INC
You must login to view this content
You must login to view this content
Well folks. Here we are. The bug apocalypse has fully descended upon us. I’ll do my best to sort this out in some way meaningful, but this month’s release shows us the nay-sayers were right, and I’ve got to hand it to the nay-sayers here. Excellent call. Take an extended break from your regularly scheduled activities as we let’s take a look at the latest security patches from Adobe and Microsoft. If you’d rather watch the full video recap covering the entire release, you can check it out here:
Adobe Patches for July 2026
Adobe has now moved to a bimonthly release schedule, which means they will be releasing patches on the second and fourth Tuesdays of the month. I’ll continue to cover the second Tuesday release here and update this blog should the fourth Tuesday release contain anything significant. I think this is a smart way to break up a monster release into something a bit more manageable. Apple has said they are taking a similar approach. We’ll see if other vendors follow their lead.
For the first part of the July release, Adobe released 12 bulletins addressing 88 unique CVEs in Adobe ColdFusion, Commerce, After Effects, Animate, Audition, Bridge, Creative Cloud Desktop Application, Experience Manager, Illustrator, Media Encoder, Premiere Pro, and the Content Credentials SDK.
Here’s this month’s overview table:
Bulletin ID Product CVE Count Highest Severity Highest CVSS Exploited Deployment Priority APSB26-82 Adobe ColdFusion 13 Critical 9.9 No 1 APSB26-73 Adobe Commerce 13 Critical 9.6 No 2 APSB26-78 Adobe After Effects 3 Critical 7.8 No 3 APSB26-83 Adobe Animate 6 Critical 8.6 No 3 APSB26-71 Adobe Audition 6 Critical 7.8 No 3 APSB26-81 Adobe Bridge 6 Critical 7.8 No 3 APSB26-77 Adobe Creative Cloud Desktop Application 2 Critical 8.1 No 3 APSB26-74 Adobe Experience Manager 13 Critical 9.6 No 3 APSB26-79 Adobe Illustrator 5 Critical 9.3 No 3 APSB26-72 Adobe Media Encoder 5 Critical 7.8 No 3 APSB26-76 Adobe Premiere Pro 4 Critical 7.8 No 3 APSB26-80 Content Credentials SDK 12 Critical 8.2 No 3 TOTAL 12 bulletins 88While nothing is under active exploit, I would prioritize the Cold Fusion and Commerce patches first. The patch for Cold Fusion even clocks in with a CVSS 9.9 bug. Beyond that, most of these updates are pretty straightforward. If you’re using these products, patch them. However, you can use you regular patch cadence here.
Microsoft Patches for July 2026
Here it is. The Mother of All Releases. To call this record-breaking is an understatement. How to count this mess is anyone’s guess, but I see new Microsoft 621 CVEs for the month of July. Some of these are in online services where no user action is required. They also list about 480 bugs in Chromium and Microsoft Edge (Chromium-based) that I won’t cover here. Here’s how I put this in context. I looked at the last 20 years of Microsoft releases. The CVE count year-to-date exceeds all other years’ totals.
The products covered this month are also astonishing. There are patches for Windows and Windows components, Office and Office Components, Microsoft Edge (Chromium-based), Azure, .NET and Visual Studio, Github Copilot, Defender, Exchange Server, Hyper-V, Ages of Empire II, and Minecraft Server (really!). That phrase “Windows components” does some pretty heavy lifting here, too, as just about everything you’ve ever heard of is getting patched. All told, there are 63 rated Critical, six rated Moderate, one rated Low, with the rest rated Important in severity. Eight of these bugs were submitted through the ZDI program (more on that later). Two CVEs are listed as under active exploit while one other is listed as publicly known.
So how do we eat this elephant? One byte at a time (pun intended). Let’s start by looking a closer look at some of the more interesting updates for this month, starting with the bugs being exploited in the wild.
- CVE-2026-56155 - Active Directory Federation Services Elevation of Privilege Vulnerability
This is one of several AD FS being patched this month, but it’s the only one being actively exploited. It stems from insufficient access-control granularity and does require local access and low privileges to start, but AD FS is exactly the kind of identity infrastructure attackers love to pivot through once they're in. It can also be paired with an RCE as we often see in ransomware. Test and deploy this patch quickly.
- CVE-2026-56164 - Microsoft SharePoint Server Elevation of Privilege Vulnerability
The other bug being exploited in the wild this month is a modest CVSS 5.3 – but it shows why Moderate severity bugs still matter. It's a missing-authentication flaw, meaning an unauthenticated attacker can hit it over the network with no user interaction required. When something this reachable is being actively abused, patch it now and worry about the score later.
- CVE-2026-57092 - Microsoft Windows VMSwitch Elevation of Privilege Vulnerability
This patch rates the highest CVSS score for the month: a solid 9.9. It’s a use-after-free that lets a low-privileged attacker escalate to full host compromise across a VM boundary. We saw something like this demonstrated at Pwn2Own Berlin on ESXi, but it clearly isn’t alone. If you’re using VMSwitch in your Hyper-V deployments (and you likely are), test and deploy this one quickly.
- CVE-2026-50522/58644 - Microsoft SharePoint Remote Code Execution Vulnerability
This matching pair of CVSS 9.8 bugs results from the deserialization-of-untrusted-data and are reachable without authentication or user interaction. CVE-2026-50522 was demonstrated during Pwn2Own Berlin, so it’s odd to see Microsoft list it as “Exploit Maturity Unknown” since we literally handed them a working exploit. Just another reason to do your own risk assessment and not rely 100% on the vendor. If you have any Internet accessible SharePoint servers, test and deploy this patch quickly.
- CVE-2026-56190 - Remote Desktop Protocol Remote Code Execution Vulnerability
This patch covers an unauthenticated, network-reachable, no user interaction required bug. The root cause is a classic one: use of uninitialized resource (CWE-908), meaning specially crafted RDP traffic can interact with memory that was never properly initialized, letting an attacker corrupt memory and potentially steer code execution. RDP Servers are a common target, so audit your systems to see which are internet accessible and start from there.
- CVE-2026-55008 - Microsoft Exchange Server Spoofing Vulnerability
Ignore the title here and treat this like the XSS bug it is. The vulnerability is listed as a CVSS 9.6 since it’s a stored cross-site scripting flaw in Outlook Web Access, with a scope-changed impact that lets it break out of the web app context entirely. An attacker sends a specially crafted email, and if the victim simply opens it in OWA, arbitrary JavaScript executes in their browser session — no attachment needed, no macro warning, just viewing the message does it. If you’re using OWA, test and deploy this one quickly.
- CVE-2026-50518 - Windows DHCP Server Remote Code Execution Vulnerability
There are a couple of these DHCP RCE patches in this release, but the other has caveats while this one does not. Both are heap-based buffer overflows scoring CVSS 9.8, both unauthenticated and network-reachable. If you're running DHCP Server role on anything Internet-adjacent (you're not, right?), these move to the top of the list.
- CVE-2026-56188 - Windows Server Network driver Remote Code Execution Vulnerability
Another Critical-rated bug, this one is caused by a race condition. It’s always fun to see a TOCTOU bug rated this high, since race conditions are notoriously finicky to exploit reliably. While it may prove tricky to exploit, this bug could allow an attacker to execute privileged code over the network without user interaction. Don’t let the race condition lull you to sleep on a wormable bug.
- CVE-2026-55010 - Minecraft Bedrock Dedicated Server Remote Code Execution Vulnerability
File this in the “why not” category. This bug is a heap-based buffer overflow in Minecraft Bedrock Dedicated Server, also CVSS 9.8 and also unauthenticated RCE. Yes, your kid’s Minecraft server (it is your kid’s server, right?) is exposed to the same class of bug as your DHCP infrastructure. Patch it anyway.
