Microsoft May 2026 Patch Tuesday fixes 120 flaws, no zero-days
Today is Microsoft’s May 2026 Patch Tuesday, with security updates for 120 flaws and no zero-days disclosed.
This Patch Tuesday addresses 17 “Critical” vulnerabilities, 14 of which are remote code execution, 2 are elevation of privilege, and 1 is an information disclosure flaw.
The number of bugs in each vulnerability category is listed below:
- 61 Elevation of Privilege Vulnerabilities
- 6 Security Feature Bypass Vulnerabilities
- 31 Remote Code Execution Vulnerabilities
- 14 Information Disclosure Vulnerabilities
- 8 Denial of Service Vulnerabilities
- 13 Spoofing Vulnerabilities
When GeekFeed reports on Patch Tuesday security updates, we only count those released by Microsoft today.
Therefore, the number of flaws does not include flaws in Mariner, Azure, Copilot, Microsoft Teams, and Microsoft Partner Center that were fixed by Microsoft earlier this month. There were also 131 Microsoft Edge/Chromium flaws that were fixed by Google this month, which were excluded.
To learn more about the non-security updates released today, you can review our dedicated articles on the Windows 11 KB5089549 & KB5087420 cumulative updates and the Windows 10 KB5087544 extended security update.
Noteworthy vulnerabilities
Microsoft has not disclosed any zero-day vulnerabilities in this month’s Patch Tuesday. However, there are some vulnerabilities fixed today that IT and security admins should be aware of.
As part of today’s updates, Microsoft has fixed numerous vulnerabilities in Microsoft Office, Word, and Excel that could lead to remote code execution.
These flaws are exploited by opening malicious files, which can result in remote code execution. As many of these can be exploited via the preview pane, it is strongly advised to update Microsoft Office as soon as possible, especially if they commonly receive attachments.
Other interesting vulnerabilities are:
- CVE-2026-35421 – Windows GDI Remote Code Execution Vulnerability: This flaw can be exploited by opening a malicious Enhanced Metafile (EMF) file using Microsoft Paint.
- CVE-2026-40365 – Microsoft SharePoint Server Remote Code Execution Vulnerability: An authenticated attacker can perform a network-based attack that remotely executes code on a SharePoint server.
- CVE-2026-41096 – Windows DNS Client Remote Code Execution Vulnerability: An attacker-controlled DNS server could send a specially crafted DNS response to a vulnerable Windows system, causing the DNS Client to incorrectly process the response and corrupt memory. This would allow the attacker to run code on the vulnerable system remotely.
Recent updates from other companies
Other vendors who released updates or advisories in May 2026 include:
- Adobe has released security updates for After Effects, Premiere Pro, Media Encoder, Commerce, Illustrator, and more.
- AMD disclosed updates for an elevation of privileges vulnerability in the CPU operation (op/µop) cache on Zen 2‑based.
- Apple released security updates for macOS, iOS, watchOS, iPadOS, visionOS, and tvOS.
- Cisco released security updates for numerous products, including a DoS flaw that requires manual rebooting of affected systems for recovery.
- Fortinet released security updates for two critical flaws in FortiSandbox and FortiAuthenticator.
- Google released Android’s May security bulletin, which fixes 10 vulnerabilities.
- Ivanti released security updates for a high-severity Endpoint Manager Mobile (EPMM) remote code execution vulnerability, which was exploited in zero-day attacks.
- Mozilla released security updates for five Firefox vulnerabilities.
- Palo Alto Networks warned of a critical PAN-OS User-ID Authentication Portal flaw that was exploited in attacks as a zero-day. Patches have still not been released, but mitigations are available.
- SAP released the May security updates, which include fixes for one high-severity and two Critical flaws.
- vm2 released security updates for a critical vulnerability in the popular Node.js sandboxing library.
