Normal view

There are new articles available, click to refresh the page.

Before yesterdayRapid7 Cybersecurity Blog

Rapid7 Cybersecurity Blog
Beyond the Score: Using AI to Translate CVEs into Real-World Business Risk 15 June 2026 at 10:44

Beyond the Score: Using AI to Translate CVEs into Real-World Business Risk

By: Rapid7

15 June 2026 at 10:44

Security leaders rarely struggle to gather data, but they often struggle to turn that data into something clear and meaningful for the business. In a typical week, a CISO might receive a report listing hundreds or even thousands of vulnerabilities, most of them accompanied by CVSS scores that make the entire list look urgent, while also managing the wider set of operational, regulatory, and strategic demands that already come with the role.

That difficulty becomes more obvious when the same information has to be carried into the boardroom, where the questions are rarely about CVE IDs or exploit counts in isolation. What leadership wants to understand is whether the organization’s revenue, uptime, legal exposure, or broader resilience could be affected, and how quickly those risks need to be addressed.

This is where many security programs lose momentum, because the technical view of severity does not always line up neatly with the business view of consequence. Bridging that gap has traditionally been slow, manual work, which is one reason AI is starting to matter more in vulnerability management: it can help translate technical findings into business context that is clearer, faster to act on, and easier for leadership to understand.

Why CVSS alone does not reflect real-world business risk

For years, the industry has relied on CVSS as a quick way to judge urgency, and while the framework does account for factors such as attack vector, attack complexity, and other attack requirements, the score is still calculated in isolation and often misses the conditions that shape real risk inside an organization. A CVSS 9.8 vulnerability affecting a legacy printer in a segmented branch office may look critical on paper, but it is unlikely to carry the same business impact as a 7.5 vulnerability affecting an internet-facing database that holds sensitive customer data.

One of the long-standing weaknesses of static scoring is that it tells you how severe a flaw may be in theory, but not how much disruption it could cause in your own environment, how exposed the affected asset is, or how closely it is tied to a revenue-generating or business-critical process. That is where AI becomes more useful, because it can add the missing context that helps security teams judge not just how serious a vulnerability looks, but how much it matters in practice.

Machine learning models can now process a much broader set of inputs, including attacker activity, exploit availability, internal network topology, and the business value attached to the asset or process involved. Rather than leaving teams with a static queue of scores, that creates a live view of risk shaped by reachability, exposure, and business consequence, making it easier to separate technical severity from actual organizational risk.

How AI helps connect vulnerabilities to business impact

One of the more practical ways AI can improve vulnerability management is by helping security teams connect technical findings to the parts of the business they actually affect. A vulnerability tied to an obscure IP address may not mean much on its own, but the picture changes quickly when that asset is identified as part of a regional payment system, a customer-facing portal, or a supply chain application the business depends on. That kind of asset attribution has traditionally taken time, context, and manual investigation. AI can help shorten that process by linking technical findings to business function much more quickly.

Instead of relying only on severity scores or yesterday’s alerts, AI can weigh a broader set of signals, including exploit activity, attacker behavior, asset exposure, and internal topology, which gives security teams a more grounded way to judge where risk is most likely to become operationally significant. The benefit is not simply speed, but a clearer picture of which vulnerabilities are most likely to affect revenue, uptime, or business continuity if they are left unresolved.

At the leadership level, this same approach can help turn a large volume of technical output into something more usable. Rather than forcing CISOs to manually translate thousands of low-level alerts into board-facing language, AI can support that reporting by summarizing likely business impact, highlighting where exposure is growing, and making it easier to explain how remediation work is reducing financial and operational risk.

Two vulnerabilities, two very different business outcomes

To see how this plays out in practice, it helps to compare two vulnerabilities that might appear similarly urgent in a standard scanner, but look very different once business context is added.

Vulnerability A: The ghost in the machine

A scanner flags a CVSS 9.8 critical remote code execution flaw in an aging media server. On paper, that score suggests immediate attention. Once more context is added, the picture changes. The asset sits on a segmented guest Wi-Fi VLAN, has no path to the corporate core, and has not been linked to in-the-wild exploitation for more than two years. In practical terms, the business impact is low. The issue still needs to be addressed, but it is unlikely to justify urgent remediation ahead of higher-consequence exposures.

Vulnerability B: The quiet threat

A second finding carries a lower CVSS 7.2 high severity score, but affects a common web framework running on the organization’s primary customer portal. When AI correlates that vulnerability with asset and business context, the risk profile changes quickly. The portal is identified as a critical business process, estimated to support $250,000 in transactions per hour, while external signals point to growing exploit interest around the same framework. In that case, the business impact is far more serious. What looks like a lower-priority technical issue becomes a potential source of revenue disruption measured in millions per day.

This is where AI-assisted prioritization becomes useful. It helps teams move beyond the assumption that the highest score always deserves the fastest response and instead focus on the vulnerabilities most likely to create operational or financial harm. In practice, that means spending less time working through a queue in score order and more time reducing the exposures that matter most to the business.

How AI helps CISOs explain vulnerability risk in business terms

When security leaders can move beyond reporting how many patches were deployed and begin showing how exposure is changing in financial or operational terms, the conversation becomes much more useful. A reduction in mean time to remediate may matter to a security team, but it carries more weight at the leadership level when it is tied to a lower likelihood of downtime, reduced regulatory exposure, or less risk to a revenue-generating service.

When vulnerability data is tied to business context, it becomes easier to justify automation, tooling, or headcount based on their contribution to resilience, continuity, and measurable risk reduction, rather than on activity alone. At that level, the conversation is less about severity scores and more about what is exposed, what it could affect, and where action matters most.

One of the more practical benefits of AI is that it can help security teams explain risk in a way leadership can act on. Instead of adding another layer of technical output, it can support clearer reporting on why one issue matters more than another, what is most likely to affect the business, and where action should come first.

As attack surfaces expand and exploit timelines continue to shrink, the gap between technical findings and business understanding will only become harder to manage. Organizations that can connect those two views more effectively will be in a much stronger position to prioritize the right work, explain risk more clearly, and make vulnerability management a more meaningful part of business decision-making.

Rapid7 Cybersecurity Blog
Patch Tuesday - June 2026 9 June 2026 at 17:04

Patch Tuesday - June 2026

Rapid7 Cybersecurity Blog

By: Adam Barnett

9 June 2026 at 17:04

Microsoft is publishing 200 vulnerabilities on June 2026 Patch Tuesday. Microsoft is not aware of exploitation in the wild for any of these vulnerabilities, and is aware of public disclosure for three. This is similar to last month’s Patch Tuesday, however several of last month’s vulnerabilities ended up on CISA KEV in the days following their publication. So far this month, Microsoft has provided patches to address 360 browser vulnerabilities, which is an order of magnitude more than has been typical in any given month over the past few years. As usual, browser vulns are not included in the Patch Tuesday count above. Indeed, the vast, and presumably sustained, uptick in the number of browser vulnerabilities has led to Microsoft no longer enumerating Chromium CVEs in the Security Update Guide. Other vulnerability categories, especially Linux kernel vulnerabilities, are seeing a similar increase in AI-assisted vulnerability reports.

What's the opposite of coordinated disclosure?