Here’s the full list of CVEs released by Microsoft for July 2026:
CVE Title Severity CVSS Public Exploited Type CVE-2026-56155 Active Directory Federation Services Elevation of Privilege Vulnerability Important 7.8 No Yes EoP CVE-2026-56164 Microsoft SharePoint Server Elevation of Privilege Vulnerability Moderate 5.3 No Yes EoP CVE-2026-50661 Windows BitLocker Security Feature Bypass Vulnerability Important 6.1 Yes No SFB CVE-2026-54121 Active Directory Certificate Services Elevation of Privilege Vulnerability Critical 8.8 No No EoP CVE-2026-45499 ** Azure OpenAI Elevation of Privilege Vulnerability Critical 9.9 No No EoP CVE-2026-48564 DHCP Server Service Remote Code Execution Vulnerability Critical 8.8 No No RCE CVE-2026-50370 DHCP Server Service Remote Code Execution Vulnerability Critical 8.8 No No RCE CVE-2026-56159 DHCP Server Service Remote Code Execution Vulnerability Critical 9.8 No No RCE CVE-2026-50382 DirectX Graphics Kernel Remote Code Execution Vulnerability Critical 8.8 No No RCE CVE-2026-41106 ** Microsoft 365 Copilot Elevation of Privilege Vulnerability Critical 9.3 No No EoP CVE-2026-26145 ** Microsoft Azure Synapse Elevation of Privilege Vulnerability Critical 4.8 No No EoP CVE-2026-48561 Microsoft Copilot Remote Code Execution Vulnerability Critical 9.6 No No RCE CVE-2026-55011 Microsoft Defender Remote Code Execution Vulnerability Critical 7.8 No No RCE CVE-2026-55012 Microsoft Defender Remote Code Execution Vulnerability Critical 7.8 No No RCE CVE-2026-55944 Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability Critical 9.8 No No RCE CVE-2026-57100 ** Microsoft Entra Provisioning Service Elevation of Privilege Vulnerability Critical 9.9 No No EoP CVE-2026-55041 Microsoft Excel Remote Code Execution Vulnerability Critical 7.8 No No RCE CVE-2026-54998 ** Microsoft Exchange Online Elevation of Privilege Vulnerability Critical 8.8 No No EoP CVE-2026-55008 Microsoft Exchange Server Spoofing Vulnerability Critical 9.6 No No Spoofing CVE-2026-54992 Microsoft Message Queuing Queue Manager Remote Code Execution Vulnerability Critical 8.4 No No RCE CVE-2026-50314 Microsoft Office Remote Code Execution Vulnerability Critical 7.8 No No RCE CVE-2026-50467 Microsoft Office Remote Code Execution Vulnerability Critical 7.8 No No RCE CVE-2026-55018 Microsoft Office Remote Code Execution Vulnerability Critical 7.8 No No RCE CVE-2026-55022 Microsoft Office Remote Code Execution Vulnerability Critical 7.8 No No RCE CVE-2026-55045 Microsoft Office Remote Code Execution Vulnerability Critical 8.4 No No RCE CVE-2026-55049 Microsoft Office Remote Code Execution Vulnerability Critical 7.8 No No RCE CVE-2026-55129 Microsoft Office Remote Code Execution Vulnerability Critical 7.8 No No RCE CVE-2026-55056 Microsoft Office Remote Code Execution Vulnerability Critical 7.8 No No RCE CVE-2026-55140 Microsoft Office Remote Code Execution Vulnerability Critical 7.8 No No RCE CVE-2026-55043 Microsoft PowerPoint Remote Code Execution Vulnerability Critical 7.8 No No RCE CVE-2026-55123 Microsoft PowerPoint Remote Code Execution Vulnerability Critical 7.8 No No RCE CVE-2026-55120 Microsoft PowerPoint Remote Code Execution Vulnerability Critical 7.8 No No RCE CVE-2026-50522 Microsoft SharePoint Remote Code Execution Vulnerability Critical 9.8 No No RCE CVE-2026-58644 Microsoft SharePoint Remote Code Execution Vulnerability Critical 9.8 No No RCE CVE-2026-55040 Microsoft SharePoint Server Security Feature Bypass Vulnerability Critical 9.1 No No SFB CVE-2026-54117 Microsoft SQL Server Remote Code Execution Vulnerability Critical 8.8 No No RCE CVE-2026-54118 Microsoft SQL Server Remote Code Execution Vulnerability Critical 8.8 No No RCE CVE-2026-50655 Microsoft Windows Media Foundation Remote Code Execution Vulnerability Critical 7.8 No No RCE CVE-2026-56189 Microsoft Windows Media Foundation Remote Code Execution Vulnerability Critical 7.8 No No RCE CVE-2026-57090 Microsoft Windows Media Foundation Remote Code Execution Vulnerability Critical 8.8 No No RCE CVE-2026-57094 Microsoft Windows Media Foundation Remote Code Execution Vulnerability Critical 8.8 No No RCE CVE-2026-57087 Microsoft Windows Media Foundation Remote Code Execution Vulnerability Critical 8.8 No No RCE CVE-2026-57092 Microsoft Windows VMSwitch Elevation of Privilege Vulnerability Critical 9.9 No No EoP CVE-2026-55033 Microsoft Word Remote Code Execution Vulnerability Critical 7.8 No No RCE CVE-2026-55127 Microsoft Word Remote Code Execution Vulnerability Critical 7.8 No No RCE CVE-2026-55132 Microsoft Word Remote Code Execution Vulnerability Critical 7.8 No No RCE CVE-2026-55010 Minecraft Bedrock Dedicated Server Remote Code Execution Vulnerability Critical 9.8 No No RCE CVE-2026-50474 Remote Desktop Client Remote Code Execution Vulnerability Critical 8.8 No No RCE CVE-2026-49164 Windows Active Directory Domain Services Remote Code Execution Vulnerability Critical 8.1 No No RCE CVE-2026-54128 Windows DHCP Client Remote Code Execution Vulnerability Critical 8.4 No No RCE CVE-2026-50518 Windows DHCP Server Remote Code Execution Vulnerability Critical 9.8 No No RCE CVE-2026-49796 Windows GDI+ Remote Code Execution Vulnerability Critical 7.8 No No RCE CVE-2026-50380 Windows GDI+ Remote Code Execution Vulnerability Critical 9.6 No No RCE CVE-2026-54127 Windows Hyper-V Elevation of Privilege Vulnerability Critical 7.4 No No EoP CVE-2026-50680 Windows Hyper-V Elevation of Privilege Vulnerability Critical 8.2 No No EoP CVE-2026-50327 Windows Media Remote Code Execution Vulnerability Critical 7.8 No No RCE CVE-2026-58542 Windows Media Remote Code Execution Vulnerability Critical 7.8 No No RCE CVE-2026-58608 Windows Print Spooler Remote Code Execution Vulnerability Critical 8.8 No No RCE CVE-2026-54982 Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability Critical 8.8 No No RCE CVE-2026-54995 Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability Critical 8.1 No No RCE CVE-2026-42982 Windows Secure Kernel Mode Elevation of Privilege Vulnerability Critical 7.8 No No EoP CVE-2026-50392 Windows Secure Kernel Mode Elevation of Privilege Vulnerability Critical 7 No No EoP CVE-2026-50694 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability Critical 8.1 No No RCE CVE-2026-56188 Windows Server Network driver Remote Code Execution Vulnerability Critical 9.8 No No RCE CVE-2026-50444 Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability Critical 8.8 No No EoP CVE-2026-54999 Windows TCP/IP Remote Code Execution Vulnerability Critical 8.8 No No RCE CVE-2026-47302 .NET Denial of Service Vulnerability Important 7.5 No No DoS CVE-2026-50525 .NET Denial of Service Vulnerability Important 7.5 No No DoS CVE-2026-50651 .NET Denial of Service Vulnerability Important 7.5 No No DoS CVE-2026-57108 .NET Denial of Service Vulnerability Important 7.5 No No DoS CVE-2026-50524 .NET Framework Denial of Service Vulnerability Important 7.5 No No DoS CVE-2026-50527 .NET Framework Denial of Service Vulnerability Important 7.5 No No DoS CVE-2026-50648 .NET Framework Denial of Service Vulnerability Important 7.5 No No DoS CVE-2026-50650 .NET Framework Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-50646 .NET Framework Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2026-50649 .NET Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2026-47304 .NET Security Feature Bypass Vulnerability Important 8.1 No No SFB CVE-2026-50528 .NET Security Feature Bypass Vulnerability Important 8.2 No No SFB CVE-2026-50659 .NET Spoofing Vulnerability Important 6.5 No No Spoofing CVE-2026-50526 .NET Tampering Vulnerability Important 7 No No Tampering CVE-2026-50682 Active Directory Denial of Service Vulnerability Important 7.1 No No DoS CVE-2026-55001 Active Directory Domain Services Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-50647 Active Directory Federation Server Denial of Service Vulnerability Important 7.5 No No DoS CVE-2026-50684 Active Directory Federation Server Spoofing Vulnerability Important 4.8 No No Spoofing CVE-2026-56170 ASP.NET Core Denial of Service Vulnerability Important 7.5 No No DoS CVE-2026-47300 ASP.NET Core Elevation of Privilege Vulnerability Important 8.8 No No EoP CVE-2026-47303 ASP.NET Core Elevation of Privilege Vulnerability Important 8.8 No No EoP CVE-2026-50652 Azure Active Directory Denial of Service Vulnerability Important 7.5 No No DoS CVE-2026-50653 Azure Active Directory Denial of Service Vulnerability Important 7.5 No No DoS CVE-2026-57969 Azure CycleCloud Elevation of Privilege Vulnerability Important 8.8 No No EoP CVE-2026-58279 Azure CycleCloud Elevation of Privilege Vulnerability Important 6.5 No No EoP CVE-2026-47632 Azure Monitor Agent Metrics Extension Elevation of Privilege Vulnerability Important 8.8 No No EoP CVE-2026-50338 Azure Spring Apps Elevation of Privilege Vulnerability Important 8.2 No No EoP CVE-2026-50488 Clipboard User Service Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-50491 Code Integrity DLL (ci.dll) Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-50381 Composite Image File System driver (cimfs.sys) Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-50427 Content Delivery Manager Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-50692 Desktop Window Manager Elevation of Privilege Vulnerability Important 8.8 No No EoP CVE-2026-58633 Desktop Window Manager Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-58634 Desktop Window Manager Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-50296 DirectX Graphics Kernel Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-50375 DirectX Graphics Kernel Elevation of Privilege Vulnerability Important 6.3 No No EoP CVE-2026-50353 DirectX Graphics