Microsoft is publishing 167 vulnerabilities on April 2026 Patch Tuesday. Microsoft is aware of exploitation in the wild for one of today’s vulnerabilities, and public disclosure for one other. Microsoft evaluates 19 of the vulnerabilities published today as more likely to see future exploitation. So far this month, Microsoft has provided patches to address 80 browser vulnerabilities, which are not included in the Patch Tuesday count above.
Increasing volumes of vulnerabilities
Regular Patch Tuesday watchers will know that these vulnerability totals are significantly higher than usual, especially the browser numbers. Late last week, Microsoft published patches to resolve more than 60 browser vulnerabilities in a single day, which is a new record in that very specific category.
It might be tempting to imagine that this sudden spike was tied to the buzz around the announcement a week ago today of Project Glasswing, but this is not the case. Edge is based on the Chromium engine, and the Chromium maintainers acknowledge a wide range of researchers for the vulnerabilities which Microsoft republished last Friday. This reflects a significant industry-wide uptick in the volume of vulnerability reports over the past few weeks. A safe conclusion is that this increase in volume is driven by ever-expanding AI capabilities. We should expect to see further increases in vulnerability reporting volume as the impact of AI models extend further, both in terms of capability and availability.
SharePoint: zero-day spoofing
When everything is changing rapidly, it can be tempting to look to familiar things for comfort. SharePoint admins should start by addressing CVE-2026-32201, an exploited-in-the-wild spoofing vulnerability. The advisory doesn’t offer much detail, but does mention CWE-20: Improper Input Validation and low impact to confidentiality and integrity, with no impact to availability. Of course, the greatest attacker impact is typically achieved by chaining together multiple vulnerabilities that by themselves might not seem so bad.
Ever-increasing novel AI capabilities in offensive cybersecurity now appear to provide real competition for all but the most elite human researchers; if it was ever valid to suppose that a vulnerability with a CVSS v3 base score of 6.5 was unlikely to cause much pain, it’s certainly not a safe defensive assumption in 2026. Patches are available for all supported versions of SharePoint, including SharePoint 2016, which moves beyond extended support on July 14, 2026.
Defender: zero-day elevation of privilege
Microsoft Defender receives a patch today for CVE-2026-33825, a local privilege escalation vulnerability for which Microsoft is aware of public disclosure. Successful exploitation leads to SYSTEM privileges, so this is certainly worth patching sooner rather than later. Microsoft points out that no action should be required to install this update, since the Microsoft Defender Antimalware Platform automatically updates by default. A further silver lining is that systems that have disabled Microsoft Defender are not in an exploitable state. Hopefully, any such system is running a suitable third-party replacement for Defender’s capabilities.
Windows [I don’t like] IKE: zero-day pre-auth RCE
The Windows Internet Key Exchange (IKE) Services Extensions is the site of CVE-2026-33824, a critical unauthenticated remote code execution vulnerability. Exploitation requires an attacker to send specially crafted packets to a Windows machine with IKE v2 enabled, which could enable remote code execution. Vulnerabilities leading to unauthenticated RCE against modern Windows assets are relatively rare, or we’d see more wormable vulnerabilities self-propagating across the internet. However, since IKE provides secure tunnel negotiation services, for instance for VPNs, it is necessarily exposed to untrusted networks and reachable in a pre-authorization context. It’s hard to imagine this turning into a rampaging internet-wide worm, but there’s plenty of scope for initial access abuse, so this IKE vulnerability is still yikes.
The advisory does contain a section with potential mitigations for anyone unable to patch immediately, which center on least-privilege restriction of relevant UDP traffic. This same portion of the advisory also furnishes a helpful link to the definition of the word “mitigations” in the MSDN glossary. All versions of Windows back as far as Server 2016 and Windows 10 1607 LTSC receive patches.
The advisory credits both the WARP and MORSE (Microsoft Offensive Research & Security Engineering) teams at Microsoft. MORSE appears in Acknowledgements over the past few years, but today marks the first explicit mention of WARP in a Microsoft security advisory Acknowledgements section; we can speculate that WARP is an internal designator for the Microsoft Windows Enterprise Security Team.
Microsoft lifecycle update
In Microsoft lifecycle news, extended support ends April 14, 2026 for a wide range of Microsoft product legacy enterprise tools, including Dynamics C5 2016, Dynamics NAV 2016, App-V 5.0 and App-V 5.1, UE-V 2.1, and BitLocker Administration and Monitoring 2.5 SP1. Microsoft .NET 9 STS (Standard Term Support, as distinct from Long Term Support) was originally scheduled to move past the end of support in May 2026, but late last year, Microsoft granted a six-month extension, so that .NET 9 STS now reaches end of support on November 10, 2026.
