important |
| Windows | CVE-2026-50476 | Windows Network Connections Service privilege escalation vulnerability | Important |
| Windows | CVE-2026-50477 | Windows Kernel privilege escalation vulnerability | Important |
| Windows | CVE-2026-50478 | Windows Kernel privilege escalation vulnerability | Important |
| Windows | CVE-2026-50479 | Windows USB Hub Driver privilege escalation vulnerability | Important |
| Windows | CVE-2026-50480 | Windows Web Proxy Auto-Discovery Protocol (WPAD) Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-50482 | Windows NTFS Remote Code Execution Vulnerability | Important |
| Windows | CVE-2026-50483 | Windows Graphics Component Information Disclosure Vulnerability | Important |
| Windows | CVE-2026-50484 | Windows Kernel privilege escalation vulnerability | Important |
| Windows | CVE-2026-50485 | Windows Hyper-V denial of service vulnerability | Important |
| Windows | CVE-2026-50486 | Windows Runtime Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-50487 | Windows DNS Client Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-50488 | Clipboard User Service privilege escalation vulnerability | Important |
| Windows | CVE-2026-50489 | Win32k Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-50490 | Windows Installer privilege escalation vulnerability | Important |
| Windows | CVE-2026-50491 | Code Integrity DLL (ci.dll) privilege escalation vulnerability | Important |
| Windows | CVE-2026-50492 | Windows Resilient File System (ReFS) Remote Code Execution Vulnerability | Important |
| Windows | CVE-2026-50493 | DirectX Graphics Kernel privilege escalation vulnerability | Important |
| Windows | CVE-2026-50494 | Windows NTFS Remote Code Execution Vulnerability | Important |
| Windows | CVE-2026-50495 | DNS Client Tampering Vulnerability | Important |
| Windows | CVE-2026-50496 | Windows Network Policy Server SNMP Information Disclosure Vulnerability | Important |
| Windows | CVE-2026-50497 | Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability | Important |
| Windows | CVE-2026-50498 | Windows Universal Disk Format File System Driver (UDFS) Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-50499 | Windows Print Spooler privilege escalation vulnerability | Important |
| Windows | CVE-2026-50500 | Windows Netlogon Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-50501 | Windows Resilient File System (ReFS) Remote Code Execution Vulnerability | Important |
| Windows | CVE-2026-50502 | Windows Event Logging Service Remote Code Execution Vulnerability | Important |
| Windows | CVE-2026-50503 | Windows Runtime Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-50504 | Windows Remote Desktop Client information disclosure vulnerability | Important |
| Windows | CVE-2026-50505 | Windows Message Queuing Service (MSMQ) Remote Code Execution Vulnerability | Important |
| Microsoft.AspNet.OData,Microsoft.AspNetCore.OData | CVE-2026-50506 | OData for ASP.NET and ASP.NET Core Denial of Service Vulnerability | Important |
| Windows | CVE-2026-50509 | Wireless Wide Area Network Service (WwanSvc) Privilege Escalation Vulnerability | Important |
| Other | CVE-2026-50510 | GitHub Copilot remote code execution vulnerability | Important |
| Visual Studio Code | CVE-2026-50520 | Visual Studio Code Remote Code Execution Vulnerability | Important |
| .NET 8.0 installed on Windows,.NET 8.0 installed on Linux,Microsoft Visual Studio,.NET 9.0 installed on Linux,.NET 10.0 installed on Linux,.NET 8.0 installed on Mac OS,.NET 9.0 installed on Windows,.NET 9.0 installed on Mac OS,.NET 10.0 installed on Mac OS | CVE-2026-50524 | .NET Framework Denial of Service Vulnerability | Important |
| .NET 8.0 installed on Windows,.NET 8.0 installed on Linux,Microsoft Visual Studio,.NET 9.0 installed on Linux,.NET 10.0 installed on Linux,.NET 8.0 installed on Mac OS,.NET 9.0 installed on Windows,.NET 9.0 installed on Mac OS,.NET 10.0 installed on Mac OS | CVE-2026-50525 | .NET Denial of Service Vulnerability | Important |
| .NET 8.0 installed on Linux,.NET 9.0 installed on Linux,Microsoft Visual Studio,.NET 8.0 installed on Windows,.NET 10.0 installed on Linux,.NET 8.0 installed on Mac OS,.NET 9.0 installed on Windows,.NET 9.0 installed on Mac OS,.NET 10.0 installed on Mac OS | CVE-2026-50526 | .NET Tampering Vulnerability | Important |
| Microsoft .NET Framework,.NET 8.0 installed on Linux,.NET 8.0 installed on Windows,.NET 9.0 installed on Linux,Microsoft Visual Studio,.NET 10.0 installed on Linux,.NET 8.0 installed on Mac OS,.NET 9.0 installed on Windows,.NET 9.0 installed on Mac OS,.NET 10.0 installed on Mac OS | CVE-2026-50527 | .NET Framework Denial of Service Vulnerability | Important |
