Blog

The July 2026 Security Update Review

July 14, 2026
Dustin Childs

Well folks. Here we are. The bug apocalypse has fully descended upon us. I’ll do my best to sort this out in some way meaningful, but this month’s release shows us the nay-sayers were right, and I’ve got to hand it to the nay-sayers here. Excellent call. Take an extended break from your regularly scheduled activities as we let’s take a look at the latest security patches from Adobe and Microsoft. If you’d rather watch the full video recap covering the entire release, you can check out the Patch Report webcast on our YouTube channel. It should be posted within a couple of hours after the release.

Adobe Patches for July 2026

Adobe has now moved to a bimonthly release schedule, which means they will be releasing patches on the second and fourth Tuesdays of the month. I’ll continue to cover the second Tuesday release here and update this blog should the fourth Tuesday release contain anything significant. I think this is a smart way to break up a monster release into something a bit more manageable. Apple has said they are taking a similar approach. We’ll see if other vendors follow their lead.

For the first part of the July release, Adobe released 12 bulletins addressing 88 unique CVEs in Adobe ColdFusion, Commerce, After Effects, Animate, Audition, Bridge, Creative Cloud Desktop Application, Experience Manager, Illustrator, Media Encoder, Premiere Pro, and the Content Credentials SDK.

Here’s this month’s overview table:

Bulletin ID Product CVE Count Highest Severity Highest CVSS Exploited Deployment Priority
APSB26-82 Adobe ColdFusion 13 Critical 9.9 No 1
APSB26-73 Adobe Commerce 13 Critical 9.6 No 2
APSB26-78 Adobe After Effects 3 Critical 7.8 No 3
APSB26-83 Adobe Animate 6 Critical 8.6 No 3
APSB26-71 Adobe Audition 6 Critical 7.8 No 3
APSB26-81 Adobe Bridge 6 Critical 7.8 No 3
APSB26-77 Adobe Creative Cloud Desktop Application 2 Critical 8.1 No 3
APSB26-74 Adobe Experience Manager 13 Critical 9.6 No 3
APSB26-79 Adobe Illustrator 5 Critical 9.3 No 3
APSB26-72 Adobe Media Encoder 5 Critical 7.8 No 3
APSB26-76 Adobe Premiere Pro 4 Critical 7.8 No 3
APSB26-80 Content Credentials SDK 12 Critical 8.2 No 3
TOTAL 12 bulletins 88

While nothing is under active exploit, I would prioritize the Cold Fusion and Commerce patches first. The patch for Cold Fusion even clocks in with a CVSS 9.9 bug. Beyond that, most of these updates are pretty straightforward. If you’re using these products, patch them. However, you can use you regular patch cadence here.

Microsoft Patches for July 2026

Here it is. The Mother of All Releases. To call this record-breaking is an understatement. How to count this mess is anyone’s guess, but I see new Microsoft 621 CVEs for the month of July. Some of these are in online services where no user action is required. They also list about 480 bugs in Chromium and Microsoft Edge (Chromium-based) that I won’t cover here. Here’s how I put this in context. I looked at the last 20 years of Microsoft releases. The CVE count year-to-date exceeds all other years’ totals.

The products covered this month are also astonishing. There are patches for Windows and Windows components, Office and Office Components, Microsoft Edge (Chromium-based), Azure, .NET and Visual Studio, Github Copilot, Defender, Exchange Server, Hyper-V, Ages of Empire II, and Minecraft Server (really!). That phrase “Windows components” does some pretty heavy lifting here, too, as just about everything you’ve ever heard of is getting patched. All told, there are 63 rated Critical, six rated Moderate, one rated Low, with the rest rated Important in severity. Eight of these bugs were submitted through the ZDI program (more on that later). Two CVEs are listed as under active exploit while one other is listed as publicly known.

So how do we eat this elephant? One byte at a time (pun intended). Let’s start by looking a closer look at some of the more interesting updates for this month, starting with the bugs being exploited in the wild.

-    CVE-2026-56155 - Active Directory Federation Services Elevation of Privilege Vulnerability
This is one of several AD FS being patched this month, but it’s the only one being actively exploited. It stems from insufficient access-control granularity and does require local access and low privileges to start, but AD FS is exactly the kind of identity infrastructure attackers love to pivot through once they're in. It can also be paired with an RCE as we often see in ransomware. Test and deploy this patch quickly.

-    CVE-2026-56164 - Microsoft SharePoint Server Elevation of Privilege Vulnerability
The other bug being exploited in the wild this month is a modest CVSS 5.3 – but it shows why Moderate severity bugs still matter. It's a missing-authentication flaw, meaning an unauthenticated attacker can hit it over the network with no user interaction required. When something this reachable is being actively abused, patch it now and worry about the score later.

-    CVE-2026-57092 - Microsoft Windows VMSwitch Elevation of Privilege Vulnerability
This patch rates the highest CVSS score for the month: a solid 9.9. It’s a use-after-free that lets a low-privileged attacker escalate to full host compromise across a VM boundary. We saw something like this demonstrated at Pwn2Own Berlin on ESXi, but it clearly isn’t alone. If you’re using VMSwitch in your Hyper-V deployments (and you likely are), test and deploy this one quickly.

-    CVE-2026-50522/58644 - Microsoft SharePoint Remote Code Execution Vulnerability
This matching pair of CVSS 9.8 bugs results from the deserialization-of-untrusted-data and are reachable without authentication or user interaction. CVE-2026-50522 was demonstrated during Pwn2Own Berlin, so it’s odd to see Microsoft list it as “Exploit Maturity Unknown” since we literally handed them a working exploit. Just another reason to do your own risk assessment and not rely 100% on the vendor. If you have any Internet accessible SharePoint servers, test and deploy this patch quickly.

-    CVE-2026-56190 - Remote Desktop Protocol Remote Code Execution Vulnerability
This patch covers an unauthenticated, network-reachable, no user interaction required bug. The root cause is a classic one: use of uninitialized resource (CWE-908), meaning specially crafted RDP traffic can interact with memory that was never properly initialized, letting an attacker corrupt memory and potentially steer code execution. RDP Servers are a common target, so audit your systems to see which are internet accessible and start from there.

-    CVE-2026-55008 - Microsoft Exchange Server Spoofing Vulnerability
Ignore the title here and treat this like the XSS bug it is. The vulnerability is listed as a CVSS 9.6 since it’s a stored cross-site scripting flaw in Outlook Web Access, with a scope-changed impact that lets it break out of the web app context entirely. An attacker sends a specially crafted email, and if the victim simply opens it in OWA, arbitrary JavaScript executes in their browser session — no attachment needed, no macro warning, just viewing the message does it. If you’re using OWA, test and deploy this one quickly.

-    CVE-2026-50518 - Windows DHCP Server Remote Code Execution Vulnerability
There are a couple of these DHCP RCE patches in this release, but the other has caveats while this one does not. Both are heap-based buffer overflows scoring CVSS 9.8, both unauthenticated and network-reachable. If you're running DHCP Server role on anything Internet-adjacent (you're not, right?), these move to the top of the list.

-    CVE-2026-56188 - Windows Server Network driver Remote Code Execution Vulnerability
Another Critical-rated bug, this one is caused by a race condition. It’s always fun to see a TOCTOU bug rated this high, since race conditions are notoriously finicky to exploit reliably. While it may prove tricky to exploit, this bug could allow an attacker to execute privileged code over the network without user interaction. Don’t let the race condition lull you to sleep on a wormable bug.

-    CVE-2026-55010 - Minecraft Bedrock Dedicated Server Remote Code Execution Vulnerability
File this in the “why not” category. This bug is a heap-based buffer overflow in Minecraft Bedrock Dedicated Server, also CVSS 9.8 and also unauthenticated RCE. Yes, your kid’s Minecraft server (it is your kid’s server, right?) is exposed to the same class of bug as your DHCP infrastructure. Patch it anyway.

