{"vulnerability": "cve-2026-4289", "sightings": [{"uuid": "b2a5107f-dff1-4336-a439-20197c320cb2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4289", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/116245524273759419", "content": "", "creation_timestamp": "2026-03-17T16:45:36.720851Z"}, {"uuid": "afd65f20-2265-4af2-a350-528bd327585e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42899", "type": "seen", "source": "https://www.thezdi.com/blog/2026/5/12/the-may-2026-security-update-review", "content": "I\u2019m currently in Berlin helping set up for Pwn2Own Berlin, but that doesn\u2019t stop Patch Tuesday from coming, and it\u2019s another big one. At least nothing is listed as being in the wild \u2013 for now. Take a break from your regularly scheduled activities and let\u2019s take a look at the latest security patches from Adobe and Microsoft. Due to technical difficulties, there will not be a video companion for this month.\nAdobe Patches for May 2026\nFor May, Adobe released 10 bulletins addressing 52 unique CVEs in Adobe Commerce, After Effects, Adobe Connect, Illustrator, Media Encoder, Premiere Pro, Substance 3D Painter, Substance 3D Sampler, Content Authenticity SDK, and the Adobe Substance 3D Designer. Here\u2019s this month\u2019s overview table:\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n  \n  \n\n\n\n\n  \n    \n\n\n\n<colgroup>\n  <col />\n  <col />\n  <col />\n  <col />\n  <col />\n  <col />\n  <col />\n</colgroup>\n\n<tfoot>\n  \n</tfoot>\n\n\n  \n    Bulletin ID\n    Product\n    CVE Count\n    Highest Severity\n    Highest CVSS\n    Exploited\n    Deployment Priority\n  \n\n\n  \n    APSB26-49\n    Adobe Commerce\n    15\n    Critical\n    8.7\n    No\n    2\n  \n  \n    APSB26-48\n    Adobe After Effects\n    4\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-50\n    Adobe Connect\n    2\n    Critical\n    9.6\n    No\n    3\n  \n  \n    APSB26-51\n    Adobe Illustrator\n    4\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-47\n    Adobe Media Encoder\n    2\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-46\n    Adobe Premiere Pro\n    3\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-55\n    Adobe Substance 3D Painter\n    2\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-54\n    Adobe Substance 3D Sampler\n    1\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-53\n    Content Authenticity SDK\n    14\n    Critical\n    7.5\n    No\n    3\n  \n  \n    APSB26-52\n    Adobe Substance 3D Designer\n    5\n    Important\n    6.3\n    No\n    3\n  \n\n    TOTAL\n    10 bulletins\n    52\n    \n    \n    \n    \n  \n\n\n\n  \n\n\n\n\n  \nThe obvious priority this month is the patch for Commerce, with its 15 bugs and deployment priority of 2. The Connect fix should also rank up there since both of its CVEs are CVSS 9s. Beyond those, it\u2019s a pretty typical month for Adobe, with most of the bugs either being cross-site scripting (XSS) or open-and-own code executions.\nMicrosoft Patches for May 2026\nThis month, Microsoft released a whopping 138 new CVEs in Windows and Windows components, Office and Office Components, Microsoft Edge (Chromium-based), Azure, .NET and Visual Studio, Copilot Chat, Github Copilot, M365 Copilot, SQL Server, TCP/IP, and the Telnet Client \u2013 yes, the Telnet client. Two of these bugs were reported through the TrendAI ZDI program. 30 of these bugs are rated Critical, three are rated as Moderate, one is rated Low, and the rest are rated Important in severity.\nThis large volume of fixes follows the largest monthly release in Microsoft\u2019s history and reflects the trend across the industry of a high number of submissions. While not all of these bugs were found by AI, it\u2019s likely they had an AI-related component \u2013 even if it was just AI writing the submission. I should also point out the Pwn2Own Berlin occurs in just a few days, and it\u2019s typical for vendors to patch as much as they can before the event.\nNone of the bugs patched by Microsoft this month are listed as publicly known or under active attack at the time of release, so we\u2019ve got that going for us. Let\u2019s take a closer look at some of the more interesting updates for this month, starting with a nasty-looking bug in DNS:\n-    CVE-2026-41096 - Windows DNS Client Remote Code Execution VulnerabilityThis patch fixes a heap-based buffer overflow in the DNS Client triggered by a malicious DNS response. No authentication or user interaction needed, and since the DNS Client runs on virtually every Windows machine, the attack surface is enormous. An attacker with a position to influence DNS responses (MitM, rogue server) could achieve unauthenticated RCE across your enterprise.\n-    CVE-2026-41089 - Windows Netlogon Remote Code Execution VulnerabilityThis update covers another CVSS 9.8 bug, which is a stack-based buffer overflow that lets an unauthenticated remote attacker execute code on a domain controller by sending a specially crafted network request \u2014 no credentials, no user interaction required. Yup \u2013 that makes it wormable. This is the highest-impact bug that requires immediate patching: a compromised domain controller is a compromised domain.