Kernel Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-50493 DirectX Graphics Kernel Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-56643 DirectX Graphics Kernel Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-56644 DirectX Graphics Kernel Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-58629 DirectX Graphics Kernel Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-49174 DNS Client Tampering Vulnerability Important 6.1 No No Tampering CVE-2026-50495 DNS Client Tampering Vulnerability Important 6.1 No No Tampering CVE-2026-57088 Extensible Storage Engine (ESENT) Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-50663 Game: Age of Empires II: Definitive Edition Remote Code Execution Vulnerability Important 8.8 No No RCE CVE-2026-47282 GitHub Copilot and Visual Studio Code Information Disclosure Vulnerability Important 6.5 No No Info CVE-2026-41109 GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability Important 8.8 No No SFB CVE-2026-50510 GitHub Copilot Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2026-49787 HTTP.sys Denial of Service Vulnerability Important 7.5 No No DoS CVE-2026-50420 HTTP.sys Information Disclosure Vulnerability Important 6.2 No No Info CVE-2026-49788 HTTP/2 Denial of Service Vulnerability Important 7.5 No No DoS CVE-2026-50696 Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability Important 7.5 No No DoS CVE-2026-58617 M365 Copilot for iOS Elevation of Privilege Vulnerability Important 8.1 No No EoP CVE-2026-58595 Microsoft Bing App for IOS Spoofing Vulnerability Important 8.1 No No Spoofing CVE-2026-49162 Microsoft Brokering File System Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-50305 Microsoft Brokering File System Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-50361 Microsoft Brokering File System Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-50466 Microsoft Brokering File System Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-50458 Microsoft Brokering File System Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-50658 Microsoft Defender for Endpoint for Mac Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-56178 Microsoft Defender for Endpoint for Mac Elevation of Privilege Vulnerability Important 5.5 No No EoP CVE-2026-50657 Microsoft Defender for Endpoint for Mac Information Disclosure Vulnerability Important 4.7 No No Info CVE-2026-50329 Microsoft DWM Core Library Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-58541 Microsoft DWM Core Library Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-58596 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Important 8.3 No No EoP CVE-2026-57991 Microsoft Edge (Chromium-based) Information Disclosure Vulnerability Important 7.4 No No Info CVE-2026-58291 Microsoft Edge (Chromium-based) Information Disclosure Vulnerability Important 6.1 No No Info CVE-2026-57981 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Important 8.8 No No RCE CVE-2026-57984 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Important 7.5 No No RCE CVE-2026-57985 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Important 7.6 No No RCE CVE-2026-57986 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Important 7.5 No No RCE CVE-2026-57988 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Important 7.1 No No RCE CVE-2026-57992 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Important 7.5 No No RCE CVE-2026-58276 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Important 7.5 No No RCE CVE-2026-56645 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Important 8.8 No No RCE CVE-2026-57974 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Important 8.8 No No RCE CVE-2026-57975 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Important 7.5 No No RCE CVE-2026-58281 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Important 8.3 No No RCE CVE-2026-58284 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Important 8.3 No No RCE CVE-2026-58285 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Important 8.3 No No RCE CVE-2026-58287 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Important 8.3 No No RCE CVE-2026-58288 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Important 8.3 No No RCE CVE-2026-58289 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Important 9 No No RCE CVE-2026-58290 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Important 7.5 No No RCE CVE-2026-58292 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Important 7.5 No No RCE CVE-2026-58293 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Important 8.1 No No RCE CVE-2026-58294 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Important 7.5 No No RCE CVE-2026-57983 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability Important 8.7 No No SFB CVE-2026-58295 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability Important 8.3 No No SFB CVE-2026-58525 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability Important 8.2 No No SFB CVE-2026-57987 Microsoft Edge (Chromium-based) Spoofing Vulnerability Important 6.5 No No Spoofing CVE-2026-58278 Microsoft Edge (Chromium-based) Spoofing Vulnerability Important 5.4 No No Spoofing CVE-2026-56646 Microsoft Edge (Chromium-based) Spoofing Vulnerability Important 6.5 No No Spoofing CVE-2026-57977 Microsoft Edge (Chromium-based) Spoofing Vulnerability Important 7.1 No No Spoofing CVE-2026-57993 Microsoft Edge (Chromium-based) Spoofing Vulnerability Important 7.4 No No Spoofing CVE-2026-58282 Microsoft Edge (Chromium-based) Spoofing Vulnerability Important 8.1 No No Spoofing CVE-2026-58283 Microsoft Edge (Chromium-based) Spoofing Vulnerability Important 8.1 No No Spoofing CVE-2026-58286 Microsoft Edge (Chromium-based) Spoofing Vulnerability Important 8.1 No No Spoofing CVE-2026-58298 Microsoft Edge (Chromium-based) Spoofing Vulnerability Important 7.2 No No Spoofing CVE-2026-58524 Microsoft Edge (Chromium-based) Spoofing Vulnerability Important 5.4 No No Spoofing CVE-2026-58296 Microsoft Edge for Android Information Disclosure Vulnerability Important 7.1 No No Info CVE-2026-58297 Microsoft Edge for Android Information Disclosure Vulnerability Important 7.1 No No Info CVE-2026-58300 Microsoft Edge for Android Information Disclosure Vulnerability Important 6.2 No No Info CVE-2026-58522 Microsoft Edge for Android Information Disclosure Vulnerability Important 6.8 No No Info CVE-2026-58299 Microsoft Edge for Android Remote Code Execution Vulnerability Important 7.5 No No RCE CVE-2026-58523 Microsoft Edge for Android Security Feature Bypass Vulnerability Important 6.5 No No SFB CVE-2026-50678 Microsoft Excel Information Disclosure Vulnerability Important 6.6 No No Info CVE-2026-54988 Microsoft Excel Information Disclosure Vulnerability Important 6.1 No No Info CVE-2026-48580 Microsoft Excel Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-50408 Microsoft Excel Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-55046 Microsoft Excel Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-55138 Microsoft Excel Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-55054 Microsoft Excel Information Disclosure Vulnerability Important 6.5 No No Info CVE-2026-55122 Microsoft Excel Information Disclosure Vulnerability Important 7.1 No No Info CVE-2026-55898 Microsoft Excel Information Disclosure Vulnerability Important 6.1 No No Info CVE-2026-50675 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2026-55899 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2026-55948 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2026-58618 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2026-47642 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2026-55024 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2026-55025 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2026-55031 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2026-55048 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2026-55029 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2026-55039 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2026-55136 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2026-55141 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2026-55036 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2026-55044 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2026-55037 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2026-55058 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2026-55137 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2026-55053 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2026-55131 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2026-54131 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2026-55947 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2026-55949 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2026-56156 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2026-55006 Microsoft Exchange Server Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-55009 Microsoft Exchange Server Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-55005 Microsoft Exchange Server Remote Code Execution Vulnerability Important 8.8 No No RCE CVE-2026-56642 Microsoft Fabric Data Warehouse Remote Code Execution Vulnerability Important 8.8 No No RCE CVE-2026-50343 Microsoft Install Service Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-50439 Microsoft Message Queuing Queue Manager Remote Code Execution Vulnerability Important 8.1 No No RCE CVE-2026-58537 Microsoft NAT Helper Components (ipnathlp.dll) Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-56193 Microsoft Office Information Disclosure Vulnerability Important 7.1 No No Info