Here’s the full list of CVEs released by Microsoft for July 2026:

CVE Title Severity CVSS Public Exploited Type
CVE-2026-56155 Active Directory Federation Services Elevation of Privilege Vulnerability Important 7.8 No Yes EoP
CVE-2026-56164 Microsoft SharePoint Server Elevation of Privilege Vulnerability Moderate 5.3 No Yes EoP
CVE-2026-50661 Windows BitLocker Security Feature Bypass Vulnerability Important 6.1 Yes No SFB
CVE-2026-54121 Active Directory Certificate Services Elevation of Privilege Vulnerability Critical 8.8 No No EoP
CVE-2026-45499 ** Azure OpenAI Elevation of Privilege Vulnerability Critical 9.9 No No EoP
CVE-2026-48564 DHCP Server Service Remote Code Execution Vulnerability Critical 8.8 No No RCE
CVE-2026-50370 DHCP Server Service Remote Code Execution Vulnerability Critical 8.8 No No RCE
CVE-2026-56159 DHCP Server Service Remote Code Execution Vulnerability Critical 9.8 No No RCE
CVE-2026-50382 DirectX Graphics Kernel Remote Code Execution Vulnerability Critical 8.8 No No RCE
CVE-2026-41106 ** Microsoft 365 Copilot Elevation of Privilege Vulnerability Critical 9.3 No No EoP
CVE-2026-26145 ** Microsoft Azure Synapse Elevation of Privilege Vulnerability Critical 4.8 No No EoP
CVE-2026-48561 Microsoft Copilot Remote Code Execution Vulnerability Critical 9.6 No No RCE
CVE-2026-55011 Microsoft Defender Remote Code Execution Vulnerability Critical 7.8 No No RCE
CVE-2026-55012 Microsoft Defender Remote Code Execution Vulnerability Critical 7.8 No No RCE
CVE-2026-55944 Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability Critical 9.8 No No RCE
CVE-2026-57100 ** Microsoft Entra Provisioning Service Elevation of Privilege Vulnerability Critical 9.9 No No EoP
CVE-2026-55041 Microsoft Excel Remote Code Execution Vulnerability Critical 7.8 No No RCE
CVE-2026-54998 ** Microsoft Exchange Online Elevation of Privilege Vulnerability Critical 8.8 No No EoP
CVE-2026-55008 Microsoft Exchange Server Spoofing Vulnerability Critical 9.6 No No Spoofing
CVE-2026-54992 Microsoft Message Queuing Queue Manager Remote Code Execution Vulnerability Critical 8.4 No No RCE
CVE-2026-50314 Microsoft Office Remote Code Execution Vulnerability Critical 7.8 No No RCE
CVE-2026-50467 Microsoft Office Remote Code Execution Vulnerability Critical 7.8 No No RCE
CVE-2026-55018 Microsoft Office Remote Code Execution Vulnerability Critical 7.8 No No RCE
CVE-2026-55022 Microsoft Office Remote Code Execution Vulnerability Critical 7.8 No No RCE
CVE-2026-55045 Microsoft Office Remote Code Execution Vulnerability Critical 8.4 No No RCE
CVE-2026-55049 Microsoft Office Remote Code Execution Vulnerability Critical 7.8 No No RCE
CVE-2026-55129 Microsoft Office Remote Code Execution Vulnerability Critical 7.8 No No RCE
CVE-2026-55056 Microsoft Office Remote Code Execution Vulnerability Critical 7.8 No No RCE
CVE-2026-55140 Microsoft Office Remote Code Execution Vulnerability Critical 7.8 No No RCE
CVE-2026-55043 Microsoft PowerPoint Remote Code Execution Vulnerability Critical 7.8 No No RCE
CVE-2026-55123 Microsoft PowerPoint Remote Code Execution Vulnerability Critical 7.8 No No RCE
CVE-2026-55120 Microsoft PowerPoint Remote Code Execution Vulnerability Critical 7.8 No No RCE
CVE-2026-50522 Microsoft SharePoint Remote Code Execution Vulnerability Critical 9.8 No No RCE
CVE-2026-58644 Microsoft SharePoint Remote Code Execution Vulnerability Critical 9.8 No No RCE
CVE-2026-55040 Microsoft SharePoint Server Security Feature Bypass Vulnerability Critical 9.1 No No SFB
CVE-2026-54117 Microsoft SQL Server Remote Code Execution Vulnerability Critical 8.8 No No RCE
CVE-2026-54118 Microsoft SQL Server Remote Code Execution Vulnerability Critical 8.8 No No RCE
CVE-2026-50655 Microsoft Windows Media Foundation Remote Code Execution Vulnerability Critical 7.8 No No RCE
CVE-2026-56189 Microsoft Windows Media Foundation Remote Code Execution Vulnerability Critical 7.8 No No RCE
CVE-2026-57090 Microsoft Windows Media Foundation Remote Code Execution Vulnerability Critical 8.8 No No RCE
CVE-2026-57094 Microsoft Windows Media Foundation Remote Code Execution Vulnerability Critical 8.8 No No RCE
CVE-2026-57087 Microsoft Windows Media Foundation Remote Code Execution Vulnerability Critical 8.8 No No RCE
CVE-2026-57092 Microsoft Windows VMSwitch Elevation of Privilege Vulnerability Critical 9.9 No No EoP
CVE-2026-55033 Microsoft Word Remote Code Execution Vulnerability Critical 7.8 No No RCE
CVE-2026-55127 Microsoft Word Remote Code Execution Vulnerability Critical 7.8 No No RCE
CVE-2026-55132 Microsoft Word Remote Code Execution Vulnerability Critical 7.8 No No RCE
CVE-2026-55010 Minecraft Bedrock Dedicated Server Remote Code Execution Vulnerability Critical 9.8 No No RCE
CVE-2026-50474 Remote Desktop Client Remote Code Execution Vulnerability Critical 8.8 No No RCE
CVE-2026-49164 Windows Active Directory Domain Services Remote Code Execution Vulnerability Critical 8.1 No No RCE
CVE-2026-54128 Windows DHCP Client Remote Code Execution Vulnerability Critical 8.4 No No RCE
CVE-2026-50518 Windows DHCP Server Remote Code Execution Vulnerability Critical 9.8 No No RCE
CVE-2026-49796 Windows GDI+ Remote Code Execution Vulnerability Critical 7.8 No No RCE
CVE-2026-50380 Windows GDI+ Remote Code Execution Vulnerability Critical 9.6 No No RCE
CVE-2026-54127 Windows Hyper-V Elevation of Privilege Vulnerability Critical 7.4 No No EoP
CVE-2026-50680 Windows Hyper-V Elevation of Privilege Vulnerability Critical 8.2 No No EoP
CVE-2026-50327 Windows Media Remote Code Execution Vulnerability Critical 7.8 No No RCE
CVE-2026-58542 Windows Media Remote Code Execution Vulnerability Critical 7.8 No No RCE
CVE-2026-58608 Windows Print Spooler Remote Code Execution Vulnerability Critical 8.8 No No RCE
CVE-2026-54982 Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability Critical 8.8 No No RCE
CVE-2026-54995 Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability Critical 8.1 No No RCE
CVE-2026-42982 Windows Secure Kernel Mode Elevation of Privilege Vulnerability Critical 7.8 No No EoP
CVE-2026-50392 Windows Secure Kernel Mode Elevation of Privilege Vulnerability Critical 7 No No EoP
CVE-2026-50694 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability Critical 8.1 No No RCE
CVE-2026-56188 Windows Server Network driver Remote Code Execution Vulnerability Critical 9.8 No No RCE
CVE-2026-50444 Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability Critical 8.8 No No EoP
CVE-2026-54999 Windows TCP/IP Remote Code Execution Vulnerability Critical 8.8 No No RCE
CVE-2026-47302 .NET Denial of Service Vulnerability Important 7.5 No No DoS
CVE-2026-50525 .NET Denial of Service Vulnerability Important 7.5 No No DoS
CVE-2026-50651 .NET Denial of Service Vulnerability Important 7.5 No No DoS
CVE-2026-57108 .NET Denial of Service Vulnerability Important 7.5 No No DoS
CVE-2026-50524 .NET Framework Denial of Service Vulnerability Important 7.5 No No DoS
CVE-2026-50527 .NET Framework Denial of Service Vulnerability Important 7.5 No No DoS
CVE-2026-50648 .NET Framework Denial of Service Vulnerability Important 7.5 No No DoS
CVE-2026-50650 .NET Framework Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-50646 .NET Framework Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2026-50649 .NET Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2026-47304 .NET Security Feature Bypass Vulnerability Important 8.1 No No SFB
CVE-2026-50528 .NET Security Feature Bypass Vulnerability Important 8.2 No No SFB
CVE-2026-50659 .NET Spoofing Vulnerability Important 6.5 No No Spoofing
CVE-2026-50526 .NET Tampering Vulnerability Important 7 No No Tampering
CVE-2026-50682 Active Directory Denial of Service Vulnerability Important 7.1 No No DoS
CVE-2026-55001 Active Directory Domain Services Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-50647 Active Directory Federation Server Denial of Service Vulnerability Important 7.5 No No DoS
CVE-2026-50684 Active Directory Federation Server Spoofing Vulnerability Important 4.8 No No Spoofing
CVE-2026-56170 ASP.NET Core Denial of Service Vulnerability Important 7.5 No No DoS
CVE-2026-47300 ASP.NET Core Elevation of Privilege Vulnerability Important 8.8 No No EoP
CVE-2026-47303 ASP.NET Core Elevation of Privilege Vulnerability Important 8.8 No No EoP
CVE-2026-50652 Azure Active Directory Denial of Service Vulnerability Important 7.5 No No DoS
CVE-2026-50653 Azure Active Directory Denial of Service Vulnerability Important 7.5 No No DoS
CVE-2026-57969 Azure CycleCloud Elevation of Privilege Vulnerability Important 8.8 No No EoP
CVE-2026-58279 Azure CycleCloud Elevation of Privilege Vulnerability Important 6.5 No No EoP
CVE-2026-47632 Azure Monitor Agent Metrics Extension Elevation of Privilege Vulnerability Important 8.8 No No EoP
CVE-2026-50338 Azure Spring Apps Elevation of Privilege Vulnerability Important 8.2 No No EoP
CVE-2026-50488 Clipboard User Service Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-50491 Code Integrity DLL (ci.dll) Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2026-50381 Composite Image File System driver (cimfs.sys) Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2026-50427 Content Delivery Manager Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-50692 Desktop Window Manager Elevation of Privilege Vulnerability Important 8.8 No No EoP
CVE-2026-58633 Desktop Window Manager Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-58634 Desktop Window Manager Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-50296 DirectX Graphics Kernel Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2026-50375 DirectX Graphics Kernel Elevation of Privilege Vulnerability Important 6.3 No No EoP
CVE-2026-50353 DirectX Graphics Kernel Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-50493 DirectX Graphics Kernel Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-56643 DirectX Graphics Kernel Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-56644 DirectX Graphics Kernel Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-58629 DirectX Graphics Kernel Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2026-49174 DNS Client Tampering Vulnerability Important 6.1 No No Tampering
CVE-2026-50495 DNS Client Tampering Vulnerability Important 6.1 No No Tampering
CVE-2026-57088 Extensible Storage Engine (ESENT) Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-50663 Game: Age of Empires II: Definitive Edition Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2026-47282 GitHub Copilot and Visual Studio Code Information Disclosure Vulnerability Important 6.5 No No Info
CVE-2026-41109 GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability Important 8.8 No No SFB
CVE-2026-50510 GitHub Copilot Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2026-49787 HTTP.sys Denial of Service Vulnerability Important 7.5 No No DoS
CVE-2026-50420 HTTP.sys Information Disclosure Vulnerability Important 6.2 No No Info
CVE-2026-49788 HTTP/2 Denial of Service Vulnerability Important 7.5 No No DoS
CVE-2026-50696 Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability Important 7.5 No No DoS