| .NET 8.0 installed on Linux,.NET 8.0 installed on Windows,Microsoft Visual Studio,.NET 9.0 installed on Linux,.NET 10.0 installed on Linux,.NET 8.0 installed on Mac OS,.NET 9.0 installed on Windows,.NET 9.0 installed on Mac OS,.NET 10.0 installed on Mac OS | CVE-2026-50528 | .NET security feature bypass vulnerability | Important |
| .NET 9.0 installed on Windows,Microsoft .NET Framework,.NET 8.0 installed on Windows,Microsoft Visual Studio | CVE-2026-50646 | .NET Framework Remote Code Execution Vulnerability | Important |
| Windows | CVE-2026-50647 | Active Directory Federation Server denial of service vulnerability | Important |
| Microsoft .NET Framework,.NET 8.0 installed on Windows,.NET 8.0 installed on Linux,.NET 9.0 installed on Linux,Microsoft Visual Studio,.NET 10.0 installed on Linux,.NET 8.0 installed on Mac OS,.NET 9.0 installed on Windows,.NET 9.0 installed on Mac OS,.NET 10.0 installed on Mac OS | CVE-2026-50648 | .NET Framework Denial of Service Vulnerability | Important |
| .NET 9.0 installed on Windows,.NET 8.0 installed on Windows,Microsoft Visual Studio | CVE-2026-50649 | .NET Remote Code Execution Vulnerability | Important |
| .NET 9.0 installed on Windows,Microsoft .NET Framework,.NET 8.0 installed on Windows,Microsoft Visual Studio | CVE-2026-50650 | .NET Framework Privilege Escalation Vulnerability | Important |
| .NET 8.0 installed on Windows,.NET 8.0 installed on Linux,Microsoft Visual Studio,.NET 9.0 installed on Linux,.NET 10.0 installed on Linux,.NET 8.0 installed on Mac OS,.NET 9.0 installed on Windows,.NET 9.0 installed on Mac OS,.NET 10.0 installed on Mac OS | CVE-2026-50651 | .NET Denial of Service Vulnerability | Important |
| Azure | CVE-2026-50652 | Azure Active Directory denial of service vulnerability | Important |
| Azure | CVE-2026-50653 | Azure Active Directory denial of service vulnerability | Important |
| System Center | CVE-2026-50657 | Microsoft Defender for Endpoint for Mac Information Disclosure Vulnerability | Important |
| System Center | CVE-2026-50658 | Microsoft Defender for Endpoint for Mac Privilege Escalation Vulnerability | Important |
| .NET 8.0 installed on Windows,.NET 8.0 installed on Linux,Microsoft Visual Studio,.NET 9.0 installed on Linux,.NET 10.0 installed on Linux,.NET 8.0 installed on Mac OS,.NET 9.0 installed on Windows,.NET 9.0 installed on Mac OS,.NET 10.0 installed on Mac OS | CVE-2026-50659 | .NET Spoofing Vulnerability | Important |
| Windows | CVE-2026-50661 | Windows BitLocker security feature bypass vulnerability | Important |
| Other | CVE-2026-50663 | Game: Age of Empires II: Definitive Edition remote code execution vulnerability | Important |
| Microsoft Office | CVE-2026-50665 | Microsoft Office Information Disclosure Vulnerability | Important |
| Windows | CVE-2026-50666 | Windows Remote Access privilege escalation vulnerability | Important |
| Windows | CVE-2026-50667 | Windows Common Log File System Driver Escalation Vulnerability | Important |
| Windows | CVE-2026-50668 | Windows Resilient File System (ReFS) Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-50669 | Windows Telephony Server privilege escalation vulnerability | Important |
| Windows | CVE-2026-50670 | Windows Win32k Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-50672 | Windows NTFS privilege escalation vulnerability | Important |
| Windows | CVE-2026-50673 | Windows Kernel privilege escalation vulnerability | Important |
| Windows | CVE-2026-50674 | Windows USB Print Driver privilege escalation vulnerability | Important |
| Microsoft Office | CVE-2026-50675 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Windows | CVE-2026-50676 | Windows Media Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-50677 | Windows Media Privilege Escalation Vulnerability | Important |
| Microsoft Office | CVE-2026-50678 | Microsoft Excel Information Disclosure Vulnerability | Important |
| Windows | CVE-2026-50679 | Windows Search Service privilege escalation vulnerability | Important |
| Windows | CVE-2026-50681 | Windows Secure Channel Information Disclosure Vulnerability | Important |
| Windows | CVE-2026-50682 | Active Directory denial of service vulnerability | Important |
| Windows | CVE-2026-50683 | Windows DHCP Client Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-50684 | Active Directory Federation Server spoofing vulnerability | Important |