In recent weeks, an independent vulnerability researcher going by the pseudonym Nightmare Eclipse has attracted significant attention by publishing details of six Microsoft vulnerabilities, including elevation of privilege vulnerabilities in Defender, and a Secure Boot disk encryption bypass. The researcher provided full proof-of-concept code for some, and provided significant-but-incomplete detail around the path to exploitation for others. Microsoft has confirmed that these disclosures were not coordinated, and it is clear that the relationship between this researcher and Microsoft is less than cordial. Two of the disclosures emerged in the hours after last month’s Patch Tuesday, which provides maximum visibility, while limiting Microsoft’s ability to respond without out-of-cycle patches.

At time of writing, Microsoft has provided mitigation advice and patches for CVE-2026-33825, CVE-2026-45585, CVE-2026-45498, and CVE-2026-41091, leaving only two elevation of privilege vulnerabilities unpatched, known as MiniPlasma and GreenPlasma. However, a recent blog post by Nightmare Eclipse with the title “7” has been widely interpreted to mean that there is at least one more vulnerability to come. The post contained no content other than an image of Albert Vesker, a character from the Resident Evil video game series who formerly worked as a researcher for a technology corporation before going rogue. Any inference around the possible meaning of the image is left as an exercise for the reader.

Given the timing of last month’s disclosures in the hours following Patch Tuesday, a further high-friction disclosure today would perhaps be unsurprising. Indeed, a new blog post and a new GitHub account from the same researcher have emerged in the hours following Microsoft’s publication of the June 2026 Patch Tuesday updates. The apparent seventh disclosure is nicknamed RoguePlanet, and appears to describe another elevation of privilege to SYSTEM in Defender.

It is not at all difficult to understand why Microsoft and many blue team practitioners are deeply alarmed by the partial or even full disclosure of proof-of-concept code for an ongoing series of vulnerabilities affecting fully-patched Windows systems. However, multiple leading voices in the broader vulnerability disclosure community have expressed concern that Microsoft’s invocation of the Digital Crimes Unit in a May 27, 2026 blog post may yet prove counterproductive, especially if it causes other researchers to back away from mutually beneficial engagements with MSRC. A few days later, MSRC issued a further statement clarifying that they have no intention of pursuing action against security researchers, but only those who break the law or engage in malicious activity causing real harm. For now, one safe conclusion is that this unusually sensational Microsoft vulnerability management story arc is far from over.

HTTP/2: denial of service

Every so often, a new round of denial of service vulnerabilities emerge which affect web servers implementing HTTP/2 and HTTP/3 standards. This class of vulnerabilities is likely to expand further as researchers, including the discoverers of CVE-2026-49160, use advances in LLM capability to probe not just specific software, but also the standards on which software rests. Microsoft warns that exploitation leads to uncontrolled resource consumption over a network, and expects that exploitation is more likely. The advisory credits both a third-party research firm and OpenAI’s Codex.

Microsoft has not yet directly addressed another HTTP/2 vulnerability which allows trivial denial-of-service against the default HTTP/2 configuration of multiple web server platforms, including Microsoft IIS. CVE-2026-49975, also known as HTTP/2 Bomb, became public knowledge a week ago. This denial of service works by exhausting memory on the target server, and unlike a distributed denial of service attack, there is no requirement that an attacker control a large amount of bandwidth. Patches are available for NGINX and Apache, with IIS presumably to follow at some point. If practically possible, disabling HTTP/2 is a valid mitigation.

PowerToys: SYSTEM EoP

The Microsoft PowerToys utility provides a wide variety of useful control and configuration options for Windows power users which aren’t otherwise easily accessible. It turns out that PowerToys also offers an undocumented extra: local elevation of privilege to SYSTEM via successful exploitation of CVE-2026-42902. It is worth noting that the fix was included in PowerToys v0.99.1 on April 29, 2026, without any apparent mention in the release notes. Attackers with patch-diffing toolkits may well take note of this discrepancy.

Microsoft lifecycle update

There are no significant Microsoft product lifecycle changes this month. SQL Server 2016 moves beyond regular extended support and into the pay-to-play Extended Security Updates (ESU) phase after July 14, 2026. On that same date, SharePoint 2016 and 2019 will also move past extended support, but since there’s no ESU available, the only remaining option for fully-supported self-hosted SharePoint after the middle of next month will be SharePoint Subscription Edition.

Summary charts

Vulnerabilities by Product Family

Apps vulnerabilities

CVE	Title	Exploitation status	Publicly disclosed?	CVSS v3 base score
CVE-2026-45650	Microsoft Bing Search Spoofing Vulnerability	Exploitation Less Likely	No	4.3
CVE-2026-49161	Microsoft PC Manager Security Feature Bypass Vulnerability	Exploitation Unlikely	No	7.8
CVE-2026-42902	Microsoft PowerToys Elevation of Privilege Vulnerability	Exploitation Less Likely	No	7.8
CVE-2026-45649	Office for Android Spoofing Vulnerability	Exploitation Unlikely	No	7.1
CVE-2026-44803	Windows Graphics Component Remote Code Execution Vulnerability	Exploitation More Likely	No	7.8
CVE-2026-44812	Windows Graphics Component Remote Code Execution Vulnerability	Exploitation More Likely	No	7.8

Azure vulnerabilities

CVE	Title	Exploitation status	Publicly disclosed?	CVSS v3 base score
CVE-2026-32193	Azure Kubernetes Service (AKS) Remote Code Execution Vulnerability	Exploitation Unlikely	No	8.8
CVE-2026-47643	Azure Stack Edge Remote Code Execution Vulnerability	Exploitation Unlikely	No	9.8
CVE-2026-41098	Azure Stack Edge Spoofing Vulnerability	Exploitation Less Likely	No	8.4

Developer Tools vulnerabilities

CVE	Title	Exploitation status	Publicly disclosed?	CVSS v3 base score
CVE-2026-45490	.NET SDK Elevation of Privilege Vulnerability	Exploitation Less Likely	No	7.8
CVE-2026-45491	.NET Tampering Vulnerability	Exploitation Unlikely	No	6.2
CVE-2026-45591	ASP.NET Core Denial of Service Vulnerability	Exploitation Less Likely	No	7.5
CVE-2026-45644	Microsoft Live Share Canvas SDK Elevation of Privilege Vulnerability	Exploitation Less Likely	No	8.0
CVE-2026-45482	Microsoft Visual Studio Code CoPilot Chat Extension Security Feature Bypass Vulnerability	Exploitation Less Likely	No	8.4
CVE-2026-40376	Visual Studio Code Elevation of Privilege Vulnerability	Exploitation Less Likely	No	7.5
CVE-2026-47281	Visual Studio Code Elevation of Privilege Vulnerability	Exploitation Unlikely	No	9.6
CVE-2026-47284	Visual Studio Code Information Disclosure Vulnerability	Exploitation Less Likely	No	6.5
CVE-2026-47292	Visual Studio Code MSSQL Extension Remote Code Execution Vulnerability	Exploitation Less Likely	No	7.8
CVE-2026-48569	Visual Studio Code Security Feature Bypass Vulnerability	Exploitation Less Likely	No	7.1
CVE-2026-47287	Visual Studio Code Tampering Vulnerability	Exploitation Less Likely	No	6.5