CVE-2026-55023 Microsoft Office Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-55026 Microsoft Office Information Disclosure Vulnerability Important 6.2 No No Info CVE-2026-55027 Microsoft Office Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-55028 Microsoft Office Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-55047 Microsoft Office Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-55035 Microsoft Office Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-55057 Microsoft Office Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-55121 Microsoft Office Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-55042 Microsoft Office Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-55139 Microsoft Office Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-50665 Microsoft Office Information Disclosure Vulnerability Important 7.8 No No Info CVE-2026-56192 Microsoft Office Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-56195 Microsoft Office Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-47290 Microsoft Office Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2026-50301 Microsoft Office Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2026-55017 Microsoft Office Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2026-55125 Microsoft Office Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2026-55133 Microsoft OneNote Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2026-58636 Microsoft PC Manager Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-50438 Microsoft PC Manager Elevation of Privilege Vulnerability Important 8.8 No No EoP CVE-2026-58647 Microsoft PowerBI Report Server Spoofing Vulnerability Important 8 No No Spoofing CVE-2026-55052 Microsoft SharePoint Elevation of Privilege Vulnerability Important 8.8 No No EoP CVE-2026-58277 Microsoft SharePoint Elevation of Privilege Vulnerability Important 8.8 No No EoP CVE-2026-55051 Microsoft SharePoint Server Information Disclosure Vulnerability Important 6.5 No No Info CVE-2026-54108 Microsoft SharePoint Server Spoofing Vulnerability Important 6.5 No No Spoofing CVE-2026-55016 Microsoft SharePoint Server Spoofing Vulnerability Important 4.6 No No Spoofing CVE-2026-55019 Microsoft SharePoint Server Spoofing Vulnerability Important 4.6 No No Spoofing CVE-2026-55020 Microsoft SharePoint Server Spoofing Vulnerability Important 4.6 No No Spoofing CVE-2026-55021 Microsoft SharePoint Server Spoofing Vulnerability Important 7.3 No No Spoofing CVE-2026-55030 Microsoft SharePoint Server Spoofing Vulnerability Important 4.6 No No Spoofing CVE-2026-55034 Microsoft SharePoint Server Spoofing Vulnerability Important 7.3 No No Spoofing CVE-2026-55126 Microsoft SharePoint Server Spoofing Vulnerability Important 7.3 No No Spoofing CVE-2026-55135 Microsoft SharePoint Server Spoofing Vulnerability Important 4.6 No No Spoofing CVE-2026-56157 Microsoft SharePoint Server Spoofing Vulnerability Important 5.4 No No Spoofing CVE-2026-47296 Microsoft SQL Server Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-55002 Microsoft SQL Server Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-47295 Microsoft SQL Server Elevation of Privilege Vulnerability Important 8.8 No No EoP CVE-2026-50468 Microsoft SQL Server Information Disclosure Vulnerability Important 6.5 No No Info CVE-2026-54116 Microsoft SQL Server Information Disclosure Vulnerability Important 6.5 No No Info CVE-2026-42900 Microsoft Windows App Store Elevation of Privilege Vulnerability Important 8.1 No No EoP CVE-2026-49784 Microsoft Windows App Store Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-50356 Microsoft Windows App Store Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-49165 Microsoft Windows App Store Information Disclosure Vulnerability Important 7.1 No No Info CVE-2026-54993 Microsoft Windows Media Foundation Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2026-58610 Microsoft Windows Media Foundation Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2026-55050 Microsoft Word Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-55124 Microsoft Word Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-55142 Microsoft Word Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-55032 Microsoft Word Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2026-55055 Microsoft Word Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2026-55038 Microsoft Word Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2026-55134 Microsoft Word Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2026-55128 Microsoft Word Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2026-55130 Microsoft Word Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2026-50359 Microsoft XML Core Services Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-57097 Microsoft XML Security Feature Bypass Vulnerability Important 6.4 No No SFB CVE-2026-50346 Netlogon RPC Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-50402 NTFS Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-50506 OData for ASP.NET and ASP.NET Core Denial of Service Vulnerability Important 7.5 No No DoS CVE-2026-45646 OData for ASP.NET and ASP.NET Core Denial of Service Vulnerability Important 7.5 No No DoS CVE-2026-54989 Quality Windows Audio/Video Experience (QWAVE) Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-50365 Remote Access Management service/API (RPC server) Elevation of Privilege Vulnerability Important 8 No No EoP CVE-2026-54990 Remote Desktop Client Remote Code Execution Vulnerability Important 9.8 No No RCE CVE-2026-58594 Remote Desktop Client Remote Code Execution Vulnerability Important 8.8 No No RCE CVE-2026-56190 Remote Desktop Protocol Remote Code Execution Vulnerability Important 9.8 No No RCE CVE-2026-49783 Secure Boot Security Feature Bypass Vulnerability Important 7.8 No No SFB CVE-2026-42990 SQL Server ODBC driver Elevation of Privilege Vulnerability Important 9.8 No No EoP CVE-2026-49168 Storage Spaces Direct Elevation of Privilege Vulnerability Important 6.2 No No EoP CVE-2026-48581 Surface Broker SDMA Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-49180 Universal Plug and Play (upnp.dll) Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-50455 Universal Plug and Play (upnp.dll) Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-54111 Universal Print Management Service Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-58543 Universal Print Management Service Elevation of Privilege Vulnerability Important 6.3 No No EoP CVE-2026-58601 Virtual Hard Disk (VHD) Miniport Driver Elevation of Privilege Vulernability Important 7.8 No No EoP CVE-2026-50520 Visual Studio Code Remote Code Execution Vulnerability Important 8.4 No No RCE CVE-2026-45496 Visual Studio Code Security Feature Bypass Vulnerability Important 5.5 No No SFB CVE-2026-57101 Visual Studio Code Security Feature Bypass Vulnerability Important 7.1 No No SFB CVE-2026-57102 Visual Studio Code Security Feature Bypass Vulnerability Important 8.8 No No SFB CVE-2026-47305 Visual Studio Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2026-49805 Win32k Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-50297 Win32k Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-50325 Win32k Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-50489 Win32k Elevation of Privilege Vulnerability Important 8.8 No No EoP CVE-2026-57095 Win32k Elevation of Privilege Vulnerability Important 6.2 No No EoP CVE-2026-50416 Win32k Information Disclosure Vulnerability Important 3.3 No No Info CVE-2026-56184 Win32k Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-50432 Window Virtual Filtering Platform (VFP) Denial of Service Vulnerability Important 5.3 No No DoS CVE-2026-54119 Windows Active Directory Denial of Service Vulnerability Important 7.5 No No DoS CVE-2026-57976 Windows Active Directory Domain Services Denial of Service Vulnerability Important 6.5 No No DoS CVE-2026-50366 Windows Active Directory Domain Services Denial of Service Vulnerability Important 6.5 No No DoS CVE-2026-49178 Windows Active Directory Domain Services Remote Code Execution Vulnerability Important 8.8 No No RCE CVE-2026-58529 Windows Active Directory Federation Services (ADFS) Information Disclosure Vulnerability Important 7.1 No No Info CVE-2026-54983 Windows Active Directory Federation Services Denial of Service Vulnerability Important 7.5 No No DoS CVE-2026-50695 Windows Active Directory Federation Services Denial of Service Vulnerability Important 7.5 No No DoS CVE-2026-50304 Windows Active Directory Federation Services Denial of Service Vulnerability Important 7.5 No No DoS CVE-2026-50368 Windows Active Directory Federation Services Denial of Service Vulnerability Important 7.5 No No DoS CVE-2026-50324 Windows Active Directory Federation Services Denial of Service Vulnerability Important 5.9 No No DoS CVE-2026-50355 Windows Active Directory Federation Services Denial of Service Vulnerability Important 7.5 No No DoS CVE-2026-50411 Windows Active Directory Federation Services Denial of Service Vulnerability Important 7.5 No No DoS CVE-2026-58631 Windows Admin Center (WAC) Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2026-56196 Windows Admin Center (WAC) Remote Code Execution Vulnerability Important 8.8 No No RCE CVE-2026-56197 Windows Admin Center (WAC) Remote Code Execution Vulnerability Important 8.8 No No RCE CVE-2026-56169 Windows Admin Center Elevation of Privilege Vulnerability Important 8.1 No No EoP CVE-2026-57107 Windows Admin Center Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-56185 Windows Admin Center Information Disclosure Vulnerability Important 6.5 No No Info CVE-2026-50312 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Important 