Summary charts
Summary tables
Azure vulnerabilities
CVE | Title | Exploitation status | Publicly disclosed? | CVSS v3 base score |
|---|---|---|---|---|
| CVE-2026-32171 | Azure Logic Apps Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 8.8 |
| CVE-2026-32168 | Azure Monitor Agent Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.8 |
| CVE-2026-32192 | Azure Monitor Agent Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.8 |
| CVE-2026-32184 | Microsoft High Performance Compute (HPC) Pack Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.8 |
Developer Tools vulnerabilities
CVE | Title | Exploitation status | Publicly disclosed? | CVSS v3 base score |
|---|---|---|---|---|
| CVE-2026-32203 | .NET and Visual Studio Denial of Service Vulnerability | Exploitation Less Likely | No | 7.5 |
| CVE-2026-26171 | .NET Denial of Service Vulnerability | Exploitation Less Likely | No | 7.5 |
| CVE-2026-32226 | .NET Framework Denial of Service Vulnerability | Exploitation Less Likely | No | 5.9 |
| CVE-2026-23666 | .NET Framework Denial of Service Vulnerability | Exploitation Less Likely | No | 7.5 |
| CVE-2026-32178 | .NET Spoofing Vulnerability | Exploitation Less Likely | No | 7.5 |
| CVE-2026-33116 | .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability | Exploitation Less Likely | No | 7.5 |
| CVE-2026-23653 | GitHub Copilot and Visual Studio Code Information Disclosure Vulnerability | Exploitation Less Likely | No | 5.7 |
| CVE-2026-32631 | GitHub: CVE-2026-32631 'git clone' from manipulated repositories can leak NTLM hashes | Exploitation Less Likely | No | 7.4 |
| CVE-2026-21637 | HackerOne: CVE-2026-21637 TLS PSK/ALPN Callback Exceptions Bypass Error Handlers | N/A | No | 7.5 |
| CVE-2026-26143 | Microsoft PowerShell Security Feature Bypass Vulnerability | Exploitation Less Likely | No | 7.8 |
ESU vulnerabilities
CVE | Title | Exploitation status | Publicly disclosed? | CVSS v3 base score |
|---|---|---|---|---|
| CVE-2026-32072 | Active Directory Spoofing Vulnerability | Exploitation Less Likely | No | 6.2 |
| CVE-2026-32181 | Connected User Experiences and Telemetry Service Denial of Service Vulnerability | Exploitation Less Likely | No | 5.5 |
| CVE-2026-27924 | Desktop Window Manager Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.8 |
| CVE-2026-32154 | Desktop Window Manager Elevation of Privilege Vulnerability | Exploitation More Likely | No | 7.8 |
| CVE-2026-27923 | Desktop Window Manager Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.8 |
| CVE-2026-32155 | Desktop Window Manager Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.8 |
| CVE-2026-32091 | Microsoft Brokering File System Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 8.4 |
| CVE-2026-26152 | Microsoft Cryptographic Services Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.0 |
| CVE-2026-26155 | Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability | Exploitation Less Likely | No | 6.5 |
| CVE-2026-27914 | Microsoft Management Console Elevation of Privilege Vulnerability | Exploitation More Likely | No | 7.8 |
| CVE-2026-25250 | MITRE: CVE-2026-25250 Secure Boot disable Eazy Fix | Exploitation Less Likely | No | 6.0 |
| CVE-2026-32081 | Package Catalog Information Disclosure Vulnerability | Exploitation Unlikely | No | 5.5 |
| CVE-2026-26170 | PowerShell Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.8 |
| CVE-2026-26183 | Remote Access Management service/API (RPC server) Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.8 |
| CVE-2026-32157 | Remote Desktop Client Remote Code Execution Vulnerability | Exploitation Less Likely | No | 8.8 |
| CVE-2026-26160 | Remote Desktop Licensing Service Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.8 |
| CVE-2026-26159 | Remote Desktop Licensing Service Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.8 |
| CVE-2026-26151 | Remote Desktop Spoofing Vulnerability | Exploitation More Likely | No | 7.1 |
| CVE-2026-32085 | Remote Procedure Call Information Disclosure Vulnerability | Exploitation Unlikely | No | 5.5 |
| CVE-2026-0390 | UEFI Secure Boot Security Feature Bypass Vulnerability | Exploitation More Likely | No | 6.7 |
| CVE-2026-32212 | Universal Plug and Play (upnp.dll) Information Disclosure Vulnerability | Exploitation Less Likely | No | 5.5 |
| CVE-2026-32214 | Universal Plug and Play (upnp.dll) Information Disclosure Vulnerability | Exploitation Less Likely | No | 5.5 |
| CVE-2026-32079 | Web Account Manager Information Disclosure Vulnerability | Exploitation Unlikely | No | 5.5 |
| CVE-2026-33104 | Win32k Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.0 |
| CVE-2026-33826 | Windows Active Directory Remote Code Execution Vulnerability | Exploitation More Likely | No | 8.0 |