ESU vulnerabilities

CVE	Title	Exploitation status	Publicly disclosed?	CVSS v3 base score
CVE-2025-10263	ARM: CVE-2025-10263 Completion of affected memory accesses might not be guaranteed by completion of a TLBI [kernel]	Exploitation Less Likely	No	9.3
CVE-2026-44815	DHCP Client Service Remote Code Execution Vulnerability	Exploitation Less Likely	No	9.8
CVE-2026-49160	HTTP.sys Denial of Service Vulnerability	Exploitation More Likely	Yes	7.5
CVE-2026-47291	HTTP.sys Remote Code Execution Vulnerability	Exploitation More Likely	No	9.8
CVE-2026-45642	Microsoft Azure Attestation service and Device Health Attestation Service Spoofing Vulnerability	Exploitation Less Likely	No	3.9
CVE-2026-45637	Microsoft DWM Core Library Elevation of Privilege Vulnerability	Exploitation Less Likely	No	7.8
CVE-2026-45504	Microsoft Exchange Server Elevation of Privilege Vulnerability	Exploitation Unlikely	No	8.8
CVE-2026-45502	Microsoft Exchange Server Information Disclosure Vulnerability	Exploitation Unlikely	No	5.0
CVE-2026-45503	Microsoft Exchange Server Information Disclosure Vulnerability	Exploitation Unlikely	No	8.1
CVE-2026-45583	Microsoft Exchange Server Remote Code Execution Vulnerability	Exploitation Less Likely	No	7.5
CVE-2026-45500	Microsoft Exchange Server Spoofing Vulnerability	Exploitation Less Likely	No	6.1
CVE-2026-45501	Microsoft Exchange Server Spoofing Vulnerability	Exploitation Less Likely	No	6.5
CVE-2026-47631	Microsoft Exchange Server Spoofing Vulnerability	Exploitation Less Likely	No	8.1
CVE-2026-42986	Microsoft Graphics Component Elevation of Privilege Vulnerability	Exploitation More Likely	No	7.8
CVE-2026-41092	Microsoft Kinect Elevation of Privilege Vulnerability	Exploitation Less Likely	No	7.8
CVE-2026-45606	Microsoft UxTheme Library (uxtheme.dll) Denial of Service Vulnerability	Exploitation Less Likely	No	5.5
CVE-2026-42980	NT OS Kernel Elevation of Privilege Vulnerability	Exploitation More Likely	No	7.8
CVE-2026-42916	NT OS Kernel Elevation of Privilege Vulnerability	Exploitation Less Likely	No	7.8
CVE-2026-47289	Remote Desktop Client Remote Code Execution Vulnerability	Exploitation Less Likely	No	8.8
CVE-2026-47653	Remote Desktop Client Remote Code Execution Vulnerability	Exploitation Unlikely	No	8.8
CVE-2026-48563	Remote Desktop Client Remote Code Execution Vulnerability	Exploitation Less Likely	No	7.5
CVE-2026-42909	Remote Desktop Client Remote Code Execution Vulnerability	Exploitation Unlikely	No	7.5
CVE-2026-42992	Remote Desktop Client Remote Code Execution Vulnerability	Exploitation Less Likely	No	7.5
CVE-2026-44799	Remote Desktop Client Remote Code Execution Vulnerability	Exploitation Less Likely	No	7.5
CVE-2026-44801	Remote Desktop Client Remote Code Execution Vulnerability	Exploitation Less Likely	No	7.5
CVE-2026-42985	Remote Desktop Client Remote Code Execution Vulnerability	Exploitation More Likely	No	8.8
CVE-2026-42993	Remote Desktop Client Remote Code Execution Vulnerability	Exploitation Less Likely	No	7.5
CVE-2026-45588	Secure Boot Security Feature Bypass Vulnerability	Exploitation Less Likely	No	7.9
CVE-2026-48568	Secure Boot Security Feature Bypass Vulnerability	Exploitation Less Likely	No	7.9
CVE-2026-48570	Secure Boot Security Feature Bypass Vulnerability	Exploitation Less Likely	No	7.9
CVE-2026-48573	Secure Boot Security Feature Bypass Vulnerability	Exploitation Less Likely	No	7.9
CVE-2026-48575	Secure Boot Security Feature Bypass Vulnerability	Exploitation Less Likely	No	7.9
CVE-2026-48576	Secure Boot Security Feature Bypass Vulnerability	Exploitation Less Likely	No	7.9
CVE-2026-48578	Secure Boot Security Feature Bypass Vulnerability	Exploitation Less Likely	No	7.9
CVE-2026-45656	UEFI Secure Boot Security Feature Bypass Vulnerability	Exploitation Less Likely	No	7.8
CVE-2026-8863	UEFI Secure Boot Security Feature Bypass Vulnerability	Exploitation Less Likely	No	7.8
CVE-2026-34335	Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability	Exploitation Unlikely	No	7.0
CVE-2026-45601	Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability	Exploitation Less Likely	No	7.0
CVE-2026-45598	Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability	Exploitation Less Likely	No	7.0
CVE-2026-45596	Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability	Exploitation Less Likely	No	7.0
CVE-2026-45638	Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability	Exploitation Less Likely	No	7.8
CVE-2026-45603	Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability	Exploitation Less Likely	No	7.0
CVE-2026-42911	Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability	Exploitation Less Likely	No	7.0
CVE-2026-45594	Windows Application Identity (AppID) Information Disclosure Vulnerability	Exploitation Less Likely	No	5.5
CVE-2026-45655	Windows BitLocker Security Feature Bypass Vulnerability	Exploitation Less Likely	No	5.3
CVE-2026-45658	Windows BitLocker Security Feature Bypass Vulnerability	Exploitation More Likely	No	7.8
CVE-2026-50507	Windows BitLocker Security Feature Bypass Vulnerability	Exploitation More Likely	Yes	6.8
CVE-2026-45640	Windows Bluetooth Port Driver Elevation of Privilege Vulnerability	Exploitation Less Likely	No	7.0
CVE-2026-45605	Windows Bluetooth Service Elevation of Privilege Vulnerability	Exploitation Less Likely	No	7.8
CVE-2026-47656	Windows Boot Manager Security Feature Bypass Vulnerability	Exploitation Less Likely	No	7.9
CVE-2026-45586	Windows Collaborative Translation Framework (CTFMON) Elevation of Privilege Vulnerability	Exploitation More Likely	Yes	7.8
CVE-2026-42987	Windows Deployment Services (WDS) Remote Code Execution	Exploitation Less Likely	No	8.1
CVE-2026-33828	Windows Device Health Attestation (DHA) Elevation of Privilege Vulnerability	Exploitation Unlikely	No	7.8
CVE-2026-45634	Windows DHCP Client Information Disclosure Vulnerability	Exploitation Unlikely	No	5.5
CVE-2026-45608	Windows DHCP Client Information Disclosure Vulnerability	Exploitation Unlikely	No	6.8
CVE-2026-41108	Windows DNS Client Elevation of Privilege Vulnerability	Exploitation Unlikely	No	7.0
CVE-2026-42905	Windows DWM Core Library Elevation of Privilege Vulnerability	Exploitation More Likely	No	7.8
CVE-2026-42983	Windows DWM Core Library Elevation of Privilege Vulnerability	Exploitation Less Likely	No	7.8
CVE-2026-44802	Windows DWM Core Library Elevation of Privilege Vulnerability	Exploitation Less Likely	No	7.8
CVE-2026-45602	Windows Dynamic Host Configuration Protocol (DHCP) Tampering Vulnerability	Exploitation Less Likely	No	9.1
CVE-2026-42836	Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability	Exploitation Less Likely	No	7.0
CVE-2026-44803	Windows Graphics Component Remote Code Execution Vulnerability	Exploitation More Likely	No	7.8
CVE-2026-44812	Windows Graphics Component Remote Code Execution Vulnerability	Exploitation More Likely	No	7.8
CVE-2026-42972	Windows Hyper-V Information Disclosure Vulnerability	Exploitation Less Likely	No	5.5
CVE-2026-45607	Windows Hyper-V Remote Code Execution Vulnerability	Exploitation Less Likely	No	8.4
CVE-2026-45641	Windows Hyper-V Remote Code Execution Vulnerability	Exploitation Less Likely	No	8.4
CVE-2026-45592	Windows Internet (wininet.dll) Elevation of Privilege Vulnerability	Exploitation Unlikely	No	7.8
CVE-2026-42903	Windows Kerberos Denial of Service Vulnerability	Exploitation Unlikely	No	6.5
CVE-2026-42914	Windows Kerberos Denial of Service Vulnerability	Exploitation Less Likely	No	5.3
CVE-2026-47288	Windows Kerberos Key Distribution Center (KDC) Remote Code Execution	Exploitation Unlikely	No	7.1
CVE-2026-48583	Windows Kernel Elevation of Privilege Vulnerability	Exploitation Less Likely	No	7.8
CVE-2026-45653	Windows Kernel Elevation of Privilege Vulnerability	Exploitation Unlikely	No	7.0
CVE-2026-42984	Windows Kernel Elevation of Privilege Vulnerability	Exploitation Unlikely	No	7.0
CVE-2026-45595	Windows Mark of the Web Security Feature Bypass Vulnerability	Exploitation Less Likely	No	5.4
CVE-2026-48574	Windows Media Remote Code Execution Vulnerability	Exploitation Less Likely	No	7.8
CVE-2026-45636	Windows NTFS Remote Code Execution Vulnerability	Exploitation Less Likely	No	7.8
CVE-2026-50508	Windows NTLM Spoofing Vulnerability	Exploitation More Likely	No	6.5
CVE-2026-45487	Windows Program Compatibility Assistant Service Elevation of Privilege Vulnerability	Exploitation Unlikely	No	7.8
CVE-2026-42828	Windows Projected File System Elevation of Privilege Vulnerability	Exploitation Less Likely	No	7.8
CVE-2026-42837	Windows Projected File System Elevation of Privilege Vulnerability	Exploitation Less Likely	No	7.8
CVE-2026-42969	Windows Push Notification Information Disclosure Vulnerability	Exploitation Unlikely	No	5.5
CVE-2026-42971	Windows Push Notification Information Disclosure Vulnerability	Exploitation Less Likely	No	5.5
CVE-2026-42970	Windows Push Notification Information Disclosure Vulnerability	Exploitation Less Likely	No	5.5
CVE-2026-42973	Windows Push Notification Information Disclosure Vulnerability	Exploitation Less Likely	No	5.5
CVE-2026-42978	Windows Push Notifications Elevation of Privilege Vulnerability	Exploitation Unlikely	No	7.8
CVE-2026-42977	Windows Push Notifications Elevation of Privilege Vulnerability	Exploitation Unlikely	No	7.8
CVE-2026-42979	Windows Push Notifications Elevation of Privilege Vulnerability	Exploitation Unlikely	No	7.8
CVE-2026-42991	Windows Push Notifications Elevation of Privilege Vulnerability	Exploitation Unlikely	No	7.8
CVE-2026-45639	Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability	Exploitation Less Likely	No	7.5
CVE-2026-42908	Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability	Exploitation Less Likely	No	7.5
CVE-2026-45593	Windows SDK Elevation of Privilege Vulnerability	Exploitation Less Likely	No	7.8
CVE-2026-42906	Windows Shell Information Disclosure Vulnerability	Exploitation Less Likely	No	5.5
CVE-2026-42907	Windows Shell Information Disclosure Vulnerability	Exploitation Less Likely	No	6.5
CVE-2026-47648	Windows Storage Elevation of Privilege Vulnerability	Exploitation Unlikely	No	7.0
CVE-2026-42915	Windows TCP/IP Denial of Service Vulnerability	Exploitation Less Likely	No	5.7
CVE-2026-42904	Windows TCP/IP Elevation of Privilege Vulnerability	Exploitation Unlikely	No	9.6
CVE-2026-42968	Windows Telephony Server Information Disclosure Vulnerability	Exploitation Less Likely	No	5.5
CVE-2026-42912	Windows Telephony Service Elevation of Privilege Vulnerability	Exploitation Less Likely	No	7.0
CVE-2026-40409	Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability	Exploitation Less Likely	No	7.8
CVE-2026-40404	Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability	Exploitation Less Likely	No	7.8
CVE-2026-45599	Windows UPnP Device Host Remote Code Execution Vulnerability	Exploitation Less Likely	No	8.1
CVE-2026-45635	Windows UPnP Device Host Remote Code Execution Vulnerability	Exploitation Less Likely	No	8.1
CVE-2026-42989	Winlogon Elevation of Privilege Vulnerability	Exploitation More Likely	No	7.8