CVE-2026-58617 M365 Copilot for iOS Elevation of Privilege Vulnerability Important 8.1 No No EoP
CVE-2026-58595 Microsoft Bing App for IOS Spoofing Vulnerability Important 8.1 No No Spoofing
CVE-2026-49162 Microsoft Brokering File System Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2026-50305 Microsoft Brokering File System Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-50361 Microsoft Brokering File System Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-50466 Microsoft Brokering File System Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-50458 Microsoft Brokering File System Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-50658 Microsoft Defender for Endpoint for Mac Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2026-56178 Microsoft Defender for Endpoint for Mac Elevation of Privilege Vulnerability Important 5.5 No No EoP
CVE-2026-50657 Microsoft Defender for Endpoint for Mac Information Disclosure Vulnerability Important 4.7 No No Info
CVE-2026-50329 Microsoft DWM Core Library Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-58541 Microsoft DWM Core Library Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-58596 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Important 8.3 No No EoP
CVE-2026-57991 Microsoft Edge (Chromium-based) Information Disclosure Vulnerability Important 7.4 No No Info
CVE-2026-58291 Microsoft Edge (Chromium-based) Information Disclosure Vulnerability Important 6.1 No No Info
CVE-2026-57981 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2026-57984 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Important 7.5 No No RCE
CVE-2026-57985 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Important 7.6 No No RCE
CVE-2026-57986 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Important 7.5 No No RCE
CVE-2026-57988 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Important 7.1 No No RCE
CVE-2026-57992 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Important 7.5 No No RCE
CVE-2026-58276 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Important 7.5 No No RCE
CVE-2026-56645 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2026-57974 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2026-57975 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Important 7.5 No No RCE
CVE-2026-58281 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Important 8.3 No No RCE
CVE-2026-58284 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Important 8.3 No No RCE
CVE-2026-58285 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Important 8.3 No No RCE
CVE-2026-58287 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Important 8.3 No No RCE
CVE-2026-58288 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Important 8.3 No No RCE
CVE-2026-58289 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Important 9 No No RCE
CVE-2026-58290 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Important 7.5 No No RCE
CVE-2026-58292 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Important 7.5 No No RCE
CVE-2026-58293 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Important 8.1 No No RCE
CVE-2026-58294 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Important 7.5 No No RCE
CVE-2026-57983 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability Important 8.7 No No SFB
CVE-2026-58295 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability Important 8.3 No No SFB
CVE-2026-58525 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability Important 8.2 No No SFB
CVE-2026-57987 Microsoft Edge (Chromium-based) Spoofing Vulnerability Important 6.5 No No Spoofing
CVE-2026-58278 Microsoft Edge (Chromium-based) Spoofing Vulnerability Important 5.4 No No Spoofing
CVE-2026-56646 Microsoft Edge (Chromium-based) Spoofing Vulnerability Important 6.5 No No Spoofing
CVE-2026-57977 Microsoft Edge (Chromium-based) Spoofing Vulnerability Important 7.1 No No Spoofing
CVE-2026-57993 Microsoft Edge (Chromium-based) Spoofing Vulnerability Important 7.4 No No Spoofing
CVE-2026-58282 Microsoft Edge (Chromium-based) Spoofing Vulnerability Important 8.1 No No Spoofing
CVE-2026-58283 Microsoft Edge (Chromium-based) Spoofing Vulnerability Important 8.1 No No Spoofing
CVE-2026-58286 Microsoft Edge (Chromium-based) Spoofing Vulnerability Important 8.1 No No Spoofing
CVE-2026-58298 Microsoft Edge (Chromium-based) Spoofing Vulnerability Important 7.2 No No Spoofing
CVE-2026-58524 Microsoft Edge (Chromium-based) Spoofing Vulnerability Important 5.4 No No Spoofing
CVE-2026-58296 Microsoft Edge for Android Information Disclosure Vulnerability Important 7.1 No No Info
CVE-2026-58297 Microsoft Edge for Android Information Disclosure Vulnerability Important 7.1 No No Info
CVE-2026-58300 Microsoft Edge for Android Information Disclosure Vulnerability Important 6.2 No No Info
CVE-2026-58522 Microsoft Edge for Android Information Disclosure Vulnerability Important 6.8 No No Info
CVE-2026-58299 Microsoft Edge for Android Remote Code Execution Vulnerability Important 7.5 No No RCE
CVE-2026-58523 Microsoft Edge for Android Security Feature Bypass Vulnerability Important 6.5 No No SFB
CVE-2026-50678 Microsoft Excel Information Disclosure Vulnerability Important 6.6 No No Info
CVE-2026-54988 Microsoft Excel Information Disclosure Vulnerability Important 6.1 No No Info
CVE-2026-48580 Microsoft Excel Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2026-50408 Microsoft Excel Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2026-55046 Microsoft Excel Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2026-55138 Microsoft Excel Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2026-55054 Microsoft Excel Information Disclosure Vulnerability Important 6.5 No No Info
CVE-2026-55122 Microsoft Excel Information Disclosure Vulnerability Important 7.1 No No Info
CVE-2026-55898 Microsoft Excel Information Disclosure Vulnerability Important 6.1 No No Info
CVE-2026-50675 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2026-55899 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2026-55948 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2026-58618 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2026-47642 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2026-55024 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2026-55025 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2026-55031 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2026-55048 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2026-55029 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2026-55039 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2026-55136 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2026-55141 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2026-55036 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2026-55044 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2026-55037 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2026-55058 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2026-55137 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2026-55053 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2026-55131 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2026-54131 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2026-55947 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2026-55949 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2026-56156 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2026-55006 Microsoft Exchange Server Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-55009 Microsoft Exchange Server Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-55005 Microsoft Exchange Server Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2026-56642 Microsoft Fabric Data Warehouse Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2026-50343 Microsoft Install Service Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-50439 Microsoft Message Queuing Queue Manager Remote Code Execution Vulnerability Important 8.1 No No RCE
CVE-2026-58537 Microsoft NAT Helper Components (ipnathlp.dll) Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-56193 Microsoft Office Information Disclosure Vulnerability Important 7.1 No No Info
CVE-2026-55023 Microsoft Office Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2026-55026 Microsoft Office Information Disclosure Vulnerability Important 6.2 No No Info
CVE-2026-55027 Microsoft Office Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2026-55028 Microsoft Office Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2026-55047 Microsoft Office Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2026-55035 Microsoft Office Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2026-55057 Microsoft Office Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2026-55121 Microsoft Office Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2026-55042 Microsoft Office Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2026-55139 Microsoft Office Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2026-50665 Microsoft Office Information Disclosure Vulnerability Important 7.8 No No Info
CVE-2026-56192 Microsoft Office Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2026-56195 Microsoft Office Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2026-47290 Microsoft Office Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2026-50301 Microsoft Office Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2026-55017 Microsoft Office Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2026-55125 Microsoft Office Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2026-55133 Microsoft OneNote Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2026-58636 Microsoft PC Manager Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-50438 Microsoft PC Manager Elevation of Privilege Vulnerability Important 8.8 No No EoP
CVE-2026-58647 Microsoft PowerBI Report Server Spoofing Vulnerability Important 8 No No Spoofing
CVE-2026-55052 Microsoft SharePoint Elevation of Privilege Vulnerability Important 8.8 No No EoP
CVE-2026-58277 Microsoft SharePoint Elevation of Privilege Vulnerability Important 8.8 No No EoP
CVE-2026-55051 Microsoft SharePoint Server Information Disclosure Vulnerability Important 6.5 No No Info
CVE-2026-54108 Microsoft SharePoint Server Spoofing Vulnerability Important 6.5 No No Spoofing
CVE-2026-55016 Microsoft SharePoint Server Spoofing Vulnerability Important 4.6 No No Spoofing
CVE-2026-55019 Microsoft SharePoint Server Spoofing Vulnerability Important 4.6 No No Spoofing
CVE-2026-55020 Microsoft SharePoint Server Spoofing Vulnerability Important 4.6 No No Spoofing
CVE-2026-55021 Microsoft SharePoint Server Spoofing Vulnerability Important 7.3 No No Spoofing
CVE-2026-55030 Microsoft SharePoint Server Spoofing Vulnerability Important 4.6 No No Spoofing
CVE-2026-55034 Microsoft SharePoint Server Spoofing Vulnerability Important 7.3 No No Spoofing
CVE-2026-55126 Microsoft SharePoint Server Spoofing Vulnerability Important 7.3 No No Spoofing