| CVE-2026-26178 | Windows Advanced Rasterization Platform Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 8.8 |
| CVE-2026-32073 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.0 |
| CVE-2026-26168 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.8 |
| CVE-2026-26173 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.0 |
| CVE-2026-26177 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.0 |
| CVE-2026-26182 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.0 |
| CVE-2026-27922 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.0 |
| CVE-2026-33099 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.0 |
| CVE-2026-33100 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.0 |
| CVE-2026-32088 | Windows Biometric Service Security Feature Bypass Vulnerability | Exploitation Less Likely | No | 6.1 |
| CVE-2026-27913 | Windows BitLocker Security Feature Bypass Vulnerability | Exploitation More Likely | No | 7.7 |
| CVE-2026-26175 | Windows Boot Manager Security Feature Bypass Vulnerability | Exploitation Less Likely | No | 4.6 |
| CVE-2026-26176 | Windows Client Side Caching driver (csc.sys) Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.8 |
| CVE-2026-27926 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.0 |
| CVE-2026-32162 | Windows COM Elevation of Privilege Vulnerability | Exploitation More Likely | No | 8.4 |
| CVE-2026-20806 | Windows COM Server Information Disclosure Vulnerability | Exploitation Unlikely | No | 5.5 |
| CVE-2026-32070 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Exploitation More Likely | No | 7.0 |
| CVE-2026-33098 | Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability | Exploitation Unlikely | No | 7.8 |
| CVE-2026-26153 | Windows Encrypted File System (EFS) Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.8 |
| CVE-2026-32087 | Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.0 |
| CVE-2026-32093 | Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability | Exploitation More Likely | No | 7.0 |
| CVE-2026-32086 | Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.0 |
| CVE-2026-32150 | Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.0 |
| CVE-2026-27931 | Windows GDI Information Disclosure Vulnerability | Exploitation Less Likely | No | 5.5 |
| CVE-2026-27930 | Windows GDI Information Disclosure Vulnerability | Exploitation Less Likely | No | 5.5 |
| CVE-2026-27906 | Windows Hello Security Feature Bypass Vulnerability | Exploitation More Likely | No | 4.4 |
| CVE-2026-26156 | Windows Hyper-V Remote Code Execution Vulnerability | Exploitation Less Likely | No | 7.8 |
| CVE-2026-32149 | Windows Hyper-V Remote Code Execution Vulnerability | Exploitation Less Likely | No | 7.3 |
| CVE-2026-27910 | Windows Installer Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.8 |
| CVE-2026-33824 | Windows Internet Key Exchange (IKE) Service Extensions Remote Code Execution Vulnerability | Exploitation Less Likely | No | 9.8 |
| CVE-2026-27912 | Windows Kerberos Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 8.0 |
| CVE-2026-26180 | Windows Kernel Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.8 |
| CVE-2026-26163 | Windows Kernel Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.8 |
| CVE-2026-32215 | Windows Kernel Information Disclosure Vulnerability | Exploitation Less Likely | No | 5.5 |
| CVE-2026-32217 | Windows Kernel Information Disclosure Vulnerability | Exploitation Less Likely | No | 5.5 |
| CVE-2026-32218 | Windows Kernel Information Disclosure Vulnerability | Exploitation Less Likely | No | 5.5 |
| CVE-2026-26169 | Windows Kernel Memory Information Disclosure Vulnerability | Exploitation More Likely | No | 6.1 |
| CVE-2026-32071 | Windows Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability | Exploitation Less Likely | No | 7.5 |
| CVE-2026-27929 | Windows LUA File Virtualization Filter Driver Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.0 |
| CVE-2026-20930 | Windows Management Services Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.8 |
| CVE-2026-26162 | Windows OLE Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.8 |
| CVE-2026-32084 | Windows Print Spooler Information Disclosure Vulnerability | Exploitation Unlikely | No | 5.5 |
| CVE-2026-27927 | Windows Projected File System Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.8 |
| CVE-2026-26184 | Windows Projected File System Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.8 |
| CVE-2026-32069 | Windows Projected File System Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.8 |
| CVE-2026-32074 | Windows Projected File System Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.8 |
| CVE-2026-32078 | Windows Projected File System Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.8 |