The May 2026 Patch Tuesday Security Updates
Below is the complete list of resolved vulnerabilities in the May 2026 Patch Tuesday updates.
| Tag | CVE ID | CVE Title | Severity |
|---|---|---|---|
| .NET | CVE-2026-35433 | .NET Elevation of Privilege Vulnerability | Important |
| .NET | CVE-2026-32177 | .NET Elevation of Privilege Vulnerability | Important |
| .NET | CVE-2026-32175 | .NET Core Tampering Vulnerability | Important |
| AMD CPU Branch | CVE-2025-54518 | AMD: CVE-2025-54518 CPU OP Cache Corruption | Important |
| ASP.NET Core | CVE-2026-42899 | ASP.NET Core Denial of Service Vulnerability | Important |
| Azure Connected Machine Agent | CVE-2026-40381 | Azure Connected Machine Agent Elevation of Privilege Vulnerability | Important |
| Azure Logic Apps | CVE-2026-42823 | Azure Logic Apps Elevation of Privilege Vulnerability | Important |
| Azure Machine Learning | CVE-2026-33833 | Azure Machine Learning Notebook Spoofing Vulnerability | Important |
| Azure Monitor Agent | CVE-2026-32204 | Azure Monitor Agent Elevation of Privilege Vulnerability | Important |
| Azure Monitor Agent | CVE-2026-42830 | Azure Monitor Agent Metrics Extension Elevation of Privilege Vulnerability | Important |
| Azure SDK | CVE-2026-33117 | Azure SDK for Java Security Feature Bypass Vulnerability | Important |
| Data Deduplication | CVE-2026-41095 | Data Deduplication Elevation of Privilege Vulnerability | Important |
| Dynamics Business Central | CVE-2026-40417 | Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability | Important |
| GitHub Copilot and Visual Studio | CVE-2026-41109 | GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability | Important |
| M365 Copilot | CVE-2026-41100 | Microsoft 365 Copilot for Android Spoofing Vulnerability | Important |
| M365 Copilot | CVE-2026-42893 | Microsoft Outlook for iOS Tampering Vulnerability | Important |
| M365 Copilot | CVE-2026-26164 | M365 Copilot Information Disclosure Vulnerability | Critical |
| M365 Copilot for Desktop | CVE-2026-41614 | M365 Copilot for Desktop Spoofing Vulnerability | Important |
| Microsoft Data Formulator | CVE-2026-41094 | Microsoft Data Formulator Remote Code Execution Vulnerability | Important |
| Microsoft Dynamics 365 (on-premises) | CVE-2026-42898 | Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability | Critical |
| Microsoft Dynamics 365 (on-premises) | CVE-2026-42833 | Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2026-42832 | Microsoft Office Spoofing Vulnerability | Important |
| Microsoft Office | CVE-2026-42831 | Microsoft Office Remote Code Execution Vulnerability | Critical |
| Microsoft Office | CVE-2026-40363 | Microsoft Office Remote Code Execution Vulnerability | Critical |
| Microsoft Office | CVE-2026-40419 | Microsoft Office Click-To-Run Elevation of Privilege Vulnerability | Important |
| Microsoft Office | CVE-2026-40358 | Microsoft Office Remote Code Execution Vulnerability | Critical |
| Microsoft Office Click-To-Run | CVE-2026-35436 | Microsoft Office Click-To-Run Elevation of Privilege Vulnerability | Important |
| Microsoft Office Click-To-Run | CVE-2026-40420 | Microsoft Office Click-To-Run Elevation of Privilege Vulnerability | Important |
| Microsoft Office Click-To-Run | CVE-2026-40418 | Microsoft Office Click-To-Run Elevation of Privilege Vulnerability | Important |
| Microsoft Office Excel | CVE-2026-40360 | Microsoft Excel Information Disclosure Vulnerability | Important |
| Microsoft Office Excel | CVE-2026-40362 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2026-40359 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office PowerPoint | CVE-2026-41102 | Microsoft PowerPoint for Android Spoofing Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2026-40368 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2026-35439 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2026-33112 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2026-40365 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Critical |
| Microsoft Office SharePoint | CVE-2026-40357 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2026-33110 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important |
| Microsoft Office Word | CVE-2026-40361 | Microsoft Word Remote Code Execution Vulnerability | Critical |
| Microsoft Office Word | CVE-2026-40367 | Microsoft Word Remote Code Execution Vulnerability | Critical |
| Microsoft Office Word | CVE-2026-35440 | Microsoft Word Information Disclosure Vulnerability | Important |