| Windows | CVE-2026-50685 | Windows DHCP Server Remote Code Execution Vulnerability | Important |
| Windows | CVE-2026-50686 | Windows OLE Remote Code Execution Vulnerability | Important |
| Windows | CVE-2026-50687 | Windows Win32k Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-50688 | Windows Win32k Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-50689 | Windows Clipboard Server Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-50690 | Windows SMB Information Disclosure Vulnerability | Important |
| Windows | CVE-2026-50692 | Desktop Window Manager Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-50695 | Windows Active Directory Federation Services Denial of Service Vulnerability | Important |
| Windows | CVE-2026-50696 | Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability | Important |
| Windows | CVE-2026-50697 | Windows Common Log File System Driver Escalation Vulnerability | Important |
| Windows | CVE-2026-54107 | Windows Win32k Privilege Escalation Vulnerability | Important |
| Microsoft Office | CVE-2026-54108 | Microsoft SharePoint Server Spoofing Vulnerability | Important |
| Windows | CVE-2026-54109 | Windows Resilient File System (ReFS) Remote Code Execution Vulnerability | Important |
| Windows | CVE-2026-54111 | Universal Print Management Service Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-54112 | Windows Win32k Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-54114 | Windows Win32k Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-54115 | Windows Message Queuing (MSMQ) Privilege Escalation Vulnerability | Important |
| Microsoft SQL Server | CVE-2026-54116 | Microsoft SQL Server Information Disclosure Vulnerability | Important |
| Windows | CVE-2026-54119 | Windows Active Directory denial of service vulnerability | Important |
| Windows | CVE-2026-54122 | Windows GDI+ Remote Code Execution Vulnerability | Important |
| Windows,Apps | CVE-2026-54124 | Windows Terminal Remote Code Execution Vulnerability | Important |
| Windows | CVE-2026-54125 | Windows Runtime Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-54126 | Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability | Important |
| Windows | CVE-2026-54129 | Windows Hyper-V privilege escalation vulnerability | Important |
| Microsoft Office | CVE-2026-54131 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Windows | CVE-2026-54132 | Windows Kernel privilege escalation vulnerability | Important |
| Windows | CVE-2026-54983 | Windows Active Directory Federation Services Denial of Service Vulnerability | Important |
| Windows | CVE-2026-54986 | Windows Win32k Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-54987 | Windows Overlay Filter privilege escalation vulnerability | Important |
| Microsoft Office | CVE-2026-54988 | Microsoft Excel Information Disclosure Vulnerability | Important |
| Windows | CVE-2026-54989 | Quality Windows Audio/Video Experience (QWAVE) privilege escalation vulnerability | Important |
| Windows | CVE-2026-54990 | Remote Desktop Client remote code execution vulnerability | Important |
| Windows | CVE-2026-54991 | Windows USB Print Driver privilege escalation vulnerability | Important |
| Windows | CVE-2026-54993 | Microsoft Windows Media Foundation Remote Code Execution Vulnerability | Important |
| Windows | CVE-2026-54996 | Windows USB Print Driver privilege escalation vulnerability | Important |
| Windows | CVE-2026-54997 | Windows SMB Information Disclosure Vulnerability | Important |
| Windows | CVE-2026-55000 | Windows USB Print Driver privilege escalation vulnerability | Important |
| Windows | CVE-2026-55001 | Active Directory Domain Services privilege escalation vulnerability | Important |
| Microsoft SQL Server | CVE-2026-55002 | Microsoft SQL Server Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-55003 | Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability | Important |
| Windows | CVE-2026-55004 | Windows Print Configuration Privilege Escalation Vulnerability | Important |
| Microsoft Exchange Server Subscription Edition RTM,Microsoft Exchange Server | CVE-2026-55005 | Microsoft Exchange Server Remote Code Execution Vulnerability | Important |
| Microsoft Exchange Server Subscription Edition RTM,Microsoft Exchange Server | CVE-2026-55006 | Microsoft Exchange Server privilege escalation vulnerability | Important |
| Microsoft Exchange Server Subscription Edition RTM,Microsoft Exchange Server | CVE-2026-55009 | Microsoft Exchange Server privilege escalation vulnerability | Important |