Mariner vulnerabilities

CVE	Title	Exploitation status	Publicly disclosed?	CVSS v3 base score
CVE-2026-40930	LIBPNG: Chunk smuggling in push-mode APNG parser via unconsumed chunk body	n/a	No	5.4

Microsoft Dynamics vulnerabilities

CVE	Title	Exploitation status	Publicly disclosed?	CVSS v3 base score
CVE-2026-40371	Microsoft Dynamics 365 (on-premises) Elevation of Privilege Vulnerability	Exploitation Less Likely	No	8.8

Microsoft Office vulnerabilities

CVE	Title	Exploitation status	Publicly disclosed?	CVSS v3 base score
CVE-2026-44822	Microsoft Excel Information Disclosure Vulnerability	Exploitation Unlikely	No	8.2
CVE-2026-45455	Microsoft Excel Information Disclosure Vulnerability	Exploitation Less Likely	No	3.3
CVE-2026-45469	Microsoft Excel Remote Code Execution Vulnerability	Exploitation Less Likely	No	7.8
CVE-2026-44817	Microsoft Excel Remote Code Execution Vulnerability	Exploitation Unlikely	No	7.8
CVE-2026-44818	Microsoft Excel Remote Code Execution Vulnerability	Exploitation Less Likely	No	7.0
CVE-2026-44820	Microsoft Excel Remote Code Execution Vulnerability	Exploitation Less Likely	No	7.8
CVE-2026-44823	Microsoft Excel Remote Code Execution Vulnerability	Exploitation Less Likely	No	7.8
CVE-2026-45459	Microsoft Excel Security Feature Bypass Vulnerability	Exploitation Less Likely	No	3.3
CVE-2026-47293	Microsoft Office Click-To-Run Elevation of Privilege Vulnerability	Exploitation Less Likely	No	7.0
CVE-2026-45485	Microsoft Office Information Disclosure Vulnerability	Exploitation Less Likely	No	3.3
CVE-2026-44821	Microsoft Office Information Disclosure Vulnerability	Exploitation Less Likely	No	5.5
CVE-2026-45460	Microsoft Office Information Disclosure Vulnerability	Exploitation Unlikely	No	4.7
CVE-2026-45483	Microsoft Office Project Server Spoofing Vulnerability	Exploitation Less Likely	No	4.6
CVE-2026-45475	Microsoft Office Remote Code Execution Vulnerability	Exploitation Less Likely	No	7.8
CVE-2026-45472	Microsoft Office Remote Code Execution Vulnerability	Exploitation Less Likely	No	8.4
CVE-2026-45474	Microsoft Office Remote Code Execution Vulnerability	Exploitation Less Likely	No	8.4
CVE-2026-44819	Microsoft Office Remote Code Execution Vulnerability	Exploitation Less Likely	No	7.8
CVE-2026-44824	Microsoft Office Remote Code Execution Vulnerability	Exploitation Less Likely	No	7.8
CVE-2026-45461	Microsoft Office Remote Code Execution Vulnerability	Exploitation Less Likely	No	8.4
CVE-2026-45645	Microsoft Office Remote Code Execution Vulnerability	Exploitation Less Likely	No	7.8
CVE-2026-45463	Microsoft Office Remote Code Execution Vulnerability	Exploitation Less Likely	No	8.4
CVE-2026-45456	Microsoft Outlook and Word Remote Code Execution Vulnerability	Exploitation Less Likely	No	8.4
CVE-2026-45458	Microsoft Outlook and Word Remote Code Execution Vulnerability	Exploitation Less Likely	No	8.4
CVE-2026-47635	Microsoft Outlook and Word Remote Code Execution Vulnerability	Exploitation Less Likely	No	8.4
CVE-2026-45484	Microsoft SharePoint Elevation of Privilege Vulnerability	Exploitation Less Likely	No	8.8
CVE-2026-45454	Microsoft SharePoint Remote Code Execution Vulnerability	Exploitation Less Likely	No	6.5
CVE-2026-47298	Microsoft SharePoint Server Remote Code Execution Vulnerability	Exploitation Less Likely	No	8.0
CVE-2026-45467	Microsoft SharePoint Server Spoofing Vulnerability	Exploitation Less Likely	No	4.6
CVE-2026-45468	Microsoft SharePoint Server Spoofing Vulnerability	Exploitation Less Likely	No	4.6
CVE-2026-45479	Microsoft SharePoint Server Spoofing Vulnerability	Exploitation Less Likely	No	4.6
CVE-2026-45453	Microsoft SharePoint Server Spoofing Vulnerability	Exploitation Less Likely	No	5.4
CVE-2026-47636	Microsoft SharePoint Server Spoofing Vulnerability	Exploitation Less Likely	No	5.4
CVE-2026-47637	Microsoft SharePoint Server Spoofing Vulnerability	Exploitation Less Likely	No	4.6
CVE-2026-47638	Microsoft SharePoint Server Spoofing Vulnerability	Exploitation Less Likely	No	4.6
CVE-2026-47639	Microsoft SharePoint Server Spoofing Vulnerability	Exploitation Unlikely	No	5.4
CVE-2026-47641	Microsoft SharePoint Server Spoofing Vulnerability	Exploitation Less Likely	No	4.6
CVE-2026-33113	Microsoft SharePoint Server Spoofing Vulnerability	Exploitation Less Likely	No	5.4
CVE-2026-45462	Microsoft SharePoint Server Spoofing Vulnerability	Exploitation Less Likely	No	4.6
CVE-2026-45464	Microsoft SharePoint Server Spoofing Vulnerability	Exploitation Less Likely	No	5.4
CVE-2026-45465	Microsoft SharePoint Server Spoofing Vulnerability	Exploitation Less Likely	No	5.4
CVE-2026-47634	Microsoft SharePoint Server Spoofing Vulnerability	Exploitation More Likely	No	7.3
CVE-2026-47640	Microsoft SharePoint Server Spoofing Vulnerability	Exploitation Unlikely	No	4.6
CVE-2026-45481	Microsoft SharePoint Server Spoofing Vulnerability	Exploitation More Likely	No	7.3
CVE-2026-48560	Microsoft SharePoint Server Spoofing Vulnerability	Exploitation Less Likely	No	5.4
CVE-2026-48562	Microsoft SharePoint Server Spoofing Vulnerability	Exploitation Less Likely	No	4.6
CVE-2026-42835	Microsoft Teams for Android Information Disclosure Vulnerability	Exploitation Less Likely	No	8.1
CVE-2026-45466	Microsoft Word Information Disclosure Vulnerability	Exploitation Unlikely	No	3.3
CVE-2026-45471	Microsoft Word Remote Code Execution Vulnerability	Exploitation Less Likely	No	7.8
CVE-2026-45486	Microsoft Word Remote Code Execution Vulnerability	Exploitation Less Likely	No	7.8
CVE-2026-45643	Microsoft Word Remote Code Execution Vulnerability	Exploitation Less Likely	No	7.8
CVE-2026-45457	Microsoft Word Remote Code Execution Vulnerability	Exploitation Less Likely	No	7.8
CVE-2026-45649	Office for Android Spoofing Vulnerability	Exploitation Unlikely	No	7.1
CVE-2026-44803	Windows Graphics Component Remote Code Execution Vulnerability	Exploitation More Likely	No	7.8
CVE-2026-44812	Windows Graphics Component Remote Code Execution Vulnerability	Exploitation More Likely	No	7.8

Open Source Software vulnerabilities

CVE	Title	Exploitation status	Publicly disclosed?	CVSS v3 base score
CVE-2026-11463	USCiLab Cereal Shared Pointer type confusion	n/a	No	7.3
CVE-2026-49975	Apache HTTP Server: mod_http2 denial of service	n/a	No	7.5
CVE-2026-50265	Rejected reason: This CVE ID was assigned as a duplicate of CVE-2026-50292	n/a	No	5.3
CVE-2026-40930	LIBPNG: Chunk smuggling in push-mode APNG parser via unconsumed chunk body	n/a	No	5.4
CVE-2026-10879	DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders	n/a	No	8.6
CVE-2026-50261	Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free in syncchangecounter()	n/a	No	7.8
CVE-2026-50256	Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: stack buffer overflow in font alias resolution due to libxfont2 name length mismatch	n/a	No	7.8
CVE-2026-50262	Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: out-of-bounds read/write in glx changedrawableattributes	n/a	No	5.5
CVE-2026-50260	Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free in freecounter()	n/a	No	6.6
CVE-2026-50259	Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: stack buffer overflow in xkb setmap request via mapwidths indexing	n/a	No	7.8
CVE-2026-50257	Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free in misyncdestroyfence()	n/a	No	6.6
CVE-2026-50258	Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: stack buffer overflow in xkb key types due to unchecked shift levels	n/a	No	7.8
CVE-2026-50263	Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free information disclosure in createsaverwindow()	n/a	No	5.5