| Microsoft Office Word | CVE-2026-40421 | Microsoft Word Information Disclosure Vulnerability | Important |
| Microsoft Office Word | CVE-2026-41101 | Microsoft Word for Android Spoofing Vulnerability | Important |
| Microsoft Office Word | CVE-2026-40366 | Microsoft Word Remote Code Execution Vulnerability | Critical |
| Microsoft Office Word | CVE-2026-40364 | Microsoft Word Remote Code Execution Vulnerability | Critical |
| Microsoft SSO Plugin for Jira & Confluence | CVE-2026-41103 | Microsoft SSO Plugin for Jira & Confluence Elevation of Privilege Vulnerability | Critical |
| Microsoft Teams | CVE-2026-32185 | Microsoft Teams Spoofing Vulnerability | Important |
| Microsoft Windows DNS | CVE-2026-41096 | Windows DNS Client Remote Code Execution Vulnerability | Critical |
| Power Automate | CVE-2026-40374 | Microsoft Power Automate Desktop Information Disclosure Vulnerability | Important |
| SQL Server | CVE-2026-40370 | SQL Server Remote Code Execution Vulnerability | Important |
| Telnet Client | CVE-2026-35423 | Windows 11 Telnet Client Information Disclosure Vulnerability | Important |
| Visual Studio Code | CVE-2026-41613 | Visual Studio Code Elevation of Privilege Vulnerability | Important |
| Visual Studio Code | CVE-2026-41612 | Visual Studio Code Information Disclosure Vulnerability | Important |
| Visual Studio Code | CVE-2026-41610 | Visual Studio Code Security Feature Bypass Vulnerability | Important |
| Visual Studio Code | CVE-2026-41611 | Visual Studio Code Remote Code Execution Vulnerability | Important |
| Windows Admin Center | CVE-2026-41086 | Windows Admin Center in Azure Portal Elevation of Privilege Vulnerability | Important |
| Windows Admin Center | CVE-2026-35438 | Windows Admin Center Elevation of Privilege Vulnerability | Important |
| Windows Ancillary Function Driver for WinSock | CVE-2026-35416 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Important |
| Windows Ancillary Function Driver for WinSock | CVE-2026-41088 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Important |
| Windows Ancillary Function Driver for WinSock | CVE-2026-34345 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Important |
| Windows Ancillary Function Driver for WinSock | CVE-2026-34344 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Important |
| Windows Application Identity (AppID) Subsystem | CVE-2026-34343 | Windows Application Identity (AppID) Subsystem Elevation of Privilege Vulnerability | Important |
| Windows Cloud Files Mini Filter Driver | CVE-2026-34337 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | Important |
| Windows Cloud Files Mini Filter Driver | CVE-2026-35418 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | Important |
| Windows Cloud Files Mini Filter Driver | CVE-2026-33835 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | Important |
| Windows Common Log File System Driver | CVE-2026-40397 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important |
| Windows Common Log File System Driver | CVE-2026-40407 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important |
| Windows Cryptographic Services | CVE-2026-40377 | Microsoft Cryptographic Services Elevation of Privilege Vulnerability | Important |
| Windows DWM Core Library | CVE-2026-34336 | Windows DWM Core Library Information Disclosure Vulnerability | Important |
| Windows DWM Core Library | CVE-2026-42896 | Windows DWM Core Library Elevation of Privilege Vulnerability | Important |
| Windows DWM Core Library | CVE-2026-35419 | Windows DWM Core Library Information Disclosure Vulnerability | Important |
| Windows Event Logging Service | CVE-2026-33834 | Windows Event Logging Service Elevation of Privilege Vulnerability | Important |
| Windows Filtering Platform (WFP) | CVE-2026-32209 | Windows Filtering Platform (WFP) Security Feature Bypass Vulnerability | Important |
| Windows GDI | CVE-2026-35421 | Windows GDI Remote Code Execution Vulnerability | Critical |
| Windows Hyper-V | CVE-2026-40402 | Windows Hyper-V Elevation of Privilege Vulnerability | Critical |
| Windows Internet Key Exchange (IKE) Protocol | CVE-2026-35424 | Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability | Important |
| Windows Kernel | CVE-2026-40369 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2026-33841 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2026-35420 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Kernel-Mode Drivers | CVE-2026-34332 | Windows Kernel-Mode Driver Remote Code Execution Vulnerability | Important |