| Windows | CVE-2026-55014 | Windows Remote Help Defense privilege escalation vulnerability | Important |
| Microsoft Office | CVE-2026-55016 | Microsoft SharePoint Server Spoofing Vulnerability | Important |
| Microsoft Office | CVE-2026-55017 | Microsoft Office Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2026-55019 | Microsoft SharePoint Server Spoofing Vulnerability | Important |
| Microsoft Office | CVE-2026-55020 | Microsoft SharePoint Server Spoofing Vulnerability | Important |
| Microsoft Office | CVE-2026-55021 | Microsoft SharePoint Server Spoofing Vulnerability | Important |
| Microsoft Office | CVE-2026-55023 | Microsoft Office Information Disclosure Vulnerability | Important |
| Microsoft Office | CVE-2026-55024 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2026-55025 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2026-55026 | Microsoft Office Information Disclosure Vulnerability | Important |
| Microsoft Office | CVE-2026-55027 | Microsoft Office Information Disclosure Vulnerability | Important |
| Microsoft Office | CVE-2026-55028 | Microsoft Office Information Disclosure Vulnerability | Important |
| Microsoft Office | CVE-2026-55029 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2026-55030 | Microsoft SharePoint Server Spoofing Vulnerability | Important |
| Microsoft Office | CVE-2026-55031 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2026-55032 | Microsoft Word remote code execution vulnerability | Important |
| Microsoft Office | CVE-2026-55034 | Microsoft SharePoint Server Spoofing Vulnerability | Important |
| Microsoft Office | CVE-2026-55035 | Microsoft Office Information Disclosure Vulnerability | Important |
| Microsoft Office | CVE-2026-55036 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2026-55037 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2026-55038 | Microsoft Word remote code execution vulnerability | Important |
| Microsoft Office | CVE-2026-55039 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2026-55041 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2026-55042 | Microsoft Office Information Disclosure Vulnerability | Important |
| Microsoft Office | CVE-2026-55044 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2026-55046 | Microsoft Excel Information Disclosure Vulnerability | Important |
| Microsoft Office | CVE-2026-55047 | Microsoft Office Information Disclosure Vulnerability | Important |
| Microsoft Office | CVE-2026-55048 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2026-55050 | Microsoft Word Information Disclosure Vulnerability | Important |
| Microsoft Office | CVE-2026-55051 | Microsoft SharePoint Server Information Disclosure Vulnerability | Important |
| Microsoft Office | CVE-2026-55052 | Microsoft SharePoint privilege escalation vulnerability | Important |
| Microsoft Office | CVE-2026-55053 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2026-55054 | Microsoft Excel Information Disclosure Vulnerability | Important |
| Microsoft Office | CVE-2026-55055 | Microsoft Word remote code execution vulnerability | Important |
| Microsoft Office | CVE-2026-55057 | Microsoft Office Information Disclosure Vulnerability | Important |
| Microsoft Office | CVE-2026-55058 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2026-55121 | Microsoft Office Information Disclosure Vulnerability | Important |
| Microsoft Office | CVE-2026-55122 | Microsoft Excel Information Disclosure Vulnerability | Important |
| Microsoft Office | CVE-2026-55124 | Microsoft Word Information Disclosure Vulnerability | Important |
| Microsoft Office | CVE-2026-55125 | Microsoft Office Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2026-55126 | Microsoft SharePoint Server Spoofing Vulnerability | Important |
| Microsoft Office | CVE-2026-55128 | Microsoft Word remote code execution vulnerability | Important |
| Microsoft Office | CVE-2026-55130 | Microsoft Word remote code execution vulnerability | Important |
| Microsoft Office | CVE-2026-55131 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2026-55133 | Microsoft OneNote remote code execution vulnerability | Important |
| Microsoft Office | CVE-2026-55134 | Microsoft Word remote code execution vulnerability | Important |
| Microsoft Office | CVE-2026-55135 | Microsoft SharePoint Server Spoofing Vulnerability | Important |
| Microsoft Office | CVE-2026-55136 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2026-55137 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2026-55138 | Microsoft Excel Information Disclosure Vulnerability | Important |