\n-    CVE-2026-42898 - Microsoft Dynamics 365 On-Premises Remote Code Execution VulnerabilityThis bug rates a CVSS 9.9(!) and represents a code injection in Dynamics 365. It allows any authenticated user to execute code with a scope change, meaning exploitation can break out and affect resources beyond the vulnerable component itself. Scope changes are pretty rare, so if you\u2019re running Dynamics 365 On-Prem, definitely test and deploy this patch quickly.\n-    CVE-2026-40415 - Windows TCP/IP Remote Code Execution VulnerabilityThis bug in the TCP/IP stack results from a use-after-free (UAF) and could allow a remote, unauthenticated threat actor to execute code without user interaction. That makes this another wormable bug. However, this one is much less likely to be exploited. The target needs to be under sustained low-memory (memory pressure) conditions, which is pretty rare. Still, no need to tempt fate here. Test and deploy this one quickly.\nHere\u2019s the full list of CVEs released by Microsoft for May 2026:\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n  \n  \n\n\n\n\n  \n    \n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n <col width=\"144\" />\n <col width=\"256\" />\n <col span=\"5\" width=\"104\" />\n \n\n  CVE\n  Title\n  Severity\n  CVSS\n  Public\n  Exploited\n  Type\n \n \n  <span>CVE-2026-35435</span>\n  Azure AI Foundry\n  Elevation of Privilege Vulnerability\n  Critical\n  8.6\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35428</span>\n  Azure Cloud Shell\n  Spoofing Vulnerability\n  Critical\n  9.6\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-42826</span>\n  Azure DevOps\n  Information Disclosure Vulnerability\n  Critical\n  10\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-32207</span>\n  Azure Machine Learning\n  Notebook Spoofing Vulnerability\n  Critical\n  8.8\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-33109</span>\n  Azure Managed Instance\n  for Apache Cassandra Remote Code Execution Vulnerability\n  Critical\n  9.9\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-33844</span>\n  Azure Managed Instance\n  for Apache Cassandra Remote Code Execution Vulnerability\n  Critical\n  9\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-41105</span>\n  Azure Monitor Action\n  Group Notification System Elevation of Privilege Vulnerability\n  Critical\n  8.1\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33111</span>\n  Copilot Chat\n  (Microsoft Edge) Information Disclosure Vulnerability\n  Critical\n  7.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-26129</span>\n  M365 Copilot\n  Information Disclosure Vulnerability\n  Critical\n  7.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-26164</span>\n  M365 Copilot\n  Information Disclosure Vulnerability\n  Critical\n  7.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-33821</span>\n  Microsoft Dynamics 365\n  Customer Insights Elevation of Privilege Vulnerability\n  Critical\n  7.7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42898</span>\n  Microsoft Dynamics 365\n  On-Premises Remote Code Execution Vulnerability\n  Critical\n  9.9\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40379</span>\n  Microsoft Enterprise\n  Security Token Service (ESTS) Spoofing Vulnerability\n  Critical\n  9.3\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-40363</span>\n  Microsoft Office\n  Remote Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40358</span>\n  Microsoft Office\n  Remote Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-34327</span>\n  Microsoft Partner\n  Center Spoofing Vulnerability\n  Critical\n  8.2\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-40365</span>\n  Microsoft SharePoint\n  Server Remote Code Execution Vulnerability\n  Critical\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-41103</span>\n  Microsoft SSO Plugin\n  for Jira & Confluence Elevation of Privilege Vulnerability\n  Critical\n  9.1\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33823</span>\n  Microsoft Team Events\n  Portal Information Disclosure Vulnerability\n  Critical\n  9.6\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-40364</span>\n  Microsoft Word Remote\n  Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40366</span>\n  Microsoft Word Remote\n  Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40361</span>\n  Microsoft Word Remote\n  Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40367</span>\n  Microsoft Word Remote\n  Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-42831</span>\n  Office for Android\n  Remote Code Execution Vulnerability\n  Critical\n  7.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-41096</span>\n  Windows DNS Client\n  Remote Code Execution Vulnerability\n  Critical\n  9.