CVE-2026-55135 Microsoft SharePoint Server Spoofing Vulnerability Important 4.6 No No Spoofing
CVE-2026-56157 Microsoft SharePoint Server Spoofing Vulnerability Important 5.4 No No Spoofing
CVE-2026-47296 Microsoft SQL Server Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-55002 Microsoft SQL Server Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-47295 Microsoft SQL Server Elevation of Privilege Vulnerability Important 8.8 No No EoP
CVE-2026-50468 Microsoft SQL Server Information Disclosure Vulnerability Important 6.5 No No Info
CVE-2026-54116 Microsoft SQL Server Information Disclosure Vulnerability Important 6.5 No No Info
CVE-2026-42900 Microsoft Windows App Store Elevation of Privilege Vulnerability Important 8.1 No No EoP
CVE-2026-49784 Microsoft Windows App Store Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2026-50356 Microsoft Windows App Store Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2026-49165 Microsoft Windows App Store Information Disclosure Vulnerability Important 7.1 No No Info
CVE-2026-54993 Microsoft Windows Media Foundation Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2026-58610 Microsoft Windows Media Foundation Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2026-55050 Microsoft Word Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2026-55124 Microsoft Word Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2026-55142 Microsoft Word Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2026-55032 Microsoft Word Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2026-55055 Microsoft Word Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2026-55038 Microsoft Word Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2026-55134 Microsoft Word Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2026-55128 Microsoft Word Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2026-55130 Microsoft Word Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2026-50359 Microsoft XML Core Services Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2026-57097 Microsoft XML Security Feature Bypass Vulnerability Important 6.4 No No SFB
CVE-2026-50346 Netlogon RPC Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-50402 NTFS Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-50506 OData for ASP.NET and ASP.NET Core Denial of Service Vulnerability Important 7.5 No No DoS
CVE-2026-45646 OData for ASP.NET and ASP.NET Core Denial of Service Vulnerability Important 7.5 No No DoS
CVE-2026-54989 Quality Windows Audio/Video Experience (QWAVE) Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2026-50365 Remote Access Management service/API (RPC server) Elevation of Privilege Vulnerability Important 8 No No EoP
CVE-2026-54990 Remote Desktop Client Remote Code Execution Vulnerability Important 9.8 No No RCE
CVE-2026-58594 Remote Desktop Client Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2026-56190 Remote Desktop Protocol Remote Code Execution Vulnerability Important 9.8 No No RCE
CVE-2026-49783 Secure Boot Security Feature Bypass Vulnerability Important 7.8 No No SFB
CVE-2026-42990 SQL Server ODBC driver Elevation of Privilege Vulnerability Important 9.8 No No EoP
CVE-2026-49168 Storage Spaces Direct Elevation of Privilege Vulnerability Important 6.2 No No EoP
CVE-2026-48581 Surface Broker SDMA Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-49180 Universal Plug and Play (upnp.dll) Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2026-50455 Universal Plug and Play (upnp.dll) Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2026-54111 Universal Print Management Service Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2026-58543 Universal Print Management Service Elevation of Privilege Vulnerability Important 6.3 No No EoP
CVE-2026-58601 Virtual Hard Disk (VHD) Miniport Driver Elevation of Privilege Vulernability Important 7.8 No No EoP
CVE-2026-50520 Visual Studio Code Remote Code Execution Vulnerability Important 8.4 No No RCE
CVE-2026-45496 Visual Studio Code Security Feature Bypass Vulnerability Important 5.5 No No SFB
CVE-2026-57101 Visual Studio Code Security Feature Bypass Vulnerability Important 7.1 No No SFB
CVE-2026-57102 Visual Studio Code Security Feature Bypass Vulnerability Important 8.8 No No SFB
CVE-2026-47305 Visual Studio Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2026-49805 Win32k Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2026-50297 Win32k Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2026-50325 Win32k Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2026-50489 Win32k Elevation of Privilege Vulnerability Important 8.8 No No EoP
CVE-2026-57095 Win32k Elevation of Privilege Vulnerability Important 6.2 No No EoP
CVE-2026-50416 Win32k Information Disclosure Vulnerability Important 3.3 No No Info
CVE-2026-56184 Win32k Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2026-50432 Window Virtual Filtering Platform (VFP) Denial of Service Vulnerability Important 5.3 No No DoS
CVE-2026-54119 Windows Active Directory Denial of Service Vulnerability Important 7.5 No No DoS
CVE-2026-57976 Windows Active Directory Domain Services Denial of Service Vulnerability Important 6.5 No No DoS
CVE-2026-50366 Windows Active Directory Domain Services Denial of Service Vulnerability Important 6.5 No No DoS
CVE-2026-49178 Windows Active Directory Domain Services Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2026-58529 Windows Active Directory Federation Services (ADFS) Information Disclosure Vulnerability Important 7.1 No No Info
CVE-2026-54983 Windows Active Directory Federation Services Denial of Service Vulnerability Important 7.5 No No DoS
CVE-2026-50695 Windows Active Directory Federation Services Denial of Service Vulnerability Important 7.5 No No DoS
CVE-2026-50304 Windows Active Directory Federation Services Denial of Service Vulnerability Important 7.5 No No DoS
CVE-2026-50368 Windows Active Directory Federation Services Denial of Service Vulnerability Important 7.5 No No DoS
CVE-2026-50324 Windows Active Directory Federation Services Denial of Service Vulnerability Important 5.9 No No DoS
CVE-2026-50355 Windows Active Directory Federation Services Denial of Service Vulnerability Important 7.5 No No DoS
CVE-2026-50411 Windows Active Directory Federation Services Denial of Service Vulnerability Important 7.5 No No DoS
CVE-2026-58631 Windows Admin Center (WAC) Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2026-56196 Windows Admin Center (WAC) Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2026-56197 Windows Admin Center (WAC) Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2026-56169 Windows Admin Center Elevation of Privilege Vulnerability Important 8.1 No No EoP
CVE-2026-57107 Windows Admin Center Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-56185 Windows Admin Center Information Disclosure Vulnerability Important 6.5 No No Info
CVE-2026-50312 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Important 4.7 No No EoP
CVE-2026-50462 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-57093 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2026-34346 Windows Ancillary Function Driver for WinSock Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2026-48572 Windows App Package Installer Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2026-48571 Windows App Package Installer Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2026-50400 Windows App Package Installer Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-50331 Windows Application Model Core API Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-49803 Windows AppX Deployment Extensions Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2026-50351 Windows Audio Compression Manager (ACM) Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-50440 Windows Audio Service Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-34328 Windows Audio Service Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2026-50406 Windows Backup Engine Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2026-50364 Windows Backup Service Elevation of Privilege Vulnerability Important 7.3 No No EoP
CVE-2026-42975 Windows Bluetooth Port Driver Remote Code Execution Important 8 No No RCE
CVE-2026-58538 Windows Bluetooth Service Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-58638 Windows Boot Loader Security Feature Bypass Vulnerability Important 6 No No SFB
CVE-2026-58637 Windows Client-Side Caching Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2026-50384 Windows Clip Service Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2026-49183 Windows Clipboard Server Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2026-50689 Windows Clipboard Server Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-50374 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Important 6.3 No No EoP
CVE-2026-58536 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-58613 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-50401 Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2026-50697 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-50667 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-50421 Windows Connected User Experiences and Telemetry Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-50428 Windows Container Isolation FS Filter Driver (unionfs.sys) Information Disclosure Vulnerability Important 7.1 No No Info
CVE-2026-50352 Windows Cryptographic Services Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2026-50302 Windows Cryptographic Services Security Feature Bypass Vulnerability Important 4.2 No No SFB
CVE-2026-55144 Windows Cryptography API: Next Generation (CNG) Tampering Vulnerability Important 7.1 No No Tampering
CVE-2026-50347 Windows Data.dll Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2026-49181 Windows DHCP Client Elevation of Privilege Vulnerability Important 7.5 No No EoP
CVE-2026-50683 Windows DHCP Client Elevation of Privilege Vulnerability Important 8 No No EoP
CVE-2026-58627 Windows DHCP Server Denial of Service Vulnerability Important 7.5 No No DoS
CVE-2026-50685 Windows DHCP Server Remote Code Execution Vulnerability Important 7.5 No No RCE
CVE-2026-49807 Windows DirectX Information Disclosure Vulnerability Important 6.2 No No Info
CVE-2026-49175 Windows DNS Client Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-50487 Windows DNS Client Elevation of Privilege Vulnerability Important 8.1 No No EoP
CVE-2026-50465 Windows DNS Client Tampering Vulnerability Important 7.1 No No Tampering
CVE-2026-49169 Windows DNS Server Remote Code Execution Vulnerability Important 8 No No RCE
CVE-2026-50426 Windows DNS Server Remote Code Execution Vulnerability Important 6.8 No No RCE
CVE-2026-50424 Windows Domain Controller Denial of Service Vulnerability Important 7.5 No No DoS
CVE-2026-50300 Windows DWM Core Library Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2026-50437 Windows DWM Core Library Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2026-34348 Windows Event Logging Service Information Disclosure Vulnerability Important 6.5 No No Info