| Microsoft Office | CVE-2026-55139 | Microsoft Office Information Disclosure Vulnerability | Important |
| Microsoft Office | CVE-2026-55141 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2026-55142 | Microsoft Word Information Disclosure Vulnerability | Important |
| Windows | CVE-2026-55144 | Windows Cryptography API: Next Generation (CNG) Tampering Vulnerability | Important |
| Microsoft Office | CVE-2026-55898 | Microsoft Excel Information Disclosure Vulnerability | Important |
| Microsoft Office | CVE-2026-55899 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2026-55947 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2026-55948 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2026-55949 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Windows | CVE-2026-56155 | Active Directory Federation Services Privilege Escalation Vulnerability | Important |
| Microsoft Office | CVE-2026-56156 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2026-56157 | Microsoft SharePoint Server Spoofing Vulnerability | Important |
| Windows | CVE-2026-56168 | Windows SMB Server Denial of Service Vulnerability | Important |
| Windows | CVE-2026-56169 | Windows Admin Center Privilege Escalation Vulnerability | Important |
| .NET 8.0 installed on Windows,.NET 8.0 installed on Linux,.NET 9.0 installed on Linux,.NET 10.0 installed on Linux,.NET 8.0 installed on Mac OS,.NET 9.0 installed on Windows,.NET 9.0 installed on Mac OS,.NET 10.0 installed on Mac OS | CVE-2026-56170 | ASP.NET Core denial of service vulnerability | Important |
| Windows | CVE-2026-56173 | Windows WebView Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-56175 | Windows NTFS privilege escalation vulnerability | Important |
| Windows | CVE-2026-56176 | Windows Win32k Privilege Escalation Vulnerability | Important |
| System Center | CVE-2026-56178 | Microsoft Defender for Endpoint for Mac Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-56182 | Windows NTFS privilege escalation vulnerability | Important |
| Windows | CVE-2026-56183 | Windows MIDI Service Module Elevation of Privileges Vulnerability | Important |
| Windows | CVE-2026-56184 | Win32k information leakage vulnerability | Important |
| Windows | CVE-2026-56185 | Windows Admin Center Information Disclosure Vulnerability | Important |
| Windows | CVE-2026-56186 | Windows Secure Channel Information Disclosure Vulnerability | Important |
| Windows | CVE-2026-56187 | Windows MIDI Service Module Elevation of Privileges Vulnerability | Important |
| Windows | CVE-2026-56190 | Remote Desktop Protocol remote code execution vulnerability | Important |
| Microsoft Office | CVE-2026-56192 | Microsoft Office Information Disclosure Vulnerability | Important |
| Microsoft Office | CVE-2026-56193 | Microsoft Office Information Disclosure Vulnerability | Important |
| Windows | CVE-2026-56194 | Windows NFS Server Privilege Escalation Vulnerability | Important |
| Microsoft Office | CVE-2026-56195 | Microsoft Office Information Disclosure Vulnerability | Important |
| Windows | CVE-2026-56196 | Windows Admin Center (WAC) Remote Code Execution Vulnerability | Important |
| Windows | CVE-2026-56197 | Windows Admin Center (WAC) Remote Code Execution Vulnerability | Important |
| Fabric Data Warehouse | CVE-2026-56642 | Microsoft Fabric Data Warehouse Remote Code Execution Vulnerability | Important |
| Windows | CVE-2026-56643 | DirectX Graphics Kernel privilege escalation vulnerability | Important |
| Windows | CVE-2026-56644 | DirectX Graphics Kernel privilege escalation vulnerability | Important |
| Microsoft Edge (Chromium-based) | CVE-2026-56645 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | Important |
| Microsoft Edge (Chromium-based) | CVE-2026-56646 | Microsoft Edge (Chromium-based) spoofing vulnerability | Important |
| Windows | CVE-2026-56647 | Windows Remote Access Service Infrastructure privilege escalation vulnerability | Important |
| Windows | CVE-2026-56648 | Windows NFS Server Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-56649 | Windows Network File System Remote Code Execution Vulnerability | Important |
| Windows | CVE-2026-56650 | Windows Network File System Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-57083 | Windows Media Photo Codec Information Disclosure Vulnerability | Important |
| Windows | CVE-2026-57084 | Windows File Explorer Information Disclosure Vulnerability | Important |
| Windows | CVE-2026-57085 | Windows Print Spooler Information Disclosure Vulnerability | Important |