4.7 No No EoP CVE-2026-50462 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-57093 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-34346 Windows Ancillary Function Driver for WinSock Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-48572 Windows App Package Installer Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-48571 Windows App Package Installer Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-50400 Windows App Package Installer Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-50331 Windows Application Model Core API Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-49803 Windows AppX Deployment Extensions Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-50351 Windows Audio Compression Manager (ACM) Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-50440 Windows Audio Service Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-34328 Windows Audio Service Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-50406 Windows Backup Engine Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-50364 Windows Backup Service Elevation of Privilege Vulnerability Important 7.3 No No EoP CVE-2026-42975 Windows Bluetooth Port Driver Remote Code Execution Important 8 No No RCE CVE-2026-58538 Windows Bluetooth Service Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-58638 Windows Boot Loader Security Feature Bypass Vulnerability Important 6 No No SFB CVE-2026-58637 Windows Client-Side Caching Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-50384 Windows Clip Service Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-49183 Windows Clipboard Server Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-50689 Windows Clipboard Server Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-50374 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Important 6.3 No No EoP CVE-2026-58536 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-58613 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-50401 Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-50697 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-50667 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-50421 Windows Connected User Experiences and Telemetry Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-50428 Windows Container Isolation FS Filter Driver (unionfs.sys) Information Disclosure Vulnerability Important 7.1 No No Info CVE-2026-50352 Windows Cryptographic Services Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-50302 Windows Cryptographic Services Security Feature Bypass Vulnerability Important 4.2 No No SFB CVE-2026-55144 Windows Cryptography API: Next Generation (CNG) Tampering Vulnerability Important 7.1 No No Tampering CVE-2026-50347 Windows Data.dll Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2026-49181 Windows DHCP Client Elevation of Privilege Vulnerability Important 7.5 No No EoP CVE-2026-50683 Windows DHCP Client Elevation of Privilege Vulnerability Important 8 No No EoP CVE-2026-58627 Windows DHCP Server Denial of Service Vulnerability Important 7.5 No No DoS CVE-2026-50685 Windows DHCP Server Remote Code Execution Vulnerability Important 7.5 No No RCE CVE-2026-49807 Windows DirectX Information Disclosure Vulnerability Important 6.2 No No Info CVE-2026-49175 Windows DNS Client Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-50487 Windows DNS Client Elevation of Privilege Vulnerability Important 8.1 No No EoP CVE-2026-50465 Windows DNS Client Tampering Vulnerability Important 7.1 No No Tampering CVE-2026-49169 Windows DNS Server Remote Code Execution Vulnerability Important 8 No No RCE CVE-2026-50426 Windows DNS Server Remote Code Execution Vulnerability Important 6.8 No No RCE CVE-2026-50424 Windows Domain Controller Denial of Service Vulnerability Important 7.5 No No DoS CVE-2026-50300 Windows DWM Core Library Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-50437 Windows DWM Core Library Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-34348 Windows Event Logging Service Information Disclosure Vulnerability Important 6.5 No No Info CVE-2026-50502 Windows Event Logging Service Remote Code Execution Vulnerability Important 8 No No RCE CVE-2026-33842 Windows File Explorer Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-40422 Windows File Explorer Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-41087 Windows File Explorer Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-50473 Windows File Explorer Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-50442 Windows File Explorer Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-50389 Windows File Explorer Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-50456 Windows File Explorer Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-57084 Windows File Explorer Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-57091 Windows File History Service Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-50405 Windows Filtering Platform Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-49172 Windows FTP Service Remote Code Execution Vulnerability Important 9.8 No No RCE CVE-2026-50387 Windows GDI Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-54122 Windows GDI+ Remote Code Execution Vulnerability Important 8.4 No No RCE CVE-2026-50483 Windows Graphics Component Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-58609 Windows Graphics Component Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2026-50391 Windows Group Policy Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-50310 Windows Human Interface Device Information Disclosure Vulnerability Important 4.7 No No Info CVE-2026-50485 Windows Hyper-V Denial of Service Vulnerability Important 4.5 No No DoS CVE-2026-54129 Windows Hyper-V Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-50315 Windows Image Acquisition Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-58534 Windows Input Method Editor (IME) Elevation of Privilege Vulnerability Important 8.8 No No EoP CVE-2026-50490 Windows Installer Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-58540 Windows Installer Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-50425 Windows Internal System User Profile Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-50293 Windows Internal Task Bar Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-49167 Windows Kernel Elevation of Privilege Vulnerability Important 4.7 No No EoP CVE-2026-49173 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-54132 Windows Kernel Elevation of Privilege Vulnerability Important 6.8 No No EoP CVE-2026-49795 Windows Kernel Elevation of Privilege Vulnerability Important 8.8 No No EoP CVE-2026-49798 Windows Kernel Elevation of Privilege Vulnerability Important 9.3 No No EoP CVE-2026-49808 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-50354 Windows Kernel Elevation of Privilege Vulnerability Important 7.1 No No EoP CVE-2026-50332 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-50377 Windows Kernel Elevation of Privilege Vulnerability Important 5.5 No No EoP CVE-2026-50390 Windows Kernel Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-50423 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-50397 Windows Kernel Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-50436 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-50399 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-50459 Windows Kernel Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-50477 Windows Kernel Elevation of Privilege Vulnerability Important 8.8 No No EoP CVE-2026-50478 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-50484 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-50673 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-58532 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-50294 Windows Kernel Information Disclosure Vulnerability Important 6.2 No No Info CVE-2026-50316 Windows Kernel Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-50419 Windows Kernel Information Disclosure Vulnerability Important 3.3 No No Info CVE-2026-50463 Windows Kernel Information Disclosure Vulnerability Important 7.5 No No Info CVE-2026-50475 Windows Kernel Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-50429 Windows Kernel Information Disclosure Vulnerability Important 8.2 No No Info CVE-2026-58614 Windows Kernel Security Feature Bypass Vulnerability Important 5.5 No No SFB CVE-2026-58545 Windows Kernel Security Feature Bypass Vulnerability Important 5.5 No No SFB CVE-2026-58602 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-50393 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-50396 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-50378 Windows Key Guard Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-50303 Windows Key Guard Security Feature Bypass Vulnerability Important 5.5 No No SFB CVE-2026-40378 Windows Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability Important 7.5 No No DoS CVE-2026-49799 Windows Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability Important 6.5 No No DoS CVE-2026-50371 Windows LUA File Virtualization Filter Driver Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-58544 Windows Management Services Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-50404 Windows Media Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-50358 Windows Media Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-50336 Windows Media Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-50398 Windows Media Elevation of Privilege Vulnerability Important 8.8 No No EoP CVE-2026-50414 Windows Media Elevation of Privilege Vulnerability Important 7.5 No No EoP CVE-2026-50379 Windows Media Elevation of Privilege Vulnerability