Back to overview

Threat intelligence

Microsoft Security Bulletin Coverage for May 2026

by Security News

Overview

Microsoft’s May 2026 Patch Tuesday has 132 vulnerabilities, of which 61 are elevation of privilege. SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of May 2026 and has produced coverage for 13 reported vulnerabilities.

Vulnerabilities with Detections

CVE

CVE Title

Signature

CVE-2026-33835Windows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityASPY 7218 Exploit-exe exe.MP_521
CVE-2026-33837Windows TCP/IP Local Elevation of Privilege VulnerabilityASPY 7219 Exploit-exe exe.MP_522
CVE-2026-33840Win32k Elevation of Privilege VulnerabilityASPY 7220 Exploit-exe exe.MP_523
CVE-2026-33841Windows Kernel Elevation of Privilege VulnerabilityASPY 7221 Exploit-exe exe.MP_524
CVE-2026-35416Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityASPY 7222 Exploit-exe exe.MP_525
CVE-2026-35417Windows Win32k Elevation of Privilege VulnerabilityASPY 682 Exploit-exe exe.MP_519
CVE-2026-40361Microsoft Word Remote Code Execution VulnerabilityASPY 681 Malformed-rtf rtf.MP_42
CVE-2026-40364Microsoft Word Remote Code Execution VulnerabilityASPY 684 Malformed-rtf rtf.MP_43
CVE-2026-40369Windows Kernel Elevation of Privilege VulnerabilityASPY 680 Exploit-exe exe.MP_518
CVE-2026-40397Windows Common Log File System Driver Elevation of Privilege VulnerabilityASPY 683 Exploit-exe exe.MP_520
CVE-2026-40398Windows Remote Desktop Services Elevation of Privilege VulnerabilityASPY 679 Exploit-exe exe.MP_517
CVE-2026-41089Windows Netlogon Remote Code Execution VulnerabilityIPS 22165 Windows Netlogon Remote Code Execution (CVE-2026-41089)
CVE-2026-41103Microsoft SSO Plugin for Jira & Confluence Elevation of Privilege VulnerabilityIPS 22164 Microsoft SSO Plugin for Jira & Confluence EoP (CVE-2026-41103)

Release Breakdown

The vulnerabilities can be classified into the following categories:

 

May_2026_chart_impact_1.png

 

May_2026_chart_severity_1.png

For May there are 31 critical and 101 important vulnerabilities.

 

May_2026_chart_Vul_count_1.pngMay_2026_chart_expl_dis_1.png

Microsoft tracks vulnerabilities that are being actively exploited at the time of discovery and those that have been disclosed publicly before the patch Tuesday release for each month. The above chart displays these metrics as seen each month.

 

May_2026_chart_expl_assesment_1.png

Release Detailed Breakdown

Denial of Service Vulnerabilities

CVECVE Title
CVE-2026-34339Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
CVE-2026-34350Windows Storport Miniport Driver Denial of Service Vulnerability
CVE-2026-35424Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability
CVE-2026-40401Windows TCP/IP Denial of Service Vulnerability
CVE-2026-40405Windows TCP/IP Denial of Service Vulnerability
CVE-2026-40413Windows TCP/IP Denial of Service Vulnerability
CVE-2026-40414Windows TCP/IP Denial of Service Vulnerability
CVE-2026-42899ASP.NET Core Denial of Service Vulnerability

 