| CVE-2026-26167 | Windows Push Notifications Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 8.8 |
| CVE-2026-32158 | Windows Push Notifications Elevation of Privilege Vulnerability | Exploitation Unlikely | No | 7.8 |
| CVE-2026-32159 | Windows Push Notifications Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.8 |
| CVE-2026-32160 | Windows Push Notifications Elevation of Privilege Vulnerability | Exploitation Unlikely | No | 7.8 |
| CVE-2026-26172 | Windows Push Notifications Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.8 |
| CVE-2026-20928 | Windows Recovery Environment Security Feature Bypass Vulnerability | Exploitation Less Likely | No | 4.6 |
| CVE-2026-27909 | Windows Search Service Elevation of Privilege Vulnerability | Exploitation More Likely | No | 7.8 |
| CVE-2026-26161 | Windows Sensor Data Service Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.8 |
| CVE-2026-26174 | Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.0 |
| CVE-2026-26154 | Windows Server Update Service (WSUS) Tampering Vulnerability | Exploitation Less Likely | No | 7.5 |
| CVE-2026-27918 | Windows Shell Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.8 |
| CVE-2026-32151 | Windows Shell Information Disclosure Vulnerability | Exploitation Less Likely | No | 6.5 |
| CVE-2026-32225 | Windows Shell Security Feature Bypass Vulnerability | Exploitation More Likely | No | 8.8 |
| CVE-2026-32202 | Windows Shell Spoofing Vulnerability | Exploitation More Likely | No | 4.3 |
| CVE-2026-32082 | Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.0 |
| CVE-2026-32083 | Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.0 |
| CVE-2026-32068 | Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability | Exploitation Unlikely | No | 7.0 |
| CVE-2026-32183 | Windows Snipping Tool Remote Code Execution Vulnerability | Exploitation Less Likely | No | 7.8 |
| CVE-2026-33829 | Windows Snipping Tool Spoofing Vulnerability | Exploitation Unlikely | No | 4.3 |
| CVE-2026-32089 | Windows Speech Brokered Api Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.8 |
| CVE-2026-32090 | Windows Speech Brokered Api Elevation of Privilege Vulnerability | Exploitation Unlikely | No | 7.8 |
| CVE-2026-32153 | Windows Speech Runtime Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.8 |
| CVE-2026-33827 | Windows TCP/IP Remote Code Execution Vulnerability | Exploitation Less Likely | No | 8.1 |
| CVE-2026-27908 | Windows TDI Translation Driver (tdx.sys) Elevation of Privilege Vulnerability | Exploitation More Likely | No | 7.0 |
| CVE-2026-27921 | Windows TDI Translation Driver (tdx.sys) Elevation of Privilege Vulnerability | Exploitation More Likely | No | 7.0 |
| CVE-2026-27915 | Windows UPnP Device Host Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.8 |
| CVE-2026-27919 | Windows UPnP Device Host Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.8 |
| CVE-2026-32075 | Windows UPnP Device Host Elevation of Privilege Vulnerability | Exploitation More Likely | No | 7.0 |
| CVE-2026-27916 | Windows UPnP Device Host Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.8 |
| CVE-2026-27920 | Windows UPnP Device Host Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.8 |
| CVE-2026-32077 | Windows UPnP Device Host Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.8 |
| CVE-2026-27925 | Windows UPnP Device Host Information Disclosure Vulnerability | Exploitation Less Likely | No | 6.5 |
| CVE-2026-32156 | Windows UPnP Device Host Remote Code Execution Vulnerability | Exploitation Less Likely | No | 7.4 |
| CVE-2026-32165 | Windows User Interface Core Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.8 |
| CVE-2026-27911 | Windows User Interface Core Elevation of Privilege Vulnerability | Exploitation Unlikely | No | 7.8 |
| CVE-2026-32163 | Windows User Interface Core Elevation of Privilege Vulnerability | Exploitation Unlikely | No | 7.8 |
| CVE-2026-32164 | Windows User Interface Core Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.8 |
| CVE-2026-23670 | Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability | Exploitation Less Likely | No | 5.7 |
| CVE-2026-27917 | Windows WFP NDIS Lightweight Filter Driver (wfplwfs.sys) Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.0 |
Microsoft Dynamics vulnerabilities
CVE | Title | Exploitation status | Publicly disclosed? | CVSS v3 base score |
|---|---|---|---|---|
| CVE-2026-33103 | Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability | Exploitation Unlikely | No | 5.5 |
| CVE-2026-26149 | Microsoft Power Apps Security Feature Bypass | Exploitation Less Likely | No | 9.0 |
Microsoft Office vulnerabilities
CVE | Title | Exploitation status | Publicly disclosed? | CVSS v3 base score |