CVE-2026-50502 Windows Event Logging Service Remote Code Execution Vulnerability Important 8 No No RCE
CVE-2026-33842 Windows File Explorer Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2026-40422 Windows File Explorer Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2026-41087 Windows File Explorer Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2026-50473 Windows File Explorer Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2026-50442 Windows File Explorer Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2026-50389 Windows File Explorer Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2026-50456 Windows File Explorer Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2026-57084 Windows File Explorer Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2026-57091 Windows File History Service Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-50405 Windows Filtering Platform Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-49172 Windows FTP Service Remote Code Execution Vulnerability Important 9.8 No No RCE
CVE-2026-50387 Windows GDI Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-54122 Windows GDI+ Remote Code Execution Vulnerability Important 8.4 No No RCE
CVE-2026-50483 Windows Graphics Component Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2026-58609 Windows Graphics Component Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2026-50391 Windows Group Policy Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-50310 Windows Human Interface Device Information Disclosure Vulnerability Important 4.7 No No Info
CVE-2026-50485 Windows Hyper-V Denial of Service Vulnerability Important 4.5 No No DoS
CVE-2026-54129 Windows Hyper-V Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2026-50315 Windows Image Acquisition Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-58534 Windows Input Method Editor (IME) Elevation of Privilege Vulnerability Important 8.8 No No EoP
CVE-2026-50490 Windows Installer Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2026-58540 Windows Installer Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-50425 Windows Internal System User Profile Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-50293 Windows Internal Task Bar Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-49167 Windows Kernel Elevation of Privilege Vulnerability Important 4.7 No No EoP
CVE-2026-49173 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-54132 Windows Kernel Elevation of Privilege Vulnerability Important 6.8 No No EoP
CVE-2026-49795 Windows Kernel Elevation of Privilege Vulnerability Important 8.8 No No EoP
CVE-2026-49798 Windows Kernel Elevation of Privilege Vulnerability Important 9.3 No No EoP
CVE-2026-49808 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-50354 Windows Kernel Elevation of Privilege Vulnerability Important 7.1 No No EoP
CVE-2026-50332 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-50377 Windows Kernel Elevation of Privilege Vulnerability Important 5.5 No No EoP
CVE-2026-50390 Windows Kernel Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2026-50423 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-50397 Windows Kernel Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2026-50436 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-50399 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-50459 Windows Kernel Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2026-50477 Windows Kernel Elevation of Privilege Vulnerability Important 8.8 No No EoP
CVE-2026-50478 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-50484 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-50673 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-58532 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-50294 Windows Kernel Information Disclosure Vulnerability Important 6.2 No No Info
CVE-2026-50316 Windows Kernel Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2026-50419 Windows Kernel Information Disclosure Vulnerability Important 3.3 No No Info
CVE-2026-50463 Windows Kernel Information Disclosure Vulnerability Important 7.5 No No Info
CVE-2026-50475 Windows Kernel Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2026-50429 Windows Kernel Information Disclosure Vulnerability Important 8.2 No No Info
CVE-2026-58614 Windows Kernel Security Feature Bypass Vulnerability Important 5.5 No No SFB
CVE-2026-58545 Windows Kernel Security Feature Bypass Vulnerability Important 5.5 No No SFB
CVE-2026-58602 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-50393 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2026-50396 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2026-50378 Windows Key Guard Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-50303 Windows Key Guard Security Feature Bypass Vulnerability Important 5.5 No No SFB
CVE-2026-40378 Windows Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability Important 7.5 No No DoS
CVE-2026-49799 Windows Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability Important 6.5 No No DoS
CVE-2026-50371 Windows LUA File Virtualization Filter Driver Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2026-58544 Windows Management Services Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2026-50404 Windows Media Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2026-50358 Windows Media Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2026-50336 Windows Media Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-50398 Windows Media Elevation of Privilege Vulnerability Important 8.8 No No EoP
CVE-2026-50414 Windows Media Elevation of Privilege Vulnerability Important 7.5 No No EoP
CVE-2026-50379 Windows Media Elevation of Privilege Vulnerability Important 7.5 No No EoP
CVE-2026-50433 Windows Media Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-50676 Windows Media Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-50677 Windows Media Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-34349 Windows Media Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2026-50394 Windows Media Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2026-50415 Windows Media Information Disclosure Vulnerability Important 5.3 No No Info
CVE-2026-57083 Windows Media Photo Codec Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2026-54115 Windows Message Queuing (MSMQ) Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-50447 Windows Message Queuing Service (MSMQ) Remote Code Execution Vulnerability Important 9.8 No No RCE
CVE-2026-50505 Windows Message Queuing Service (MSMQ) Remote Code Execution Vulnerability Important 7.5 No No RCE
CVE-2026-50342 Windows MIDI Service Module Elevation of Privileges Vulnerability Important 8.8 No No EoP
CVE-2026-56183 Windows MIDI Service Module Elevation of Privileges Vulnerability Important 7 No No EoP
CVE-2026-56187 Windows MIDI Service Module Elevation of Privileges Vulnerability Important 7 No No EoP
CVE-2026-58635 Windows Narrator Braille Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-50500 Windows Netlogon Elevation of Privilege Vulnerability Important 7.5 No No EoP
CVE-2026-50476 Windows Network Connections Service Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-50450 Windows Network Connections Service Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-56650 Windows Network File System Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-56649 Windows Network File System Remote Code Execution Vulnerability Important 5.9 No No RCE
CVE-2026-50470 Windows Network Policy Server SNMP Information Disclosure Vulnerability Important 7.5 No No Info
CVE-2026-50496 Windows Network Policy Server SNMP Information Disclosure Vulnerability Important 7.5 No No Info
CVE-2026-56194 Windows NFS Server Elevation of Privilege Vulnerability Important 8.8 No No EoP
CVE-2026-56648 Windows NFS Server Elevation of Privilege Vulnerability Important 7.5 No No EoP
CVE-2026-50337 Windows Notification Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-49789 Windows NTFS Elevation of Privilege Vulnerability Important 7.3 No No EoP
CVE-2026-50412 Windows NTFS Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-50422 Windows NTFS Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-50672 Windows NTFS Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2026-56175 Windows NTFS Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-56182 Windows NTFS Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-50341 Windows NTFS Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2026-58640 Windows NTFS Remote Code Execution Vulnerability Important 7.3 No No RCE
CVE-2026-49184 Windows NTFS Remote Code Execution Vulnerability Important 8.4 No No RCE
CVE-2026-49797 Windows NTFS Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2026-50308 Windows NTFS Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2026-50386 Windows NTFS Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2026-50309 Windows NTFS Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2026-50313 Windows NTFS Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2026-50388 Windows NTFS Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2026-50448 Windows NTFS Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2026-50471 Windows NTFS Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2026-50461 Windows NTFS Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2026-50417 Windows NTFS Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2026-50482 Windows NTFS Remote Code Execution Vulnerability Important 7.3 No No RCE
CVE-2026-50494 Windows NTFS Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2026-50344 Windows OLE Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-50686 Windows OLE Remote Code Execution Vulnerability Important 8.1 No No RCE
CVE-2026-50335 Windows Operating Systems Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-50317 Windows Operating Systems Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-54987 Windows Overlay Filter Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-50435 Windows Overlay Filter Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-50409 Windows Overlay Filter Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2026-40400 Windows PowerShell Remote Code Execution Vulnerability Important 8 No No RCE
CVE-2026-49166 Windows Print Configuration Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-55004 Windows Print Configuration Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-50499 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-50383 Windows Print Spooler Information Disclosure Vulnerability Important 6.1 No No Info
CVE-2026-57085 Windows Print Spooler Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2026-50469 Windows Projected File System Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-50434 Windows Push Notification Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2026-50339 Windows Push Notification Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2026-50430 Windows Push Notification Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2026-50334 Windows Push Notification Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2026-44800 Windows Push Notifications Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-50363 Windows Push Notifications Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-50431 Windows Quality of Service (QoS) Packet Scheduler Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2026-50372 Windows Redirected Drive Buffering System Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2026-50666 Windows Remote Access Elevation of Privilege Vulnerability Important 8.8 No No EoP