| Windows Kernel-Mode Drivers | CVE-2026-40408 | Windows WAN ARP Driver Elevation of Privilege Vulnerability | Important |
| Windows LDAP – Lightweight Directory Access Protocol | CVE-2026-34339 | Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability | Important |
| Windows Link-Layer Discovery Protocol (LLDP) | CVE-2026-34341 | Windows Link-Layer Discovery Protocol (LLDP) Elevation of Privilege Vulnerability | Important |
| Windows Message Queuing | CVE-2026-34329 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | Important |
| Windows Message Queuing | CVE-2026-33838 | Windows Message Queuing (MSMQ) Elevation of Privilege Vulnerability | Important |
| Windows Native WiFi Miniport Driver | CVE-2026-32161 | Windows Native WiFi Miniport Driver Remote Code Execution Vulnerability | Critical |
| Windows Netlogon | CVE-2026-41089 | Windows Netlogon Remote Code Execution Vulnerability | Critical |
| Windows Print Spooler Components | CVE-2026-34342 | Windows Print Spooler Elevation of Privilege Vulnerability | Important |
| Windows Projected File System | CVE-2026-34340 | Windows Projected File System Elevation of Privilege Vulnerability | Important |
| Windows Remote Desktop | CVE-2026-40398 | Windows Remote Desktop Services Elevation of Privilege Vulnerability | Important |
| Windows Rich Text Edit | CVE-2026-21530 | Windows Rich Text Edit Elevation of Privilege Vulnerability | Important |
| Windows Rich Text Edit Control | CVE-2026-32170 | Windows Rich Text Edit Elevation of Privilege Vulnerability | Important |
| Windows Secure Boot | CVE-2026-41097 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows SMB Client | CVE-2026-40410 | Windows SMB Client Elevation of Privilege Vulnerability | Important |
| Windows Storage Spaces Controller | CVE-2026-35415 | Windows Storage Spaces Controller Elevation of Privilege Vulnerability | Important |
| Windows Storport Miniport Driver | CVE-2026-34350 | Windows Storport Miniport Driver Denial of Service Vulnerability | Important |
| Windows TCP/IP | CVE-2026-34351 | Windows TCP/IP Elevation of Privilege Vulnerability | Important |
| Windows TCP/IP | CVE-2026-33837 | Windows TCP/IP Local Elevation of Privilege Vulnerability | Important |
| Windows TCP/IP | CVE-2026-40406 | Windows TCP/IP Information Disclosure Vulnerability | Important |
| Windows TCP/IP | CVE-2026-40414 | Windows TCP/IP Denial of Service Vulnerability | Important |
| Windows TCP/IP | CVE-2026-34334 | Windows TCP/IP Elevation of Privilege Vulnerability | Important |
| Windows TCP/IP | CVE-2026-40399 | Windows TCP/IP Elevation of Privilege Vulnerability | Important |
| Windows TCP/IP | CVE-2026-35422 | Windows TCP/IP Driver Security Feature Bypass Vulnerability | Important |
| Windows TCP/IP | CVE-2026-40413 | Windows TCP/IP Denial of Service Vulnerability | Important |
| Windows TCP/IP | CVE-2026-40415 | Windows TCP/IP Remote Code Execution Vulnerability | Important |
| Windows TCP/IP | CVE-2026-40401 | Windows TCP/IP Denial of Service Vulnerability | Important |
| Windows TCP/IP | CVE-2026-40405 | Windows TCP/IP Denial of Service Vulnerability | Important |
| Windows Telephony Service | CVE-2026-40382 | Windows Telephony Service Elevation of Privilege Vulnerability | Important |
| Windows Telephony Service | CVE-2026-34338 | Windows Telephony Service Elevation of Privilege Vulnerability | Important |
| Windows Telephony Service | CVE-2026-42825 | Windows Telephony Service Elevation of Privilege Vulnerability | Important |
| Windows Volume Manager Extension Driver | CVE-2026-40380 | Windows Volume Manager Extension Driver Remote Code Execution Vulnerability | Important |
| Windows Win32K – GRFX | CVE-2026-33839 | Win32k Elevation of Privilege Vulnerability | Important |
| Windows Win32K – GRFX | CVE-2026-40403 | Windows Graphics Component Remote Code Execution Vulnerability | Critical |
| Windows Win32K – GRFX | CVE-2026-34347 | Windows Win32k Elevation of Privilege Vulnerability | Important |
| Windows Win32K – GRFX | CVE-2026-34333 | Windows Win32k Elevation of Privilege Vulnerability | Important |
| Windows Win32K – GRFX | CVE-2026-34330 | Win32k Elevation of Privilege Vulnerability | Important |
| Windows Win32K – GRFX | CVE-2026-34331 | Win32k Elevation of Privilege Vulnerability | Important |
| Windows Win32K – ICOMP | CVE-2026-35417 | Windows Win32k Elevation of Privilege Vulnerability | Important |
| Windows Win32K – ICOMP | CVE-2026-33840 | Win32k Elevation of Privilege Vulnerability | Important |