| Windows | CVE-2026-57088 | Extensible Storage Engine (ESENT) privilege escalation vulnerability | Important |
| Windows | CVE-2026-57089 | Windows SMB Server Network Transport Driver (srvnet.sys) Remote Code Execution Vulnerability | Important |
| Windows | CVE-2026-57091 | Windows File History Service privilege escalation vulnerability | Important |
| Windows | CVE-2026-57093 | Windows Ancillary Function Driver for WinSock Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-57095 | Win32k Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-57096 | Windows Routing and Remote Access Service (RRAS) Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-57097 | Microsoft XML Security Function Bypass Vulnerability | Important |
| Visual Studio Code | CVE-2026-57101 | Visual Studio Code security feature bypass vulnerability | Important |
| Visual Studio Code | CVE-2026-57102 | Visual Studio Code security feature bypass vulnerability | Important |
| Windows | CVE-2026-57107 | Windows Admin Center Privilege Escalation Vulnerability | Important |
| .NET 8.0 installed on Windows,.NET 8.0 installed on Linux,.NET 9.0 installed on Linux,.NET 10.0 installed on Linux,.NET 8.0 installed on Mac OS,.NET 9.0 installed on Windows,.NET 9.0 installed on Mac OS,.NET 10.0 installed on Mac OS | CVE-2026-57108 | .NET Denial of Service Vulnerability | Important |
| Open Source Software | CVE-2026-57968 | Windows Subsystem for Linux (WSL2) Kernel privilege escalation vulnerability | Important |
| Azure | CVE-2026-57969 | Azure CycleCloud privilege escalation vulnerability | Important |
| Open Source Software | CVE-2026-57973 | Windows Subsystem for Linux (WSL2) Kernel Tampering Vulnerability | Important |
| Microsoft Edge (Chromium-based) | CVE-2026-57974 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | Important |
| Microsoft Edge (Chromium-based) | CVE-2026-57975 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | Important |
| Windows | CVE-2026-57976 | Windows Active Directory Domain Services Denial of Service Vulnerability | Important |
| Microsoft Edge (Chromium-based) | CVE-2026-57977 | Microsoft Edge (Chromium-based) spoofing vulnerability | Important |
| Windows | CVE-2026-57979 | Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability | Important |
| Microsoft Edge (Chromium-based) | CVE-2026-57981 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | Important |
| Windows | CVE-2026-57982 | Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability | Important |
| Microsoft Edge (Chromium-based) | CVE-2026-57983 | Microsoft Edge (Chromium-based) security feature bypass vulnerability | Important |
| Microsoft Edge (Chromium-based) | CVE-2026-57984 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | Important |
| Microsoft Edge (Chromium-based) | CVE-2026-57985 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | Important |
| Microsoft Edge (Chromium-based) | CVE-2026-57986 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | Important |
| Microsoft Edge (Chromium-based) | CVE-2026-57987 | Microsoft Edge (Chromium-based) spoofing vulnerability | Important |
| Microsoft Edge (Chromium-based) | CVE-2026-57988 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | Important |
| Microsoft Edge (Chromium-based) | CVE-2026-57991 | Microsoft Edge (Chromium-based) information disclosure vulnerability | Important |
| Microsoft Edge (Chromium-based) | CVE-2026-57992 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | Important |
| Microsoft Edge (Chromium-based) | CVE-2026-57993 | Microsoft Edge (Chromium-based) spoofing vulnerability | Important |
| Microsoft Edge (Chromium-based) | CVE-2026-58276 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2026-58277 | Microsoft SharePoint privilege escalation vulnerability | Important |
| Microsoft Edge (Chromium-based) | CVE-2026-58278 | Microsoft Edge (Chromium-based) spoofing vulnerability | Important |
| Azure | CVE-2026-58279 | Azure CycleCloud privilege escalation vulnerability | Important |
| Microsoft Edge (Chromium-based) | CVE-2026-58281 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | Important |
| Microsoft Edge (Chromium-based) | CVE-2026-58282 | Microsoft Edge (Chromium-based) spoofing vulnerability | Important |
| Microsoft Edge (Chromium-based) | CVE-2026-58283 | Microsoft Edge (Chromium-based) spoofing vulnerability | Important |
| Microsoft Edge (Chromium-based) | CVE-2026-58284 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | Important |