CVE-2026-56647 Windows Remote Access Service Infrastructure Elevation of Privilege Vulnerability Important 8.8 No No EoP
CVE-2026-50330 Windows Remote Desktop Client Elevation of Privilege Vulnerability Important 7.5 No No EoP
CVE-2026-50376 Windows Remote Desktop Client Information Disclosure Vulnerability Important 6.5 No No Info
CVE-2026-50504 Windows Remote Desktop Client Information Disclosure Vulnerability Important 6.5 No No Info
CVE-2026-58533 Windows Remote Desktop Client Information Disclosure Vulnerability Important 6.5 No No Info
CVE-2026-58535 Windows Remote Desktop Client Information Disclosure Vulnerability Important 6.5 No No Info
CVE-2026-58546 Windows Remote Desktop Client Information Disclosure Vulnerability Important 6.5 No No Info
CVE-2026-58539 Windows Remote Desktop Client Information Disclosure Vulnerability Important 6.5 No No Info
CVE-2026-55003 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability Important 6.5 No No Info
CVE-2026-57979 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability Important 6.5 No No Info
CVE-2026-50445 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability Important 6.5 No No Info
CVE-2026-50497 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability Important 6.5 No No Info
CVE-2026-54126 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability Important 6.5 No No Info
CVE-2026-57982 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability Important 6.5 No No Info
CVE-2026-50369 Windows Remote Desktop Services Elevation of Privilege Vulnerability Important 8.8 No No EoP
CVE-2026-58626 Windows Remote Desktop Services Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2026-55014 Windows Remote Help Defense Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-50318 Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-50407 Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-50357 Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-50441 Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-50668 Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability Important 6.8 No No EoP
CVE-2026-54109 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2026-49792 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2026-49793 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2026-50362 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2026-50492 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability Important 6.8 No No RCE
CVE-2026-50501 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2026-58530 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2026-49791 Windows Routing and Remote Access Service (RRAS) Elevation of Privilege Vulnerability Important 7.1 No No EoP
CVE-2026-50451 Windows Routing and Remote Access Service (RRAS) Elevation of Privilege Vulnerability Important 7.1 No No EoP
CVE-2026-57096 Windows Routing and Remote Access Service (RRAS) Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-50323 Windows Runtime Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2026-50452 Windows Runtime Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2026-50348 Windows Runtime Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2026-50345 Windows Runtime Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2026-50322 Windows Runtime Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2026-50340 Windows Runtime Elevation of Privilege Vulnerability Important 8.5 No No EoP
CVE-2026-50410 Windows Runtime Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2026-50449 Windows Runtime Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2026-50460 Windows Runtime Elevation of Privilege Vulnerability Important 8.1 No No EoP
CVE-2026-50403 Windows Runtime Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2026-50385 Windows Runtime Elevation of Privilege Vulnerability Important 8.8 No No EoP
CVE-2026-50413 Windows Runtime Elevation of Privilege Vulnerability Important 8.8 No No EoP
CVE-2026-50457 Windows Runtime Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-50486 Windows Runtime Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-50503 Windows Runtime Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2026-54125 Windows Runtime Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-58527 Windows Runtime Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-50373 Windows Search Service Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-50679 Windows Search Service Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-44806 Windows Secure Channel Denial of Service Vulnerability Important 5.3 No No DoS
CVE-2026-50681 Windows Secure Channel Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2026-56186 Windows Secure Channel Information Disclosure Vulnerability Important 8.1 No No Info
CVE-2026-50367 Windows Sensor Data Service Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-58619 Windows Sensor Data Service Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2026-50311 Windows Server Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-50328 Windows Server Update Service (WSUS) Tampering Vulnerability Important 7.5 No No Tampering
CVE-2026-58531 Windows SMB Elevation of Privilege Vulnerability Important 7.5 No No EoP
CVE-2026-54997 Windows SMB Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2026-49801 Windows SMB Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2026-50690 Windows SMB Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2026-56168 Windows SMB Server Denial of Service Vulnerability Important 6.5 No No DoS
CVE-2026-50360 Windows SMB Server Elevation of Privilege Vulnerability Important 8.8 No No EoP
CVE-2026-57089 Windows SMB Server Network Transport Driver (srvnet.sys) Remote Code Execution Vulnerability Important 7.5 No No RCE
CVE-2026-50333 Windows Spaceport.sys Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-50298 Windows Spaceport.sys Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-49171 Windows Speech Runtime Elevation of Privilege Vulnerability Important 7.5 No No EoP
CVE-2026-49170 Windows StateRepository API Server file Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-58526 Windows Storage Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2026-50299 Windows Storage Spaces Direct Remote Code Execution Vulnerability Important 6.8 No No RCE
CVE-2026-57968 Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-57973 Windows Subsystem for Linux (WSL2) Kernel Tampering Vulnerability Important 6.3 No No Tampering
CVE-2026-50418 Windows System Secure Feature Bypass Vulnerability Important 5.1 No No SFB
CVE-2026-50306 Windows TCP/IP Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-50307 Windows TCP/IP Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2026-49177 Windows TCP/IP Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2026-50669 Windows Telephony Server Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2026-54124 Windows Terminal Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2026-50350 Windows Trusted Runtime Interface Driver Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2026-50326 Windows Unified Consent System Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-49790 Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability Important 7.3 No No EoP
CVE-2026-50498 Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-58547 Windows Universal Plug and Play (UPnP) Device Host Elevation of Privilege Vulnerability Important 5.5 No No EoP
CVE-2026-49794 Windows USB Audio Class Driver Information Disclosure Vulnerability Important 4.6 No No Info
CVE-2026-50453 Windows USB Audio Class Driver Information Disclosure Vulnerability Important 6.1 No No Info
CVE-2026-58528 Windows USB Audio Class Driver Information Disclosure Vulnerability Important 6.8 No No Info
CVE-2026-50321 Windows USB Driver Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-50479 Windows USB Hub Driver Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-55000 Windows USB Print Driver Elevation of Privilege Vulnerability Important 6.4 No No EoP
CVE-2026-54991 Windows USB Print Driver Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-54996 Windows USB Print Driver Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2026-49802 Windows USB Print Driver Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2026-49806 Windows USB Print Driver Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2026-50674 Windows USB Print Driver Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2026-49804 Windows USB Video Driver Elevation of Privilege Vulnerability Important 6.6 No No EoP
CVE-2026-50454 Windows User Interface Core Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-49176 Windows WalletService Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-49800 Windows Web Proxy Auto-Discovery Protocol (WPAD) Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-50480 Windows Web Proxy Auto-Discovery Protocol (WPAD) Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-56173 Windows WebView Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2026-58632 Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-54107 Windows Win32k Elevation of Privilege Vulnerability Important 8.8 No No EoP
CVE-2026-54986 Windows Win32k Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-54112 Windows Win32k Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-54114 Windows Win32k Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-50670 Windows Win32k Elevation of Privilege Vulnerability Important 8.8 No No EoP
CVE-2026-50688 Windows Win32k Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-50687 Windows Win32k Elevation of Privilege Vulnerability Important 8.8 No No EoP
CVE-2026-56176 Windows Win32k Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-58628 Windows Wireless Network Manager Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-50295 Windows Zero Trust DNS Security Feature Bypass Vulnerability Important 5.5 No No SFB
CVE-2026-50509 Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2026-55945 Microsoft Edge (Chromium-based) Information Disclosure Vulnerability Moderate 4.2 No No Info
CVE-2026-45488 Microsoft Edge (Chromium-based) Spoofing Vulnerability Moderate 5.4 No No Spoofing
CVE-2026-45489 Microsoft Edge (Chromium-based) Spoofing Vulnerability Moderate 6.5 No No Spoofing
CVE-2026-55145 Outlook Copilot Tampering Vulnerability Moderate 6.3 No No Tampering
CVE-2026-56181 Windows Network Address Translation (NAT) Spoofing Vulnerability Moderate 8.3 No No Spoofing
CVE-2026-58597 Microsoft Edge (Chromium-based) Spoofing Vulnerability Low 4.3 No No Spoofing