Important 7.5 No No EoP CVE-2026-50433 Windows Media Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-50676 Windows Media Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-50677 Windows Media Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-34349 Windows Media Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-50394 Windows Media Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-50415 Windows Media Information Disclosure Vulnerability Important 5.3 No No Info CVE-2026-57083 Windows Media Photo Codec Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-54115 Windows Message Queuing (MSMQ) Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-50447 Windows Message Queuing Service (MSMQ) Remote Code Execution Vulnerability Important 9.8 No No RCE CVE-2026-50505 Windows Message Queuing Service (MSMQ) Remote Code Execution Vulnerability Important 7.5 No No RCE CVE-2026-50342 Windows MIDI Service Module Elevation of Privileges Vulnerability Important 8.8 No No EoP CVE-2026-56183 Windows MIDI Service Module Elevation of Privileges Vulnerability Important 7 No No EoP CVE-2026-56187 Windows MIDI Service Module Elevation of Privileges Vulnerability Important 7 No No EoP CVE-2026-58635 Windows Narrator Braille Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-50500 Windows Netlogon Elevation of Privilege Vulnerability Important 7.5 No No EoP CVE-2026-50476 Windows Network Connections Service Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-50450 Windows Network Connections Service Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-56650 Windows Network File System Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-56649 Windows Network File System Remote Code Execution Vulnerability Important 5.9 No No RCE CVE-2026-50470 Windows Network Policy Server SNMP Information Disclosure Vulnerability Important 7.5 No No Info CVE-2026-50496 Windows Network Policy Server SNMP Information Disclosure Vulnerability Important 7.5 No No Info CVE-2026-56194 Windows NFS Server Elevation of Privilege Vulnerability Important 8.8 No No EoP CVE-2026-56648 Windows NFS Server Elevation of Privilege Vulnerability Important 7.5 No No EoP CVE-2026-50337 Windows Notification Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-49789 Windows NTFS Elevation of Privilege Vulnerability Important 7.3 No No EoP CVE-2026-50412 Windows NTFS Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-50422 Windows NTFS Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-50672 Windows NTFS Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-56175 Windows NTFS Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-56182 Windows NTFS Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-50341 Windows NTFS Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-58640 Windows NTFS Remote Code Execution Vulnerability Important 7.3 No No RCE CVE-2026-49184 Windows NTFS Remote Code Execution Vulnerability Important 8.4 No No RCE CVE-2026-49797 Windows NTFS Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2026-50308 Windows NTFS Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2026-50386 Windows NTFS Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2026-50309 Windows NTFS Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2026-50313 Windows NTFS Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2026-50388 Windows NTFS Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2026-50448 Windows NTFS Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2026-50471 Windows NTFS Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2026-50461 Windows NTFS Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2026-50417 Windows NTFS Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2026-50482 Windows NTFS Remote Code Execution Vulnerability Important 7.3 No No RCE CVE-2026-50494 Windows NTFS Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2026-50344 Windows OLE Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-50686 Windows OLE Remote Code Execution Vulnerability Important 8.1 No No RCE CVE-2026-50335 Windows Operating Systems Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-50317 Windows Operating Systems Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-54987 Windows Overlay Filter Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-50435 Windows Overlay Filter Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-50409 Windows Overlay Filter Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-40400 Windows PowerShell Remote Code Execution Vulnerability Important 8 No No RCE CVE-2026-49166 Windows Print Configuration Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-55004 Windows Print Configuration Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-50499 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-50383 Windows Print Spooler Information Disclosure Vulnerability Important 6.1 No No Info CVE-2026-57085 Windows Print Spooler Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-50469 Windows Projected File System Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-50434 Windows Push Notification Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-50339 Windows Push Notification Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-50430 Windows Push Notification Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-50334 Windows Push Notification Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-44800 Windows Push Notifications Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-50363 Windows Push Notifications Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-50431 Windows Quality of Service (QoS) Packet Scheduler Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-50372 Windows Redirected Drive Buffering System Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-50666 Windows Remote Access Elevation of Privilege Vulnerability Important 8.8 No No EoP CVE-2026-56647 Windows Remote Access Service Infrastructure Elevation of Privilege Vulnerability Important 8.8 No No EoP CVE-2026-50330 Windows Remote Desktop Client Elevation of Privilege Vulnerability Important 7.5 No No EoP CVE-2026-50376 Windows Remote Desktop Client Information Disclosure Vulnerability Important 6.5 No No Info CVE-2026-50504 Windows Remote Desktop Client Information Disclosure Vulnerability Important 6.5 No No Info CVE-2026-58533 Windows Remote Desktop Client Information Disclosure Vulnerability Important 6.5 No No Info CVE-2026-58535 Windows Remote Desktop Client Information Disclosure Vulnerability Important 6.5 No No Info CVE-2026-58546 Windows Remote Desktop Client Information Disclosure Vulnerability Important 6.5 No No Info CVE-2026-58539 Windows Remote Desktop Client Information Disclosure Vulnerability Important 6.5 No No Info CVE-2026-55003 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability Important 6.5 No No Info CVE-2026-57979 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability Important 6.5 No No Info CVE-2026-50445 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability Important 6.5 No No Info CVE-2026-50497 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability Important 6.5 No No Info CVE-2026-54126 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability Important 6.5 No No Info CVE-2026-57982 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability Important 6.5 No No Info CVE-2026-50369 Windows Remote Desktop Services Elevation of Privilege Vulnerability Important 8.8 No No EoP CVE-2026-58626 Windows Remote Desktop Services Remote Code Execution Vulnerability Important 8.8 No No RCE CVE-2026-55014 Windows Remote Help Defense Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-50318 Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-50407 Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-50357 Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-50441 Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-50668 Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability Important 6.8 No No EoP CVE-2026-54109 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2026-49792 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2026-49793 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2026-50362 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2026-50492 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability Important 6.8 No No RCE CVE-2026-50501 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2026-58530 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2026-49791 Windows Routing and Remote Access Service (RRAS) Elevation of Privilege Vulnerability Important 7.1 No No EoP CVE-2026-50451 Windows Routing and Remote Access Service (RRAS) Elevation of Privilege Vulnerability Important 7.1 No No EoP CVE-2026-57096 Windows Routing and Remote Access Service (RRAS) Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-50323 Windows Runtime Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-50452 Windows Runtime Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-50348 Windows Runtime Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-50345 Windows Runtime Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-50322 Windows Runtime Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-50340 Windows Runtime Elevation of Privilege Vulnerability Important 8.5 No No EoP CVE-2026-50410 Windows Runtime Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-50449 Windows Runtime Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-50460 Windows Runtime Elevation of Privilege Vulnerability Important 8.1 No No EoP CVE-2026-50403 Windows Runtime Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-50385 Windows Runtime Elevation of Privilege Vulnerability Important 8.8 No No EoP