Other vulnerabilities

CVE	Title	Exploitation status	Publicly disclosed?	CVSS v3 base score
CVE-2026-45476	Microsoft Azure Network Adapter Elevation of Privilege Vulnerability	Exploitation Less Likely	No	8.2
CVE-2026-26142	Nuance PowerScribe Remote Code Execution Vulnerability	Exploitation Less Likely	No	9.8

Server Software vulnerabilities

CVE	Title	Exploitation status	Publicly disclosed?	CVSS v3 base score
CVE-2026-45504	Microsoft Exchange Server Elevation of Privilege Vulnerability	Exploitation Unlikely	No	8.8
CVE-2026-45502	Microsoft Exchange Server Information Disclosure Vulnerability	Exploitation Unlikely	No	5.0
CVE-2026-45503	Microsoft Exchange Server Information Disclosure Vulnerability	Exploitation Unlikely	No	8.1
CVE-2026-45583	Microsoft Exchange Server Remote Code Execution Vulnerability	Exploitation Less Likely	No	7.5
CVE-2026-45500	Microsoft Exchange Server Spoofing Vulnerability	Exploitation Less Likely	No	6.1
CVE-2026-45501	Microsoft Exchange Server Spoofing Vulnerability	Exploitation Less Likely	No	6.5
CVE-2026-47631	Microsoft Exchange Server Spoofing Vulnerability	Exploitation Less Likely	No	8.1

System Center vulnerabilities

CVE	Title	Exploitation status	Publicly disclosed?	CVSS v3 base score
CVE-2026-45647	Microsoft Defender for Endpoint for Mac Elevation of Privilege Vulnerability	Exploitation Less Likely	No	5.5