** Indicates this CVEs has already been resolved by Microsoft, and no further action is needed by the end user.

 

 

I’ll do my best to summarize everything else in this release, but no promises. I’m only human after all.

 

Looking at the remaining Critical-rated patches, Office is its own weather system: fourteen Word/Excel/PowerPoint/Office RCEs clustered at CVSS 7.8, plus five Windows Media Foundation RCEs. Outside of the Preview Pane attack vector, they are individually unremarkable; collectively, patch Office and reboot. Always reboot. We’ve already mentioned DHCP some, but DHCP Server can't catch a break. Beyond the one already covered, add CVE-2026-56159, CVE-2026-48564, CVE-2026-50370, and DHCP Client cousin CVE-2026-54128. Five DHCP RCEs in one release. Rounding things out, Print Spooler (CVE-2026-58608), Windows TCP/IP (CVE-2026-54999), and a SQL Server RCE pair (CVE-2026-54117/54118) all receive patches, and all are rated a CVSS 8.8. VE-2026-55944 (Dynamics NAV/Business Central On-Prem RCE, 9.8) is the same deserialization flavor as the SharePoint pair; it’s unauthenticated, network-reachable, and easy to overlook since it's not SharePoint. CVE-2026-48561 (Microsoft Copilot RCE, 9.6) and CVE-2026-50380 (Windows GDI+ RCE, 9.6) round out the near-top tier. Don't forget CVE-2026-55040, a SharePoint Security Feature Bypass (9.1) — patch it in the same pass as the SharePoint RCE pair since it's the same product family. Identity and infrastructure get hit too: CVE-2026-54121 (AD Certificate Services EoP, 8.8) and CVE-2026-50444 (WSUS EoP, 8.8). The obscure Reliable Multicast Transport Driver (RMCAST) takes two RCEs (CVE-2026-54982, CVE-2026-54995), and CVE-2026-50474 gives Remote Desktop Client its own RCE, separate from the RDP one already covered. The rest is a long tail: Defender RCE x2, GDI+ again, Windows Media x2, Secure Kernel Mode EoP x2, and a second Hyper-V EoP. You can consider these “normal” as far as patch cadence goes.