| Microsoft Edge (Chromium-based) | CVE-2026-58285 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | Important |
| Microsoft Edge (Chromium-based) | CVE-2026-58286 | Microsoft Edge (Chromium-based) spoofing vulnerability | Important |
| Microsoft Edge (Chromium-based) | CVE-2026-58287 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | Important |
| Microsoft Edge (Chromium-based) | CVE-2026-58288 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | Important |
| Microsoft Edge (Chromium-based) | CVE-2026-58289 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | Important |
| Microsoft Edge (Chromium-based) | CVE-2026-58290 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | Important |
| Microsoft Edge (Chromium-based) | CVE-2026-58291 | Microsoft Edge (Chromium-based) information disclosure vulnerability | Important |
| Microsoft Edge (Chromium-based) | CVE-2026-58292 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | Important |
| Microsoft Edge (Chromium-based) | CVE-2026-58293 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | Important |
| Microsoft Edge (Chromium-based) | CVE-2026-58294 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | Important |
| Microsoft Edge (Chromium-based) | CVE-2026-58295 | Microsoft Edge (Chromium-based) security feature bypass vulnerability | Important |
| Microsoft Edge (Chromium-based) | CVE-2026-58296 | Microsoft Edge for Android Information Disclosure Vulnerability | Important |
| Microsoft Edge (Chromium-based) | CVE-2026-58297 | Microsoft Edge for Android Information Disclosure Vulnerability | Important |
| Microsoft Edge (Chromium-based) | CVE-2026-58298 | Microsoft Edge (Chromium-based) spoofing vulnerability | Important |
| Microsoft Edge (Chromium-based) | CVE-2026-58299 | Microsoft Edge for Android Remote Code Execution Vulnerability | Important |
| Microsoft Edge (Chromium-based) | CVE-2026-58300 | Microsoft Edge for Android Information Disclosure Vulnerability | Important |
| Microsoft Edge (Chromium-based) | CVE-2026-58522 | Microsoft Edge for Android Information Disclosure Vulnerability | Important |
| Microsoft Edge (Chromium-based) | CVE-2026-58523 | Microsoft Edge for Android security feature bypass vulnerability | Important |
| Microsoft Edge (Chromium-based) | CVE-2026-58524 | Microsoft Edge (Chromium-based) spoofing vulnerability | Important |
| Microsoft Edge (Chromium-based) | CVE-2026-58525 | Microsoft Edge (Chromium-based) security feature bypass vulnerability | Important |
| Windows | CVE-2026-58526 | Windows Storage Permission Escalation Vulnerability | Important |
| Windows | CVE-2026-58527 | Windows Runtime Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-58528 | Windows USB Audio Class Driver Information Disclosure Vulnerability | Important |
| Windows | CVE-2026-58529 | Windows Active Directory Federation Services (ADFS) Information Disclosure Vulnerability | Important |
| Windows | CVE-2026-58530 | Windows Resilient File System (ReFS) Remote Code Execution Vulnerability | Important |
| Windows | CVE-2026-58531 | Windows SMB privilege escalation vulnerability | Important |
| Windows | CVE-2026-58532 | Windows Kernel privilege escalation vulnerability | Important |
| Windows | CVE-2026-58533 | Windows Remote Desktop Client information disclosure vulnerability | Important |
| Windows | CVE-2026-58534 | Windows Input Method Editor (IME) Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-58535 | Windows Remote Desktop Client information disclosure vulnerability | Important |
| Windows | CVE-2026-58536 | Windows Cloud Files Mini Filter Driver privilege escalation vulnerability | Important |
| Windows | CVE-2026-58537 | Microsoft NAT Helper Components (ipnathlp.dll) Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-58538 | Windows Bluetooth Service Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-58539 | Windows Remote Desktop Client information disclosure vulnerability | Important |
| Windows | CVE-2026-58540 | Windows Installer privilege escalation vulnerability | Important |
| Windows | CVE-2026-58541 | Microsoft DWM Core Library Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-58543 | Universal Print Management Service Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-58544 | Windows Management Services Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-58545 | Windows Kernel security feature bypass vulnerability | Important |
| Windows | CVE-2026-58546 | Windows Remote Desktop Client information disclosure vulnerability | Important |
| Windows | CVE-2026-58547 | Windows Universal Plug and Play (UPnP) Device Host privilege escalation vulnerability | Important |