|---|---|---|---|---|
| CVE-2026-32188 | Microsoft Excel Information Disclosure Vulnerability | Exploitation Less Likely | No | 7.1 |
| CVE-2026-32189 | Microsoft Excel Remote Code Execution Vulnerability | Exploitation Less Likely | No | 7.8 |
| CVE-2026-32197 | Microsoft Excel Remote Code Execution Vulnerability | Exploitation Less Likely | No | 7.8 |
| CVE-2026-32198 | Microsoft Excel Remote Code Execution Vulnerability | Exploitation Less Likely | No | 7.8 |
| CVE-2026-32199 | Microsoft Excel Remote Code Execution Vulnerability | Exploitation Less Likely | No | 7.8 |
| CVE-2026-32190 | Microsoft Office Remote Code Execution Vulnerability | Exploitation Less Likely | No | 8.4 |
| CVE-2026-32200 | Microsoft PowerPoint Remote Code Execution Vulnerability | Exploitation Less Likely | No | 7.8 |
| CVE-2026-20945 | Microsoft SharePoint Server Spoofing Vulnerability | Exploitation Less Likely | No | 4.6 |
| CVE-2026-32201 | Microsoft SharePoint Server Spoofing Vulnerability | Exploitation Detected | No | 6.5 |
| CVE-2026-33822 | Microsoft Word Information Disclosure Vulnerability | Exploitation Less Likely | No | 6.1 |
| CVE-2026-33095 | Microsoft Word Remote Code Execution Vulnerability | Exploitation Less Likely | No | 7.8 |
| CVE-2026-23657 | Microsoft Word Remote Code Execution Vulnerability | Exploitation Less Likely | No | 7.8 |
| CVE-2026-33114 | Microsoft Word Remote Code Execution Vulnerability | Exploitation Less Likely | No | 8.4 |
| CVE-2026-33115 | Microsoft Word Remote Code Execution Vulnerability | Exploitation Less Likely | No | 8.4 |
Open Source Software vulnerabilities
CVE | Title | Exploitation status | Publicly disclosed? | CVSS v3 base score |
|---|---|---|---|---|
| CVE-2026-40386 | n/a | No | 4.0 | |
| CVE-2026-40385 | n/a | No | 4.0 | |
| CVE-2026-40393 | n/a | No | 8.1 | |
| CVE-2026-31416 | netfilter: nfnetlink_log: account for netlink header size | n/a | No | 8.1 |
| CVE-2026-31423 | net/sched: sch_hfsc: fix divide-by-zero in rtsc_min() | n/a | No | 5.5 |
| CVE-2026-31424 | netfilter: x_tables: restrict xt_check_match/xt_check_target extensions for NFPROTO_ARP | n/a | No | 5.5 |
| CVE-2026-31417 | net/x25: Fix overflow when accumulating packets | n/a | No | 8.1 |
| CVE-2026-31422 | net/sched: cls_flow: fix NULL pointer dereference on shared blocks | n/a | No | 5.5 |
| CVE-2026-31414 | netfilter: nf_conntrack_expect: use expect->helper | n/a | No | 8.1 |
| CVE-2026-31427 | netfilter: nf_conntrack_sip: fix use of uninitialized rtp_addr in process_sdp | n/a | No | 7.8 |
| CVE-2026-31426 | ACPI: EC: clean up handlers on probe failure in acpi_ec_setup() | n/a | No | 5.5 |
| CVE-2026-31419 | net: bonding: fix use-after-free in bond_xmit_broadcast() | n/a | No | 7.1 |
| CVE-2026-31420 | bridge: mrp: reject zero test interval to avoid OOM panic | n/a | No | 5.5 |
| CVE-2026-31421 | net/sched: cls_fw: fix NULL pointer dereference on shared blocks | n/a | No | 5.5 |
| CVE-2026-31428 | netfilter: nfnetlink_log: fix uninitialized padding leak in NFULA_PAYLOAD | n/a | No | 5.5 |
| CVE-2026-31418 | netfilter: ipset: drop logically empty buckets in mtype_del | n/a | No | 8.1 |
SQL Server vulnerabilities
CVE | Title | Exploitation status | Publicly disclosed? | CVSS v3 base score |
|---|---|---|---|---|
| CVE-2026-33120 | Microsoft SQL Server Remote Code Execution Vulnerability | Exploitation Less Likely | No | 8.8 |
| CVE-2026-32167 | SQL Server Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 6.7 |
| CVE-2026-32176 | SQL Server Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 6.7 |
System Center vulnerabilities
CVE | Title | Exploitation status | Publicly disclosed? | CVSS v3 base score |
|---|---|---|---|---|
| CVE-2026-33825 | Microsoft Defender Elevation of Privilege Vulnerability | Exploitation More Likely | Yes | 7.8 |
Windows vulnerabilities
CVE | Title | Exploitation status | Publicly disclosed? | CVSS v3 base score |
|---|---|---|---|---|
| CVE-2026-32072 | Active Directory Spoofing Vulnerability | Exploitation Less Likely | No | 6.2 |
| CVE-2023-20585 | AMD: CVE-2023-20585 IOMMU Write Buffer Vulnerability | Exploitation Less Likely | No | 5.3 |
| CVE-2026-25184 | Applocker Filter Driver (applockerfltr.sys) Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.0 |
| CVE-2026-32181 | Connected User Experiences and Telemetry Service Denial of Service Vulnerability | Exploitation Less Likely | No | 5.5 |
| CVE-2026-27924 | Desktop Window Manager Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.8 |
| CVE-2026-32152 | Desktop Window Manager Elevation of Privilege Vulnerability | Exploitation More Likely | No | 7.8 |
| CVE-2026-32154 | Desktop Window Manager Elevation of Privilege Vulnerability | Exploitation More Likely | No | 7.8 |