Elevation of Privilege Vulnerabilities

CVECVE Title
CVE-2026-21530Windows Rich Text Edit Elevation of Privilege Vulnerability
CVE-2026-32170Windows Rich Text Edit Elevation of Privilege Vulnerability
CVE-2026-32177.NET Elevation of Privilege Vulnerability
CVE-2026-32185Microsoft Teams Spoofing Vulnerability
CVE-2026-32204Azure Monitor Agent Elevation of Privilege Vulnerability
CVE-2026-33821Microsoft Dynamics 365 Customer Insights Elevation of Privilege Vulnerability
CVE-2026-33834Windows Event Logging Service Elevation of Privilege Vulnerability
CVE-2026-33835Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
CVE-2026-33837Windows TCP/IP Local Elevation of Privilege Vulnerability
CVE-2026-33838Windows Message Queuing (MSMQ) Elevation of Privilege Vulnerability
CVE-2026-33839Win32k Elevation of Privilege Vulnerability
CVE-2026-33840Win32k Elevation of Privilege Vulnerability
CVE-2026-33841Windows Kernel Elevation of Privilege Vulnerability
CVE-2026-34330Win32k Elevation of Privilege Vulnerability
CVE-2026-34331Win32k Elevation of Privilege Vulnerability
CVE-2026-34333Windows Win32k Elevation of Privilege Vulnerability
CVE-2026-34334Windows TCP/IP Elevation of Privilege Vulnerability
CVE-2026-34337Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
CVE-2026-34338Windows Telephony Service Elevation of Privilege Vulnerability
CVE-2026-34340Windows Projected File System Elevation of Privilege Vulnerability
CVE-2026-34341Windows Link-Layer Discovery Protocol (LLDP) Elevation of Privilege Vulnerability
CVE-2026-34342Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2026-34343Windows Application Identity (AppID) Subsystem Elevation of Privilege Vulnerability
CVE-2026-34344Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2026-34345Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2026-34347Windows Win32k Elevation of Privilege Vulnerability
CVE-2026-34351Windows TCP/IP Elevation of Privilege Vulnerability
CVE-2026-35415Windows Storage Spaces Controller Elevation of Privilege Vulnerability
CVE-2026-35416Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2026-35417Windows Win32k Elevation of Privilege Vulnerability
CVE-2026-35418Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
CVE-2026-35420Windows Kernel Elevation of Privilege Vulnerability
CVE-2026-35433.NET Elevation of Privilege Vulnerability
CVE-2026-35435Azure AI Foundry Elevation of Privilege Vulnerability
CVE-2026-35436Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
CVE-2026-35438Windows Admin Center Elevation of Privilege Vulnerability
CVE-2026-40369Windows Kernel Elevation of Privilege Vulnerability
CVE-2026-40377Microsoft Cryptographic Services Elevation of Privilege Vulnerability
CVE-2026-40381Azure Connected Machine Agent Elevation of Privilege Vulnerability
CVE-2026-40382Windows Telephony Service Elevation of Privilege Vulnerability
CVE-2026-40397Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2026-40398Windows Remote Desktop Services Elevation of Privilege Vulnerability
CVE-2026-40399Windows TCP/IP Elevation of Privilege Vulnerability
CVE-2026-40402Windows Hyper-V Elevation of Privilege Vulnerability
CVE-2026-40407Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2026-40408Windows WAN ARP Driver Elevation of Privilege Vulnerability
CVE-2026-40410Windows SMB Client Elevation of Privilege Vulnerability
CVE-2026-40417Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability
CVE-2026-40418Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
CVE-2026-40419Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
CVE-2026-40420Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
CVE-2026-41086Windows Admin Center in Azure Portal Elevation of Privilege Vulnerability
CVE-2026-41088Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2026-41095Windows Projected File System Elevation of Privilege Vulnerability
CVE-2026-41103Microsoft SSO Plugin for Jira & Confluence Elevation of Privilege Vulnerability
CVE-2026-41105Azure Monitor Action Group Notification System Elevation of Privilege Vulnerability
CVE-2026-41613Visual Studio Code Elevation of Privilege Vulnerability
CVE-2026-42823Azure Logic Apps Elevation of Privilege Vulnerability
CVE-2026-42825Windows Telephony Service Elevation of Privilege Vulnerability
CVE-2026-42830Azure Monitor Agent Metrics Extension Elevation of Privilege Vulnerability
CVE-2026-42896Windows DWM Core Library Elevation of Privilege Vulnerability

 

Information Disclosure Vulnerabilities

CVECVE Title
CVE-2026-26129M365 Copilot Information Disclosure Vulnerability
CVE-2026-26164M365 Copilot Information Disclosure Vulnerability
CVE-2026-33111Copilot Chat (Microsoft Edge) Information Disclosure Vulnerability
CVE-2026-33823Microsoft Team Events Portal Information Disclosure Vulnerability
CVE-2026-34336Windows DWM Core Library Information Disclosure  Vulnerability
CVE-2026-35419Windows DWM Core Library Information Disclosure  Vulnerability
CVE-2026-35423Windows 11 Telnet Client Information Disclosure Vulnerability
CVE-2026-35440Microsoft Word Information Disclosure Vulnerability
CVE-2026-40360Microsoft Excel Information Disclosure Vulnerability
CVE-2026-40374Microsoft Power Automate Desktop Information Disclosure Vulnerability
CVE-2026-40406Windows TCP/IP Information Disclosure Vulnerability
CVE-2026-40421Microsoft Word Information Disclosure Vulnerability
CVE-2026-41612Visual Studio Code Information Disclosure Vulnerability
CVE-2026-42826Azure DevOps Information Disclosure Vulnerability