Windows vulnerabilities

CVE	Title	Exploitation status	Publicly disclosed?	CVSS v3 base score
CVE-2025-10263	ARM: CVE-2025-10263 Completion of affected memory accesses might not be guaranteed by completion of a TLBI [kernel]	Exploitation Less Likely	No	9.3
CVE-2026-44815	DHCP Client Service Remote Code Execution Vulnerability	Exploitation Less Likely	No	9.8
CVE-2026-49160	HTTP.sys Denial of Service Vulnerability	Exploitation More Likely	Yes	7.5
CVE-2026-47291	HTTP.sys Remote Code Execution Vulnerability	Exploitation More Likely	No	9.8
CVE-2026-45642	Microsoft Azure Attestation service and Device Health Attestation Service Spoofing Vulnerability	Exploitation Less Likely	No	3.9
CVE-2026-44810	Microsoft Cryptographic Services Elevation of Privilege Vulnerability	Exploitation Less Likely	No	8.4
CVE-2026-45637	Microsoft DWM Core Library Elevation of Privilege Vulnerability	Exploitation Less Likely	No	7.8
CVE-2026-42986	Microsoft Graphics Component Elevation of Privilege Vulnerability	Exploitation More Likely	No	7.8
CVE-2026-41092	Microsoft Kinect Elevation of Privilege Vulnerability	Exploitation Less Likely	No	7.8
CVE-2026-45606	Microsoft UxTheme Library (uxtheme.dll) Denial of Service Vulnerability	Exploitation Less Likely	No	5.5
CVE-2026-42980	NT OS Kernel Elevation of Privilege Vulnerability	Exploitation More Likely	No	7.8
CVE-2026-42916	NT OS Kernel Elevation of Privilege Vulnerability	Exploitation Less Likely	No	7.8
CVE-2026-47289	Remote Desktop Client Remote Code Execution Vulnerability	Exploitation Less Likely	No	8.8
CVE-2026-47653	Remote Desktop Client Remote Code Execution Vulnerability	Exploitation Unlikely	No	8.8
CVE-2026-47654	Remote Desktop Client Remote Code Execution Vulnerability	Exploitation Unlikely	No	7.5
CVE-2026-48563	Remote Desktop Client Remote Code Execution Vulnerability	Exploitation Less Likely	No	7.5
CVE-2026-42909	Remote Desktop Client Remote Code Execution Vulnerability	Exploitation Unlikely	No	7.5
CVE-2026-42913	Remote Desktop Client Remote Code Execution Vulnerability	Exploitation Unlikely	No	7.5
CVE-2026-42992	Remote Desktop Client Remote Code Execution Vulnerability	Exploitation Less Likely	No	7.5
CVE-2026-44799	Remote Desktop Client Remote Code Execution Vulnerability	Exploitation Less Likely	No	7.5
CVE-2026-44801	Remote Desktop Client Remote Code Execution Vulnerability	Exploitation Less Likely	No	7.5
CVE-2026-42985	Remote Desktop Client Remote Code Execution Vulnerability	Exploitation More Likely	No	8.8
CVE-2026-42993	Remote Desktop Client Remote Code Execution Vulnerability	Exploitation Less Likely	No	7.5
CVE-2026-45588	Secure Boot Security Feature Bypass Vulnerability	Exploitation Less Likely	No	7.9
CVE-2026-48568	Secure Boot Security Feature Bypass Vulnerability	Exploitation Less Likely	No	7.9
CVE-2026-48570	Secure Boot Security Feature Bypass Vulnerability	Exploitation Less Likely	No	7.9
CVE-2026-48573	Secure Boot Security Feature Bypass Vulnerability	Exploitation Less Likely	No	7.9
CVE-2026-48575	Secure Boot Security Feature Bypass Vulnerability	Exploitation Less Likely	No	7.9
CVE-2026-48576	Secure Boot Security Feature Bypass Vulnerability	Exploitation Less Likely	No	7.9
CVE-2026-48578	Secure Boot Security Feature Bypass Vulnerability	Exploitation Less Likely	No	7.9
CVE-2026-45654	Secure Boot Security Feature Bypass Vulnerability	Exploitation Less Likely	No	7.9
CVE-2026-45656	UEFI Secure Boot Security Feature Bypass Vulnerability	Exploitation Less Likely	No	7.8
CVE-2026-8863	UEFI Secure Boot Security Feature Bypass Vulnerability	Exploitation Less Likely	No	7.8
CVE-2026-45648	Windows Active Directory Domain Services Remote Code Execution Vulnerability	Exploitation Unlikely	No	8.8
CVE-2026-42829	Windows Administrator Protection Secure Feature Bypass Vulnerability	Exploitation Less Likely	No	7.8
CVE-2026-34335	Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability	Exploitation Unlikely	No	7.0
CVE-2026-45601	Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability	Exploitation Less Likely	No	7.0
CVE-2026-45598	Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability	Exploitation Less Likely	No	7.0
CVE-2026-45596	Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability	Exploitation Less Likely	No	7.0
CVE-2026-45638	Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability	Exploitation Less Likely	No	7.8
CVE-2026-45603	Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability	Exploitation Less Likely	No	7.0
CVE-2026-42911	Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability	Exploitation Less Likely	No	7.0
CVE-2026-45594	Windows Application Identity (AppID) Information Disclosure Vulnerability	Exploitation Less Likely	No	5.5
CVE-2026-45655	Windows BitLocker Security Feature Bypass Vulnerability	Exploitation Less Likely	No	5.3
CVE-2026-45658	Windows BitLocker Security Feature Bypass Vulnerability	Exploitation More Likely	No	7.8
CVE-2026-50507	Windows BitLocker Security Feature Bypass Vulnerability	Exploitation More Likely	Yes	6.8
CVE-2026-45640	Windows Bluetooth Port Driver Elevation of Privilege Vulnerability	Exploitation Less Likely	No	7.0
CVE-2026-45605	Windows Bluetooth Service Elevation of Privilege Vulnerability	Exploitation Less Likely	No	7.8
CVE-2026-47656	Windows Boot Manager Security Feature Bypass Vulnerability	Exploitation Less Likely	No	7.9
CVE-2026-45586	Windows Collaborative Translation Framework (CTFMON) Elevation of Privilege Vulnerability	Exploitation More Likely	Yes	7.8
CVE-2026-44809	Windows Common Log File System Driver Elevation of Privilege Vulnerability	Exploitation Unlikely	No	7.8
CVE-2026-42987	Windows Deployment Services (WDS) Remote Code Execution	Exploitation Less Likely	No	8.1
CVE-2026-33828	Windows Device Health Attestation (DHA) Elevation of Privilege Vulnerability	Exploitation Unlikely	No	7.8
CVE-2026-45634	Windows DHCP Client Information Disclosure Vulnerability	Exploitation Unlikely	No	5.5
CVE-2026-45608	Windows DHCP Client Information Disclosure Vulnerability	Exploitation Unlikely	No	6.8
CVE-2026-41108	Windows DNS Client Elevation of Privilege Vulnerability	Exploitation Unlikely	No	7.0
CVE-2026-42905	Windows DWM Core Library Elevation of Privilege Vulnerability	Exploitation More Likely	No	7.8
CVE-2026-44811	Windows DWM Core Library Elevation of Privilege Vulnerability	Exploitation Less Likely	No	7.8
CVE-2026-44808	Windows DWM Core Library Elevation of Privilege Vulnerability	Exploitation Less Likely	No	7.8