| CVE-2026-27923 | Desktop Window Manager Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.8 |
| CVE-2026-32155 | Desktop Window Manager Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.8 |
| CVE-2026-33096 | HTTP.sys Denial of Service Vulnerability | Exploitation Less Likely | No | 7.5 |
| CVE-2026-26181 | Microsoft Brokering File System Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.8 |
| CVE-2026-32219 | Microsoft Brokering File System Elevation of Privilege Vulnerability | Exploitation Unlikely | No | 7.0 |
| CVE-2026-32091 | Microsoft Brokering File System Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 8.4 |
| CVE-2026-26152 | Microsoft Cryptographic Services Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.0 |
| CVE-2026-26155 | Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability | Exploitation Less Likely | No | 6.5 |
| CVE-2026-27914 | Microsoft Management Console Elevation of Privilege Vulnerability | Exploitation More Likely | No | 7.8 |
| CVE-2026-25250 | MITRE: CVE-2026-25250 Secure Boot disable Eazy Fix | Exploitation Less Likely | No | 6.0 |
| CVE-2026-32081 | Package Catalog Information Disclosure Vulnerability | Exploitation Unlikely | No | 5.5 |
| CVE-2026-26170 | PowerShell Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.8 |
| CVE-2026-26183 | Remote Access Management service/API (RPC server) Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.8 |
| CVE-2026-32157 | Remote Desktop Client Remote Code Execution Vulnerability | Exploitation Less Likely | No | 8.8 |
| CVE-2026-26160 | Remote Desktop Licensing Service Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.8 |
| CVE-2026-26159 | Remote Desktop Licensing Service Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.8 |
| CVE-2026-26151 | Remote Desktop Spoofing Vulnerability | Exploitation More Likely | No | 7.1 |
| CVE-2026-32085 | Remote Procedure Call Information Disclosure Vulnerability | Exploitation Unlikely | No | 5.5 |
| CVE-2026-0390 | UEFI Secure Boot Security Feature Bypass Vulnerability | Exploitation More Likely | No | 6.7 |
| CVE-2026-32220 | UEFI Secure Boot Security Feature Bypass Vulnerability | Exploitation Less Likely | No | 4.4 |
| CVE-2026-32212 | Universal Plug and Play (upnp.dll) Information Disclosure Vulnerability | Exploitation Less Likely | No | 5.5 |
| CVE-2026-32214 | Universal Plug and Play (upnp.dll) Information Disclosure Vulnerability | Exploitation Less Likely | No | 5.5 |
| CVE-2026-32079 | Web Account Manager Information Disclosure Vulnerability | Exploitation Unlikely | No | 5.5 |
| CVE-2026-33104 | Win32k Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.0 |
| CVE-2026-33826 | Windows Active Directory Remote Code Execution Vulnerability | Exploitation More Likely | No | 8.0 |
| CVE-2026-32196 | Windows Admin Center Spoofing Vulnerability | Exploitation Less Likely | No | 6.1 |
| CVE-2026-26178 | Windows Advanced Rasterization Platform Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 8.8 |
| CVE-2026-32073 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.0 |
| CVE-2026-26168 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.8 |
| CVE-2026-26173 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.0 |
| CVE-2026-26177 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.0 |
| CVE-2026-26182 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.0 |
| CVE-2026-27922 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.0 |
| CVE-2026-33099 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.0 |
| CVE-2026-33100 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.0 |
| CVE-2026-32088 | Windows Biometric Service Security Feature Bypass Vulnerability | Exploitation Less Likely | No | 6.1 |
| CVE-2026-27913 | Windows BitLocker Security Feature Bypass Vulnerability | Exploitation More Likely | No | 7.7 |
| CVE-2026-26175 | Windows Boot Manager Security Feature Bypass Vulnerability | Exploitation Less Likely | No | 4.6 |
| CVE-2026-26176 | Windows Client Side Caching driver (csc.sys) Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.8 |
| CVE-2026-27926 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.0 |
| CVE-2026-32162 | Windows COM Elevation of Privilege Vulnerability | Exploitation More Likely | No | 8.4 |
| CVE-2026-20806 | Windows COM Server Information Disclosure Vulnerability | Exploitation Unlikely | No | 5.5 |
| CVE-2026-32070 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Exploitation More Likely | No | 7.0 |
| CVE-2026-33098 | Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability | Exploitation Unlikely | No | 7.8 |
| CVE-2026-26153 | Windows Encrypted File System (EFS) Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.8 |