 

Remote Code Execution Vulnerabilities

CVECVE Title
CVE-2026-32161Windows Native WiFi Miniport Driver Remote Code Execution Vulnerability
CVE-2026-33109Azure Managed Instance for Apache Cassandra Remote Code Execution Vulnerability
CVE-2026-33110Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2026-33112Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2026-33844Azure Managed Instance for Apache Cassandra Remote Code Execution Vulnerability
CVE-2026-34329Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
CVE-2026-34332Windows Kernel-Mode Driver Remote Code Execution Vulnerability
CVE-2026-35421Windows GDI Remote Code Execution Vulnerability
CVE-2026-35439Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2026-40357Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2026-40358Microsoft Office Remote Code Execution Vulnerability
CVE-2026-40359Microsoft Excel Remote Code Execution Vulnerability
CVE-2026-40361Microsoft Word Remote Code Execution Vulnerability
CVE-2026-40362Microsoft Excel Remote Code Execution Vulnerability
CVE-2026-40363Microsoft Office Remote Code Execution Vulnerability
CVE-2026-40364Microsoft Word Remote Code Execution Vulnerability
CVE-2026-40365Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2026-40366Microsoft Word Remote Code Execution Vulnerability
CVE-2026-40367Microsoft Word Remote Code Execution Vulnerability
CVE-2026-40368Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2026-40370SQL Server Remote Code Execution Vulnerability
CVE-2026-40380Windows Volume Manager Extension Driver Remote Code Execution Vulnerability
CVE-2026-40403Windows Graphics Component Remote Code Execution Vulnerability
CVE-2026-40415Windows TCP/IP Remote Code Execution Vulnerability
CVE-2026-41089Windows Netlogon Remote Code Execution Vulnerability
CVE-2026-41094Microsoft Data Formulator Remote Code Execution Vulnerability
CVE-2026-41096Windows DNS Client Remote Code Execution Vulnerability
CVE-2026-41611Visual Studio Code Remote Code Execution Vulnerability
CVE-2026-42831Office for Android Remote Code Execution Vulnerability
CVE-2026-42833Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability
CVE-2026-42898Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability

Security Feature Bypass Vulnerabilities

CVECVE Title
CVE-2026-32209Windows Filtering Platform (WFP) Security Feature Bypass Vulnerability
CVE-2026-33117Azure SDK for Java Security Feature Bypass Vulnerability
CVE-2026-35422Windows TCP/IP Driver Security Feature Bypass Vulnerability
CVE-2026-41097Secure Boot Security Feature Bypass Vulnerability
CVE-2026-41109GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability
CVE-2026-41610Visual Studio Code Security Feature Bypass Vulnerability

 

Spoofing Vulnerabilities

CVECVE Title
CVE-2026-32207Azure Machine Learning Notebook Spoofing Vulnerability
CVE-2026-33833Azure Machine Learning Notebook Spoofing Vulnerability
CVE-2026-34327Microsoft Partner Center Spoofing Vulnerability
CVE-2026-35428Azure Cloud Shell Spoofing Vulnerability
CVE-2026-40379Microsoft Enterprise Security Token Service (ESTS) Spoofing Vulnerability
CVE-2026-41100Microsoft 365 Copilot for Android Spoofing Vulnerability
CVE-2026-41101Microsoft Word for Android Spoofing Vulnerability
CVE-2026-41102Microsoft PowerPoint for Android Spoofing Vulnerability
CVE-2026-41614M365 Copilot for Desktop Spoofing Vulnerability
CVE-2026-42832Microsoft Office Spoofing Vulnerability

Tampering Vulnerability

CVECVE Title
CVE-2026-32175.NET Core Tampering Vulnerability
CVE-2026-42893Microsoft Outlook for iOS Tampering Vulnerability

 

 

 

 

 

Share This Article

An Article By

Security News

The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.

Related Articles

  • Nested Deserialization to RCE in Adobe Commerce & Magento (CVE-2025-54236)
    Read More
  • Command Injection in HuangDou UTCMS (CVE-2024-9916) Enables RCE
    Read More