CVE-2026-50413 Windows Runtime Elevation of Privilege Vulnerability Important 8.8 No No EoP CVE-2026-50457 Windows Runtime Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-50486 Windows Runtime Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-50503 Windows Runtime Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-54125 Windows Runtime Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-58527 Windows Runtime Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-50373 Windows Search Service Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-50679 Windows Search Service Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-44806 Windows Secure Channel Denial of Service Vulnerability Important 5.3 No No DoS CVE-2026-50681 Windows Secure Channel Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-56186 Windows Secure Channel Information Disclosure Vulnerability Important 8.1 No No Info CVE-2026-50367 Windows Sensor Data Service Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-58619 Windows Sensor Data Service Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-50311 Windows Server Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-50328 Windows Server Update Service (WSUS) Tampering Vulnerability Important 7.5 No No Tampering CVE-2026-58531 Windows SMB Elevation of Privilege Vulnerability Important 7.5 No No EoP CVE-2026-54997 Windows SMB Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-49801 Windows SMB Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-50690 Windows SMB Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-56168 Windows SMB Server Denial of Service Vulnerability Important 6.5 No No DoS CVE-2026-50360 Windows SMB Server Elevation of Privilege Vulnerability Important 8.8 No No EoP CVE-2026-57089 Windows SMB Server Network Transport Driver (srvnet.sys) Remote Code Execution Vulnerability Important 7.5 No No RCE CVE-2026-50333 Windows Spaceport.sys Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-50298 Windows Spaceport.sys Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-49171 Windows Speech Runtime Elevation of Privilege Vulnerability Important 7.5 No No EoP CVE-2026-49170 Windows StateRepository API Server file Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-58526 Windows Storage Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-50299 Windows Storage Spaces Direct Remote Code Execution Vulnerability Important 6.8 No No RCE CVE-2026-57968 Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-57973 Windows Subsystem for Linux (WSL2) Kernel Tampering Vulnerability Important 6.3 No No Tampering CVE-2026-50418 Windows System Secure Feature Bypass Vulnerability Important 5.1 No No SFB CVE-2026-50306 Windows TCP/IP Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-50307 Windows TCP/IP Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-49177 Windows TCP/IP Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-50669 Windows Telephony Server Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-54124 Windows Terminal Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2026-50350 Windows Trusted Runtime Interface Driver Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-50326 Windows Unified Consent System Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-49790 Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability Important 7.3 No No EoP CVE-2026-50498 Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-58547 Windows Universal Plug and Play (UPnP) Device Host Elevation of Privilege Vulnerability Important 5.5 No No EoP CVE-2026-49794 Windows USB Audio Class Driver Information Disclosure Vulnerability Important 4.6 No No Info CVE-2026-50453 Windows USB Audio Class Driver Information Disclosure Vulnerability Important 6.1 No No Info CVE-2026-58528 Windows USB Audio Class Driver Information Disclosure Vulnerability Important 6.8 No No Info CVE-2026-50321 Windows USB Driver Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-50479 Windows USB Hub Driver Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-55000 Windows USB Print Driver Elevation of Privilege Vulnerability Important 6.4 No No EoP CVE-2026-54991 Windows USB Print Driver Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-54996 Windows USB Print Driver Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-49802 Windows USB Print Driver Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-49806 Windows USB Print Driver Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-50674 Windows USB Print Driver Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-49804 Windows USB Video Driver Elevation of Privilege Vulnerability Important 6.6 No No EoP CVE-2026-50454 Windows User Interface Core Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-49176 Windows WalletService Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-49800 Windows Web Proxy Auto-Discovery Protocol (WPAD) Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-50480 Windows Web Proxy Auto-Discovery Protocol (WPAD) Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-56173 Windows WebView Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-58632 Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-54107 Windows Win32k Elevation of Privilege Vulnerability Important 8.8 No No EoP CVE-2026-54986 Windows Win32k Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-54112 Windows Win32k Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-54114 Windows Win32k Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-50670 Windows Win32k Elevation of Privilege Vulnerability Important 8.8 No No EoP CVE-2026-50688 Windows Win32k Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-50687 Windows Win32k Elevation of Privilege Vulnerability Important 8.8 No No EoP CVE-2026-56176 Windows Win32k Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-58628 Windows Wireless Network Manager Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-50295 Windows Zero Trust DNS Security Feature Bypass Vulnerability Important 5.5 No No SFB CVE-2026-50509 Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-55945 Microsoft Edge (Chromium-based) Information Disclosure Vulnerability Moderate 4.2 No No Info CVE-2026-45488 Microsoft Edge (Chromium-based) Spoofing Vulnerability Moderate 5.4 No No Spoofing CVE-2026-45489 Microsoft Edge (Chromium-based) Spoofing Vulnerability Moderate 6.5 No No Spoofing CVE-2026-55145 Outlook Copilot Tampering Vulnerability Moderate 6.3 No No Tampering CVE-2026-56181 Windows Network Address Translation (NAT) Spoofing Vulnerability Moderate 8.3 No No Spoofing CVE-2026-58597 Microsoft Edge (Chromium-based) Spoofing Vulnerability Low 4.3 No No Spoofing** Indicates this CVEs has already been resolved by Microsoft, and no further action is needed by the end user.
I’ll do my best to summarize everything else in this release, but no promises. I’m only human after all.
Looking at the remaining Critical-rated patches, Office is its own weather system: fourteen Word/Excel/PowerPoint/Office RCEs clustered at CVSS 7.8, plus five Windows Media Foundation RCEs. Outside of the Preview Pane attack vector, they are individually unremarkable; collectively, patch Office and reboot. Always reboot. We’ve already mentioned DHCP some, but DHCP Server can't catch a break. Beyond the one already covered, add CVE-2026-56159, CVE-2026-48564, CVE-2026-50370, and DHCP Client cousin CVE-2026-54128. Five DHCP RCEs in one release. Rounding things out, Print Spooler (CVE-2026-58608), Windows TCP/IP (CVE-2026-54999), and a SQL Server RCE pair (CVE-2026-54117/54118) all receive patches, and all are rated a CVSS 8.8. VE-2026-55944 (Dynamics NAV/Business Central On-Prem RCE, 9.8) is the same deserialization flavor as the SharePoint pair; it’s unauthenticated, network-reachable, and easy to overlook since it's not SharePoint. CVE-2026-48561 (Microsoft Copilot RCE, 9.6) and CVE-2026-50380 (Windows GDI+ RCE, 9.6) round out the near-top tier. Don't forget CVE-2026-55040, a SharePoint Security Feature Bypass (9.1) — patch it in the same pass as the SharePoint RCE pair since it's the same product family. Identity and infrastructure get hit too: CVE-2026-54121 (AD Certificate Services EoP, 8.8) and CVE-2026-50444 (WSUS EoP, 8.8). The obscure Reliable Multicast Transport Driver (RMCAST) takes two RCEs (CVE-2026-54982, CVE-2026-54995), and CVE-2026-50474 gives Remote Desktop Client its own RCE, separate from the RDP one already covered. The rest is a long tail: Defender RCE x2, GDI+ again, Windows Media x2, Secure Kernel Mode EoP x2, and a second Hyper-V EoP. You can consider these “normal” as far as patch cadence goes.
That leaves us with 95 RCE to discuss. I would explain, but there is too much, so let me sum up. CVE-2026-55944 (Dynamics NAV/Business Central On-Prem, 9.8) is the same deserialization flavor as the SharePoint pair: unauthenticated, easy to miss since it's not SharePoint. CVE-2026-54990 (Remote Desktop Client), CVE-2026-49172 (Windows FTP Service), and CVE-2026-50447 (MSMQ) all hit 9.8 too, proof severity labels lag CVSS sometimes. CVE-2026-48561 (Copilot) and CVE-2026-50380 (GDI+) sit at 9.6.
The pattern worth watching: 14 Windows NTFS and 7 ReFS RCEs/ That makes 21 filesystem-driver bugs, an unusually large cluster suggesting a shared root cause. Microsoft Edge (Chromium-based) contributes 21 more that are genuinely Microsoft's to patch, not Chromium re-listing noise. Remote Desktop Client racks up a second and third RCE (CVE-2026-50474, CVE-2026-58594), and Windows Admin Center picks up two (CVE-2026-56196/56197) — WAC exposure keeps creeping into these releases. Exchange Server (CVE-2026-55005) and AD Domain Services (CVE-2026-49178) both land at 8.8.