| Windows | CVE-2026-58594 | Remote Desktop Client remote code execution vulnerability | Important |
| Apps | CVE-2026-58595 | Microsoft Bing App for IOS spoofing vulnerability | Important |
| Microsoft Edge (Chromium-based) | CVE-2026-58596 | Microsoft Edge (Chromium-based) Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-58601 | Virtual Hard Disk (VHD) Miniport Driver Elevation of Privilege Vulernability | Important |
| Windows | CVE-2026-58602 | Windows Kernel-Mode Driver privilege escalation vulnerability | Important |
| Windows | CVE-2026-58609 | Windows Graphics Component Remote Code Execution Vulnerability | Important |
| Windows | CVE-2026-58610 | Microsoft Windows Media Foundation Remote Code Execution Vulnerability | Important |
| Windows | CVE-2026-58613 | Windows Cloud Files Mini Filter Driver privilege escalation vulnerability | Important |
| Windows | CVE-2026-58614 | Windows Kernel security feature bypass vulnerability | Important |
| Apps | CVE-2026-58617 | M365 Copilot for iOS privilege escalation vulnerability | Important |
| Microsoft Office | CVE-2026-58618 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Windows | CVE-2026-58619 | Windows Sensor Data Service privilege escalation vulnerability | Important |
| Windows | CVE-2026-58626 | Windows Remote Desktop Services remote code execution vulnerability | Important |
| Windows | CVE-2026-58627 | Windows DHCP Server Denial of Service Vulnerability | Important |
| Windows | CVE-2026-58628 | Windows Wireless Network Manager privilege escalation vulnerability | Important |
| Windows | CVE-2026-58629 | DirectX Graphics Kernel privilege escalation vulnerability | Important |
| Windows | CVE-2026-58631 | Windows Admin Center (WAC) Remote Code Execution Vulnerability | Important |
| Windows | CVE-2026-58632 | Windows Win32 Kernel Subsystem Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-58633 | Desktop Window Manager Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-58634 | Desktop Window Manager Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-58635 | Windows Narrator Braille privilege escalation vulnerability | Important |
| Apps | CVE-2026-58636 | Microsoft PC Manager privilege escalation vulnerability | Important |
| Windows | CVE-2026-58637 | Windows Client-Side Caching Privilege Escalation Vulnerability | Important |
| Windows | CVE-2026-58638 | Windows Boot Loader security feature bypass vulnerability | Important |
| Windows | CVE-2026-58640 | Windows NTFS Remote Code Execution Vulnerability | Important |
| Power BI Report Server | CVE-2026-58647 | Microsoft PowerBI Report Server Spoofing Vulnerability | Important |
| Microsoft Edge (Chromium-based) | CVE-2026-45488 | Microsoft Edge (Chromium-based) spoofing vulnerability | Moderate |
| Microsoft Edge (Chromium-based) | CVE-2026-45489 | Microsoft Edge (Chromium-based) spoofing vulnerability | Moderate |
| Other | CVE-2026-55145 | Outlook Copilot tampering vulnerability | Moderate |
| Microsoft Edge (Chromium-based) | CVE-2026-55945 | Microsoft Edge (Chromium-based) information disclosure vulnerability | Moderate |
| Microsoft Office | CVE-2026-56164 | Microsoft SharePoint Server privilege escalation vulnerability | Moderate |
| Windows | CVE-2026-56181 | Windows Network Address Translation (NAT) spoofing vulnerability | Moderate |
| Microsoft Edge (Chromium-based) | CVE-2026-58597 | Microsoft Edge (Chromium-based) spoofing vulnerability | Low |
About NSFOCUS
NSFOCUS, a pioneering leader in cybersecurity, is dedicated to safeguarding telecommunications, Internet service providers, hosting providers, and enterprises from sophisticated cyberattacks.
Founded in 2000, NSFOCUS operates globally with over 3000 employees at two headquarters in Beijing, China, and Santa Clara, CA, USA, and over 50 offices worldwide. It has a proven track record of protecting over 25% of the Fortune Global 500 companies, including four of the five largest banks and six of the world’s top ten telecommunications companies.
Leveraging technical prowess and innovation, NSFOCUS delivers a comprehensive suite of security solutions, including the Intelligent Security Operations Platform (ISOP) for modern SOC, DDoS Protection, Continuous Threat Exposure Management (CTEM) Service and Web Application and API Protection (WAAP). All the solutions and services are augmented by the Security Large Language Model (SecLLM), ML, patented algorithms and other cutting-edge research achievements developed by NSFOCUS.