| CVE-2026-32087 | Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.0 |
| CVE-2026-32093 | Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability | Exploitation More Likely | No | 7.0 |
| CVE-2026-32086 | Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.0 |
| CVE-2026-32150 | Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.0 |
| CVE-2026-27931 | Windows GDI Information Disclosure Vulnerability | Exploitation Less Likely | No | 5.5 |
| CVE-2026-27930 | Windows GDI Information Disclosure Vulnerability | Exploitation Less Likely | No | 5.5 |
| CVE-2026-32221 | Windows Graphics Component Remote Code Execution Vulnerability | Exploitation Less Likely | No | 8.4 |
| CVE-2026-27906 | Windows Hello Security Feature Bypass Vulnerability | Exploitation More Likely | No | 4.4 |
| CVE-2026-27928 | Windows Hello Security Feature Bypass Vulnerability | Exploitation Less Likely | No | 8.7 |
| CVE-2026-26156 | Windows Hyper-V Remote Code Execution Vulnerability | Exploitation Less Likely | No | 7.8 |
| CVE-2026-32149 | Windows Hyper-V Remote Code Execution Vulnerability | Exploitation Less Likely | No | 7.3 |
| CVE-2026-27910 | Windows Installer Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.8 |
| CVE-2026-33824 | Windows Internet Key Exchange (IKE) Service Extensions Remote Code Execution Vulnerability | Exploitation Less Likely | No | 9.8 |
| CVE-2026-27912 | Windows Kerberos Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 8.0 |
| CVE-2026-26179 | Windows Kernel Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.8 |
| CVE-2026-26180 | Windows Kernel Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.8 |
| CVE-2026-32195 | Windows Kernel Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.0 |
| CVE-2026-26163 | Windows Kernel Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.8 |
| CVE-2026-32215 | Windows Kernel Information Disclosure Vulnerability | Exploitation Less Likely | No | 5.5 |
| CVE-2026-32217 | Windows Kernel Information Disclosure Vulnerability | Exploitation Less Likely | No | 5.5 |
| CVE-2026-32218 | Windows Kernel Information Disclosure Vulnerability | Exploitation Less Likely | No | 5.5 |
| CVE-2026-26169 | Windows Kernel Memory Information Disclosure Vulnerability | Exploitation More Likely | No | 6.1 |
| CVE-2026-32071 | Windows Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability | Exploitation Less Likely | No | 7.5 |
| CVE-2026-27929 | Windows LUA File Virtualization Filter Driver Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.0 |
| CVE-2026-20930 | Windows Management Services Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.8 |
| CVE-2026-26162 | Windows OLE Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.8 |
| CVE-2026-33101 | Windows Print Spooler Elevation of Privilege Vulnerability | Exploitation Unlikely | No | 7.8 |
| CVE-2026-32084 | Windows Print Spooler Information Disclosure Vulnerability | Exploitation Unlikely | No | 5.5 |
| CVE-2026-27927 | Windows Projected File System Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.8 |
| CVE-2026-26184 | Windows Projected File System Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.8 |
| CVE-2026-32069 | Windows Projected File System Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.8 |
| CVE-2026-32074 | Windows Projected File System Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.8 |
| CVE-2026-32078 | Windows Projected File System Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.8 |
| CVE-2026-26167 | Windows Push Notifications Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 8.8 |
| CVE-2026-32158 | Windows Push Notifications Elevation of Privilege Vulnerability | Exploitation Unlikely | No | 7.8 |
| CVE-2026-32159 | Windows Push Notifications Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.8 |
| CVE-2026-32160 | Windows Push Notifications Elevation of Privilege Vulnerability | Exploitation Unlikely | No | 7.8 |
| CVE-2026-26172 | Windows Push Notifications Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.8 |
| CVE-2026-20928 | Windows Recovery Environment Security Feature Bypass Vulnerability | Exploitation Less Likely | No | 4.6 |
| CVE-2026-32216 | Windows Redirected Drive Buffering System Denial of Service Vulnerability | Exploitation Less Likely | No | 5.5 |
| CVE-2026-27909 | Windows Search Service Elevation of Privilege Vulnerability | Exploitation More Likely | No | 7.8 |
| CVE-2026-26161 | Windows Sensor Data Service Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.8 |
| CVE-2026-26174 | Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.0 |
| CVE-2026-32224 | Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability | Exploitation Unlikely | No | 7.0 |
| CVE-2026-26154 | Windows Server Update Service (WSUS) Tampering Vulnerability | Exploitation Less Likely | No | 7.5 |