And because this release wouldn't be complete without it: CVE-2026-50663, an RCE in Age of Empires II: Definitive Edition. Yes, really. Patch your civilization anyway.
There are close to 260 EoP bugs in this month’s release. Microsoft could have just published the EoPs and still had a record-setting month. As usual, most simply lead to local attackers executing their code at SYSTEM-level privileges or administrative privileges, so there’s not much to add without further technical details about the bugs themselves. What’s really frustrating is that 94 have no explicit privilege statement at all. Microsoft just says “elevate privileges” with no detail. By my count, that leaves around 25 bugs to consider. Some don’t elevate at all. The FAQ literally says the attacker just gets “the rights of the user running the affected application.” That covers Win32k, Clip Service, Search Service, MSMQ, and SharePoint. A few get a Low-to-Medium integrity bump. There are also a couple that lead to downgraded service accounts or arbitrary file deletion, but nothing else I’ve seen really stands out too much.
There are 20 Security Feature Bypass (SFB) bugs this month, and it's a genuinely mixed bag. CVE-2026-55040 leads at Critical, CVSS 9.1 as it’s weak authentication in SharePoint Server. Patch it in the same pass as the SharePoint RCE pair since it's the same product. The AI-coding-tool trend continues: GitHub Copilot and Visual Studio Code and Visual Studio all land SFB bugs, mostly injection or path-traversal flavored. BitLocker is this month's lone publicly disclosed bug. It’s not exploited yet, but public disclosure is a countdown clock, not a free pass. It requires physical access, as does the bug in Microsoft XML. The firmware/boot cluster is worth a second look: Secure Boot, Boot Loader, and Key Guard all touch the trust chain below the OS. Meaning, despite a low CVSS score, “if this fails, nothing above it can be trusted” stakes. Rounding out the SFB patches, there are two .NET SFBs, two Windows Kernel SFBs, and a DNS/Cryptographic Services bringing up the rear.
The July release includes 31Spoofing bugs this month, and we’ve already covered the most important (Exchange). SharePoint Server accounts for another ten with almost all the same root cause: stored XSS letting an authenticated attacker spoof content in the browser. Microsoft Edge (Chromium-based) contributes fifteen more spanning access-control failures, SSRF, type confusion, and UI misrepresentation. All genuinely Microsoft's to patch, not re-listed Chromium noise. The remaining six round out the usual suspects: a Windows NAT spoofing bug reachable from an adjacent network, a Bing app flaw on iOS, a PowerBI Report Server XSS issue, a .NET output-encoding bug, and an AD FS spoofing flaw. None publicly disclosed, none exploited, but with SharePoint's history this year, don't let "just Spoofing" lull you into deprioritizing the patch cycle.
Of 111 Information Disclosure bugs, the overwhelming majority of these simply result in info leaks consisting of unspecified memory contents or memory addresses. GitHub Copilot is the standout. Here, the bug insufficiently protected credentials, meaning actual secrets leak, not memory scraps. The Windows Admin Center flaw discloses data via improper authentication. A management console leaking to an unauthorized party is a bigger deal than it sounds. SharePoint uses SSRF to pull data server-side, and the Event Logging Service is a protection-mechanism failure, not a memory bug at all. Edge picks up three genuinely file-system-flavored disclosures — improper authorization, files/directories accessible to external parties, and link-following — plus Edge for Android exposing “private personal information” twice and two path-traversal bugs. The remaining 40+ are mostly one-line “exposure of sensitive information to an unauthorized actor” entries scattered across File Explorer, Push Notifications, Cryptographic Services, and Win32k.
Only 8 Tampering bugs this month, the smallest bucket, but a couple stand out. The top of the list is a WSUS bug, caused by an uncaught exception that lets an unauthenticated attacker tamper with the update service over the network. That’s your patch-management infrastructure itself being the target, which always deserves extra attention. Windows CNG (the crypto API) picks up a missing-cryptographic-step flaw, and Windows DNS Client shows up three separate times across the list, twice for improper access control and once for missing authentication on a critical function. DNS resolution having this many tampering paths in one release is worth flagging as a pattern rather than three unrelated bugs. The one genuinely different entry is Outlook Copilot, described simply as vulnerable to “malicious uses” enabling tampering over the network. That’s a fantastically vague phrasing for an AI-assistant feature, continuing this year's running theme of Copilot-branded features showing up somewhere in every release. Finally, a .NET link-following bug and a WSL2 kernel race condition receive patches. Both require local/authorized access to trigger.
Still with me? Good, because we have 35 DoS bugs to cover, and this is really an identity-infrastructure story more than a grab-bag. Active Directory Federation Services alone accounts for seven of them, all sitting at CVSS 7.5, all stack-based buffer overflows or infinite loops that let an unauthenticated attacker knock the service over the network. The .NET ecosystem is the other big cluster: .NET, .NET Framework, and ASP.NET Core/OData contribute nine bugs combined, almost all “allocation of resources without limits or throttling”. HTTP.sys and HTTP/2 pick up the same flavor. LSASS shows up twice, which is always worth a second look given what that process actually holds. Rounding out the list are patches for Windows DHCP Server, SMB Server, Secure Channel, Hyper-V, and IKE Protocol each take a single hit, mostly requiring authorized or adjacent-network access rather than being wide open to the internet.
No new advisories are being released this month.
Looking Ahead
The next Patch Tuesday will be on August 11, just after Hacker Summer Camp in sunny Las Vegas. Should I survive the heat, I’ll be back then to give you my full thoughts on the release – no matter how large it may be. Until then, stay safe, happy patching, and may all your reboots be smooth and clean!
Microsoft’s July 2026 Patch Tuesday delivers fixes for approximately 570 vulnerabilities across its product ecosystem, following June’s record-breaking release of 206 flaws that also included three publicly disclosed zero-days. This massive patch follows the recent Microsoft update on artificial intelligence in vulnerability discovery, deploying a proprietary multi-model agentic scanning system across the Windows codebase CVE […]
The post Massive Microsoft Patch Tuesday Update: 570 Vulnerabilities Fixed, Including 3 Zero-Days appeared first on Cyber Security News.
SonicWall has fixed two actively exploited vulnerabilities (CVE-2026-15409, CVE-2026-15410) affecting its Secure Mobile Access (SMA) 1000 Series appliances, and is urging customer organizations to upgrade to a fixed firmare version and search for evidence of potential compromise. If the outlined indicators of compromise are present on the system, the company advises re-imaging (hardware) or re-deploying (virtual) appliances, changing user and administrator passwords, and resetting TOTP tokens. The vulnerabilities SonicWall SMA 1000 series appliances are secure … More →
The post SonicWall SMA appliances targeted in zero-day attacks (CVE-2026-15409, CVE-2026-15410) appeared first on Help Net Security.
Fortinet disclosed seven new security advisories on July 14, 2026, affecting FortiOS, FortiProxy, FortiPAM, and FortiSandbox. The flaws range from low-severity header injection bugs to medium-severity buffer overflows and a notably concerning unauthenticated VNC exposure in FortiSandbox. While none carry a critical rating, several affect widely deployed enterprise firewall and proxy versions, making prompt patching […]
The post Fortinet Patches Seven Vulnerabilities Across FortiOS, FortiProxy, FortiPAM, and FortiSandbox appeared first on Cyber Security News.
Threat actors are increasingly exploiting spoofed OAuth client IDs to enumerate Microsoft Entra ID accounts and identify potentially valid credentials while evading traditional detection methods, according to recent research from Proofpoint. OAuth client IDs are globally unique identifiers assigned to registered applications. During authentication, an application submits its identifier through the client_id parameter. Microsoft Entra […]
The post Hackers Spoof 3.7 Million OAuth Client IDs to Stealthily Enumerate 2 Million Entra ID Users appeared first on Cyber Security News.