CVE-2026-44807	Windows DWM Core Library Elevation of Privilege Vulnerability	Exploitation Less Likely	No	7.8
CVE-2026-42983	Windows DWM Core Library Elevation of Privilege Vulnerability	Exploitation Less Likely	No	7.8
CVE-2026-44802	Windows DWM Core Library Elevation of Privilege Vulnerability	Exploitation Less Likely	No	7.8
CVE-2026-44813	Windows DWM Core Library Elevation of Privilege Vulnerability	Exploitation Less Likely	No	7.8
CVE-2026-44804	Windows DWM Core Library Elevation of Privilege Vulnerability	Exploitation Less Likely	No	7.8
CVE-2026-48566	Windows DWM Core Library Information Disclosure Vulnerability	Exploitation Less Likely	No	5.5
CVE-2026-44814	Windows DWM Core Library Information Disclosure Vulnerability	Exploitation Less Likely	No	5.5
CVE-2026-45602	Windows Dynamic Host Configuration Protocol (DHCP) Tampering Vulnerability	Exploitation Less Likely	No	9.1
CVE-2026-42836	Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability	Exploitation Less Likely	No	7.0
CVE-2026-44803	Windows Graphics Component Remote Code Execution Vulnerability	Exploitation More Likely	No	7.8
CVE-2026-44812	Windows Graphics Component Remote Code Execution Vulnerability	Exploitation More Likely	No	7.8
CVE-2026-42910	Windows Hotpatch Monitoring Service Elevation of Privilege Vulnerability	Exploitation Less Likely	No	7.8
CVE-2026-42972	Windows Hyper-V Information Disclosure Vulnerability	Exploitation Less Likely	No	5.5
CVE-2026-45607	Windows Hyper-V Remote Code Execution Vulnerability	Exploitation Less Likely	No	8.4
CVE-2026-45641	Windows Hyper-V Remote Code Execution Vulnerability	Exploitation Less Likely	No	8.4
CVE-2026-47652	Windows Hyper-V Remote Code Execution Vulnerability	Exploitation Less Likely	No	8.2
CVE-2026-45592	Windows Internet (wininet.dll) Elevation of Privilege Vulnerability	Exploitation Unlikely	No	7.8
CVE-2026-42903	Windows Kerberos Denial of Service Vulnerability	Exploitation Unlikely	No	6.5
CVE-2026-42914	Windows Kerberos Denial of Service Vulnerability	Exploitation Less Likely	No	5.3
CVE-2026-47288	Windows Kerberos Key Distribution Center (KDC) Remote Code Execution	Exploitation Unlikely	No	7.1
CVE-2026-48583	Windows Kernel Elevation of Privilege Vulnerability	Exploitation Less Likely	No	7.8
CVE-2026-45653	Windows Kernel Elevation of Privilege Vulnerability	Exploitation Unlikely	No	7.0
CVE-2026-42984	Windows Kernel Elevation of Privilege Vulnerability	Exploitation Unlikely	No	7.0
CVE-2026-45657	Windows Kernel Remote Code Execution Vulnerability	Exploitation Less Likely	No	9.8
CVE-2026-45600	Windows Kernel-Mode Driver Elevation of Privilege Vulnerability	Exploitation Unlikely	No	7.8
CVE-2026-45604	Windows Managed Installer Information Disclosure Vulnerability	Exploitation Less Likely	No	5.5
CVE-2026-45595	Windows Mark of the Web Security Feature Bypass Vulnerability	Exploitation Less Likely	No	5.4
CVE-2026-48574	Windows Media Remote Code Execution Vulnerability	Exploitation Less Likely	No	7.8
CVE-2026-48565	Windows Narrator Braille Elevation of Privilege Vulnerability	Exploitation Less Likely	No	7.8
CVE-2026-44805	Windows Network Controller (NC) Host Agent Denial of Service Vulnerability	Exploitation Unlikely	No	5.5
CVE-2026-45636	Windows NTFS Remote Code Execution Vulnerability	Exploitation Less Likely	No	7.8
CVE-2026-50508	Windows NTLM Spoofing Vulnerability	Exploitation More Likely	No	6.5
CVE-2026-42981	Windows Performance Monitor Remote Code Execution Vulnerability	Exploitation Less Likely	No	8.1
CVE-2026-42974	Windows Performance Monitor Remote Code Execution Vulnerability	Exploitation Less Likely	No	8.1
CVE-2026-45487	Windows Program Compatibility Assistant Service Elevation of Privilege Vulnerability	Exploitation Unlikely	No	7.8
CVE-2026-42828	Windows Projected File System Elevation of Privilege Vulnerability	Exploitation Less Likely	No	7.8
CVE-2026-42837	Windows Projected File System Elevation of Privilege Vulnerability	Exploitation Less Likely	No	7.8
CVE-2026-42969	Windows Push Notification Information Disclosure Vulnerability	Exploitation Unlikely	No	5.5
CVE-2026-42971	Windows Push Notification Information Disclosure Vulnerability	Exploitation Less Likely	No	5.5
CVE-2026-42970	Windows Push Notification Information Disclosure Vulnerability	Exploitation Less Likely	No	5.5
CVE-2026-42973	Windows Push Notification Information Disclosure Vulnerability	Exploitation Less Likely	No	5.5
CVE-2026-42978	Windows Push Notifications Elevation of Privilege Vulnerability	Exploitation Unlikely	No	7.8
CVE-2026-42977	Windows Push Notifications Elevation of Privilege Vulnerability	Exploitation Unlikely	No	7.8
CVE-2026-42979	Windows Push Notifications Elevation of Privilege Vulnerability	Exploitation Unlikely	No	7.8
CVE-2026-42991	Windows Push Notifications Elevation of Privilege Vulnerability	Exploitation Unlikely	No	7.8
CVE-2026-45639	Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability	Exploitation Less Likely	No	7.5
CVE-2026-42908	Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability	Exploitation Less Likely	No	7.5
CVE-2026-45593	Windows SDK Elevation of Privilege Vulnerability	Exploitation Less Likely	No	7.8
CVE-2026-42906	Windows Shell Information Disclosure Vulnerability	Exploitation Less Likely	No	5.5
CVE-2026-42907	Windows Shell Information Disclosure Vulnerability	Exploitation Less Likely	No	6.5
CVE-2026-47648	Windows Storage Elevation of Privilege Vulnerability	Exploitation Unlikely	No	7.0
CVE-2026-42915	Windows TCP/IP Denial of Service Vulnerability	Exploitation Less Likely	No	5.7
CVE-2026-42904	Windows TCP/IP Elevation of Privilege Vulnerability	Exploitation Unlikely	No	9.6
CVE-2026-42968	Windows Telephony Server Information Disclosure Vulnerability	Exploitation Less Likely	No	5.5
CVE-2026-42912	Windows Telephony Service Elevation of Privilege Vulnerability	Exploitation Less Likely	No	7.0
CVE-2026-45597	Windows UI Automation Manager (uiamanager.dll) Elevation of Privilege Vulnerability	Exploitation Unlikely	No	7.0
CVE-2026-40409	Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability	Exploitation Less Likely	No	7.8
CVE-2026-40404	Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability	Exploitation Less Likely	No	7.8
CVE-2026-45599	Windows UPnP Device Host Remote Code Execution Vulnerability	Exploitation Less Likely	No	8.1
CVE-2026-45635	Windows UPnP Device Host Remote Code Execution Vulnerability	Exploitation Less Likely	No	8.1
CVE-2026-42989	Winlogon Elevation of Privilege Vulnerability	Exploitation More Likely	No	7.8