| CVE-2026-26165 | Windows Shell Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.0 |
| CVE-2026-26166 | Windows Shell Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.0 |
| CVE-2026-27918 | Windows Shell Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.8 |
| CVE-2026-32151 | Windows Shell Information Disclosure Vulnerability | Exploitation Less Likely | No | 6.5 |
| CVE-2026-32225 | Windows Shell Security Feature Bypass Vulnerability | Exploitation More Likely | No | 8.8 |
| CVE-2026-32202 | Windows Shell Spoofing Vulnerability | Exploitation More Likely | No | 4.3 |
| CVE-2026-32082 | Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.0 |
| CVE-2026-32083 | Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.0 |
| CVE-2026-32068 | Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability | Exploitation Unlikely | No | 7.0 |
| CVE-2026-32183 | Windows Snipping Tool Remote Code Execution Vulnerability | Exploitation Less Likely | No | 7.8 |
| CVE-2026-33829 | Windows Snipping Tool Spoofing Vulnerability | Exploitation Unlikely | No | 4.3 |
| CVE-2026-32089 | Windows Speech Brokered Api Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.8 |
| CVE-2026-32090 | Windows Speech Brokered Api Elevation of Privilege Vulnerability | Exploitation Unlikely | No | 7.8 |
| CVE-2026-32153 | Windows Speech Runtime Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.8 |
| CVE-2026-27907 | Windows Storage Spaces Controller Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.8 |
| CVE-2026-32076 | Windows Storage Spaces Controller Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.8 |
| CVE-2026-33827 | Windows TCP/IP Remote Code Execution Vulnerability | Exploitation Less Likely | No | 8.1 |
| CVE-2026-27908 | Windows TDI Translation Driver (tdx.sys) Elevation of Privilege Vulnerability | Exploitation More Likely | No | 7.0 |
| CVE-2026-27921 | Windows TDI Translation Driver (tdx.sys) Elevation of Privilege Vulnerability | Exploitation More Likely | No | 7.0 |
| CVE-2026-27915 | Windows UPnP Device Host Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.8 |
| CVE-2026-27919 | Windows UPnP Device Host Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.8 |
| CVE-2026-32075 | Windows UPnP Device Host Elevation of Privilege Vulnerability | Exploitation More Likely | No | 7.0 |
| CVE-2026-27916 | Windows UPnP Device Host Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.8 |
| CVE-2026-27920 | Windows UPnP Device Host Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.8 |
| CVE-2026-32077 | Windows UPnP Device Host Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.8 |
| CVE-2026-27925 | Windows UPnP Device Host Information Disclosure Vulnerability | Exploitation Less Likely | No | 6.5 |
| CVE-2026-32156 | Windows UPnP Device Host Remote Code Execution Vulnerability | Exploitation Less Likely | No | 7.4 |
| CVE-2026-32223 | Windows USB Printing Stack (usbprint.sys) Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 6.8 |
| CVE-2026-32165 | Windows User Interface Core Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.8 |
| CVE-2026-27911 | Windows User Interface Core Elevation of Privilege Vulnerability | Exploitation Unlikely | No | 7.8 |
| CVE-2026-32163 | Windows User Interface Core Elevation of Privilege Vulnerability | Exploitation Unlikely | No | 7.8 |
| CVE-2026-32164 | Windows User Interface Core Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.8 |
| CVE-2026-23670 | Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability | Exploitation Less Likely | No | 5.7 |
| CVE-2026-32080 | Windows WalletService Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.0 |
| CVE-2026-27917 | Windows WFP NDIS Lightweight Filter Driver (wfplwfs.sys) Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.0 |
| CVE-2026-32222 | Windows Win32k Elevation of Privilege Vulnerability | Exploitation Less Likely | No | 7.8 |
Zero-Day Vulnerabilities: Known Exploited
CVE | Title | Exploitation status | Publicly disclosed? | CVSS v3 base score |
|---|---|---|---|---|
| CVE-2026-32201 | Microsoft SharePoint Server Spoofing Vulnerability | Exploitation Detected | No | 6.5 |
Zero-Day Vulnerabilities: Publicly Disclosed (No known exploitation)
CVE | Title | Exploitation status | Publicly disclosed? | CVSS v3 base score |
|---|---|---|---|---|
| CVE-2026-33825 | Microsoft Defender Elevation of Privilege Vulnerability | Exploitation More Likely | Yes | 7.8 |
Critical RCEs and EoPs
CVE | Title | Exploitation status | Publicly disclosed? | CVSS v3 base score |
|---|---|---|---|---|
| CVE-2026-33824 | Windows Internet Key Exchange (IKE) Service Extensions Remote Code Execution Vulnerability | Exploitation Less Likely | No | 9.8 |