That leaves us with 95 RCE to discuss. I would explain, but there is too much, so let me sum up. CVE-2026-55944 (Dynamics NAV/Business Central On-Prem, 9.8) is the same deserialization flavor as the SharePoint pair: unauthenticated, easy to miss since it's not SharePoint. CVE-2026-54990 (Remote Desktop Client), CVE-2026-49172 (Windows FTP Service), and CVE-2026-50447 (MSMQ) all hit 9.8 too, proof severity labels lag CVSS sometimes. CVE-2026-48561 (Copilot) and CVE-2026-50380 (GDI+) sit at 9.6.

The pattern worth watching: 14 Windows NTFS and 7 ReFS RCEs/ That makes 21 filesystem-driver bugs, an unusually large cluster suggesting a shared root cause. Microsoft Edge (Chromium-based) contributes 21 more that are genuinely Microsoft's to patch, not Chromium re-listing noise. Remote Desktop Client racks up a second and third RCE (CVE-2026-50474, CVE-2026-58594), and Windows Admin Center picks up two (CVE-2026-56196/56197) — WAC exposure keeps creeping into these releases. Exchange Server (CVE-2026-55005) and AD Domain Services (CVE-2026-49178) both land at 8.8.

And because this release wouldn't be complete without it: CVE-2026-50663, an RCE in Age of Empires II: Definitive Edition. Yes, really. Patch your civilization anyway.

There are close to 260 EoP bugs in this month’s release. Microsoft could have just published the EoPs and still had a record-setting month. As usual, most simply lead to local attackers executing their code at SYSTEM-level privileges or administrative privileges, so there’s not much to add without further technical details about the bugs themselves. What’s really frustrating is that 94 have no explicit privilege statement at all. Microsoft just says “elevate privileges” with no detail. By my count, that leaves around 25 bugs to consider. Some don’t elevate at all. The FAQ literally says the attacker just gets “the rights of the user running the affected application.” That covers Win32k, Clip Service, Search Service, MSMQ, and SharePoint. A few get a Low-to-Medium integrity bump. There are also a couple that lead to downgraded service accounts or arbitrary file deletion, but nothing else I’ve seen really stands out too much.

There are 20 Security Feature Bypass (SFB) bugs this month, and it's a genuinely mixed bag. CVE-2026-55040 leads at Critical, CVSS 9.1 as it’s weak authentication in SharePoint Server. Patch it in the same pass as the SharePoint RCE pair since it's the same product. The AI-coding-tool trend continues: GitHub Copilot and Visual Studio Code and Visual Studio all land SFB bugs, mostly injection or path-traversal flavored. BitLocker is this month's lone publicly disclosed bug. It’s not exploited yet, but public disclosure is a countdown clock, not a free pass. It requires physical access, as does the bug in Microsoft XML. The firmware/boot cluster is worth a second look: Secure Boot, Boot Loader, and Key Guard all touch the trust chain below the OS. Meaning, despite a low CVSS score, “if this fails, nothing above it can be trusted” stakes. Rounding out the SFB patches, there are two .NET SFBs, two Windows Kernel SFBs, and a DNS/Cryptographic Services bringing up the rear.

The July release includes 31Spoofing bugs this month, and we’ve already covered the most important (Exchange). SharePoint Server accounts for another ten with almost all the same root cause: stored XSS letting an authenticated attacker spoof content in the browser. Microsoft Edge (Chromium-based) contributes fifteen more spanning access-control failures, SSRF, type confusion, and UI misrepresentation. All genuinely Microsoft's to patch, not re-listed Chromium noise. The remaining six round out the usual suspects: a Windows NAT spoofing bug reachable from an adjacent network, a Bing app flaw on iOS, a PowerBI Report Server XSS issue, a .NET output-encoding bug, and an AD FS spoofing flaw. None publicly disclosed, none exploited, but with SharePoint's history this year, don't let "just Spoofing" lull you into deprioritizing the patch cycle.

Of 111 Information Disclosure bugs, the overwhelming majority of these simply result in info leaks consisting of unspecified memory contents or memory addresses. GitHub Copilot is the standout. Here, the bug insufficiently protected credentials, meaning actual secrets leak, not memory scraps. The Windows Admin Center flaw discloses data via improper authentication. A management console leaking to an unauthorized party is a bigger deal than it sounds. SharePoint uses SSRF to pull data server-side, and the Event Logging Service is a protection-mechanism failure, not a memory bug at all. Edge picks up three genuinely file-system-flavored disclosures — improper authorization, files/directories accessible to external parties, and link-following — plus Edge for Android exposing “private personal information” twice and two path-traversal bugs. The remaining 40+ are mostly one-line “exposure of sensitive information to an unauthorized actor” entries scattered across File Explorer, Push Notifications, Cryptographic Services, and Win32k.

Only 8 Tampering bugs this month, the smallest bucket, but a couple stand out. The top of the list is a WSUS bug, caused by an uncaught exception that lets an unauthenticated attacker tamper with the update service over the network. That’s your patch-management infrastructure itself being the target, which always deserves extra attention. Windows CNG (the crypto API) picks up a missing-cryptographic-step flaw, and Windows DNS Client shows up three separate times across the list, twice for improper access control and once for missing authentication on a critical function. DNS resolution having this many tampering paths in one release is worth flagging as a pattern rather than three unrelated bugs. The one genuinely different entry is Outlook Copilot, described simply as vulnerable to “malicious uses” enabling tampering over the network. That’s a fantastically vague phrasing for an AI-assistant feature, continuing this year's running theme of Copilot-branded features showing up somewhere in every release. Finally, a .NET link-following bug and a WSL2 kernel race condition receive patches. Both require local/authorized access to trigger.

Still with me? Good, because we have 35 DoS bugs to cover, and this is really an identity-infrastructure story more than a grab-bag. Active Directory Federation Services alone accounts for seven of them, all sitting at CVSS 7.5, all stack-based buffer overflows or infinite loops that let an unauthenticated attacker knock the service over the network. The .NET ecosystem is the other big cluster: .NET, .NET Framework, and ASP.NET Core/OData contribute nine bugs combined, almost all “allocation of resources without limits or throttling”.  HTTP.sys and HTTP/2 pick up the same flavor. LSASS shows up twice, which is always worth a second look given what that process actually holds. Rounding out the list are patches for Windows DHCP Server, SMB Server, Secure Channel, Hyper-V, and IKE Protocol each take a single hit, mostly requiring authorized or adjacent-network access rather than being wide open to the internet.

No new advisories are being released this month.

Looking Ahead

The next Patch Tuesday will be on August 11, just after Hacker Summer Camp in sunny Las Vegas. Should I survive the heat, I’ll be back then to give you my full thoughts on the release – no matter how large it may be. Until then, stay safe, happy patching, and may all your reboots be smooth and clean!

Hero Background

Stand at the front line of proactive security

TrendAI™ ZDI connects the experts who discover, remediate, and defend.
Add your voice to the work that pushes attackers back.