Zero-Day Vulnerabilities: Publicly Disclosed (No known exploitation)

CVE	Title	Exploitation status	Publicly disclosed?	CVSS v3 base score
CVE-2026-49160	HTTP.sys Denial of Service Vulnerability	Exploitation More Likely	Yes	7.5
CVE-2026-50507	Windows BitLocker Security Feature Bypass Vulnerability	Exploitation More Likely	Yes	6.8
CVE-2026-45586	Windows Collaborative Translation Framework (CTFMON) Elevation of Privilege Vulnerability	Exploitation More Likely	Yes	7.8

Critical RCEs

CVE	Title	Exploitation status	Publicly disclosed?	CVSS v3 base score
CVE-2025-10263	ARM: CVE-2025-10263 Completion of affected memory accesses might not be guaranteed by completion of a TLBI [kernel]	Exploitation Less Likely	No	9.3
CVE-2026-47643	Azure Stack Edge Remote Code Execution Vulnerability	Exploitation Unlikely	No	9.8
CVE-2026-44815	DHCP Client Service Remote Code Execution Vulnerability	Exploitation Less Likely	No	9.8
CVE-2026-47291	HTTP.sys Remote Code Execution Vulnerability	Exploitation More Likely	No	9.8
CVE-2026-26142	Nuance PowerScribe Remote Code Execution Vulnerability	Exploitation Less Likely	No	9.8
CVE-2026-47281	Visual Studio Code Elevation of Privilege Vulnerability	Exploitation Unlikely	No	9.6
CVE-2026-45602	Windows Dynamic Host Configuration Protocol (DHCP) Tampering Vulnerability	Exploitation Less Likely	No	9.1
CVE-2026-45657	Windows Kernel Remote Code Execution Vulnerability	Exploitation Less Likely	No	9.8
CVE-2026-42904	Windows TCP/IP Elevation of Privilege Vulnerability	Exploitation Unlikely	No	9.6

Rapid7 Cybersecurity Blog
Patch Tuesday - May 2026 12 May 2026 at 20:22

Patch Tuesday - May 2026

Rapid7 Cybersecurity Blog

By: Adam Barnett

12 May 2026 at 20:22

Microsoft is publishing 137 vulnerabilities on May 2026 Patch Tuesday. Microsoft is not aware of exploitation in the wild or public disclosure for any of these vulnerabilities. So far this month, Microsoft has provided patches to address 133 browser vulnerabilities, which are not included in the Patch Tuesday count above.

Windows Netlogon: critical RCE

Anyone responsible for securing a domain controller should prioritize remediation of CVE-2026-41089, which is a critical stack-based buffer overflow in Windows Netlogon with a CVSS v3 base score of 9.8. Exploitation leads to execution in the context of the Netlogon service, so that’s SYSTEM privileges on the domain controller. For most pentesters, that’s the point at which the customer report more or less writes itself. No privileges or user interaction are required, and attack complexity is low, which suggests that creation of a reliable exploit might not be especially difficult for anyone with knowledge of the specific mechanism.

Microsoft assesses exploitation as less likely, but since those exploitability assessments are provided without an accompanying explanation, it’s not clear how much reassurance defenders should take. Anyone who remembers the much-discussed CVE-2020-1472 (aka ZeroLogon) back in 2020 will note that CVE-2026-41089 offers an attacker more immediate control of a domain controller. Patches are available for all versions of Windows Server from 2012 onwards.

Windows DNS Client: critical RCE

An attacker looking for a master key for Windows assets will pay attention to CVE-2026-41096, a critical RCE in the Windows DNS client implementation. A modern computer talks to DNS the way a child in the back of a car asks “are we there yet?” The variable and complex structure of DNS responses means that DNS client implementations are also complex and thus prone to flaws. Microsoft assesses exploitation as less likely, and we can hope that modern mitigations such as heap address randomization and optional-but-recommended encrypted channel DNS will make weaponization significantly more challenging by putting barriers across specific paths to exploitation. The DNS client on Windows runs as the NetworkService role, rather than SYSTEM, but a foothold is a foothold, and skilled attackers expect to chain exploits together.

JIRA/Confluence Entra ID auth plugin: critical EoP

If you’re still self-hosting Atlassian JIRA or Confluence and relying on the Microsoft Entra ID authentication plugin, you’ll want to know about CVE-2026-41103. This critical elevation of privilege vulnerability allows an unauthorized attacker to impersonate an existing user by presenting forged credentials, thus bypassing Entra ID. Microsoft expects that exploitation is more likely. Even if you can’t always find what you want on the corporate Confluence, a motivated attacker probably will. Curiously, the patch links on the advisory lead to older versions of the plugins published in 2024.

Microsoft WARP team

Microsoft’s WARP team is credited with multiple critical vulnerabilities today, after making their first appearance in MSRC advisory acknowledgements in last month’s Patch Tuesday. We can speculate that they likely know a great deal about the current state of AI-powered vulnerability research as it applies to Microsoft products.