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-35421</span>\n  Windows GDI Remote\n  Code Execution Vulnerability\n  Critical\n  7.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40403</span>\n  Windows Graphics\n  Component Remote Code Execution Vulnerability\n  Critical\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40402</span>\n  Windows Hyper-V\n  Elevation of Privilege Vulnerability\n  Critical\n  9.3\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-32161</span>\n  Windows Native WiFi\n  Miniport Driver Remote Code Execution Vulnerability\n  Critical\n  7.5\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-41089</span>\n  Windows Netlogon\n  Remote Code Execution Vulnerability\n  Critical\n  9.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-32175</span>\n  .NET Core Tampering\n  Vulnerability\n  Important\n  4.3\n  No\n  No\n  Tampering\n \n \n  <span>CVE-2026-32177</span>\n  .NET Elevation of\n  Privilege Vulnerability\n  Important\n  7.3\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35433</span>\n  .NET Elevation of\n  Privilege Vulnerability\n  Important\n  7.3\n  No\n  No\n  EoP\n \n \n  <span>CVE-2025-54518 *</span>\n  AMD: CVE-2025-54518\n  CPU OP Cache Corruption\n  Important\n  \n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-42899</span>\n  ASP.NET Core Denial of\n  Service Vulnerability\n  Important\n  7.5\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-40381</span>\n  Azure Connected\n  Machine Agent Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42823 \u2020</span>\n  Azure Logic Apps\n  Elevation of Privilege Vulnerability\n  Important\n  9.9\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33833</span>\n  Azure Machine Learning\n  Notebook Spoofing Vulnerability\n  Important\n  8.2\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-32204</span>\n  Azure Monitor Agent\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42830</span>\n  Azure Monitor Agent\n  Metrics Extension Elevation of Privilege Vulnerability\n  Important\n  6.5\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33117</span>\n  Azure SDK for Java\n  Security Feature Bypass Vulnerability\n  Important\n  9.1\n  No\n  No\n  SFB\n \n \n  <span>CVE-2026-41109</span>\n  GitHub Copilot and\n  Visual Studio Code Security Feature Bypass Vulnerability\n  Important\n  8.8\n  No\n  No\n  SFB\n \n \n  <span>CVE-2026-35424</span>\n  Internet Key Exchange\n  (IKE) Protocol Denial of Service Vulnerability\n  Important\n  7.5\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-41614</span>\n  M365 Copilot for\n  Desktop Spoofing Vulnerability\n  Important\n  6.2\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-41100</span>\n  Microsoft 365 Copilot\n  for Android Spoofing Vulnerability\n  Important\n  4.4\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-40377</span>\n  Microsoft\n  Cryptographic Services Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-41094</span>\n  Microsoft Data\n  Formulator Remote Code Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40417</span>\n  Microsoft Dynamics 365\n  Business Central Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42833</span>\n  Microsoft Dynamics 365\n  On-Premises Remote Code Execution Vulnerability\n  Important\n  9.1\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-42838</span>\n  Microsoft Edge\n  (Chromium-based) Elevation of Privilege Vulnerability\n  Important\n  5.4\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40360</span>\n  Microsoft Excel\n  Information Disclosure Vulnerability\n  Important\n  7.8\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-40359</span>\n  Microsoft Excel Remote\n  Code Execution Vulnerability\n  Important\n  7.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40362</span>\n  Microsoft Excel Remote\n  Code Execution Vulnerability\n  Important\n  7.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-42832</span>\n  Microsoft Excel\n  Spoofing Vulnerability\n  Important\n  7.7\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-34329</span>\n  Microsoft Message\n  Queuing (MSMQ) Remote Code Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40419</span>\n  Microsoft Office\n  Click-To-Run Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40418</span>\n  Microsoft Office\n  Click-To-Run Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35436</span>\n  Microsoft Office\n  Click-To-Run Elevation of Privilege Vulnerability\n  Important\n  8.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40420</span>\n  Microsoft Office\n  Click-To-Run Elevation of Privilege Vulnerability\n  Important\n  8.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42893</span>\n  Microsoft Outlook for\n  iOS Tampering Vulnerability\n  Important\n  7.4\n  No\n  No\n  Tampering\n \n \n  <span>CVE-2026-40374</span>\n  Microsoft Power\n  Automate Desktop Information Disclosure Vulnerability\n  Important\n  6.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-41102</span>\n  Microsoft PowerPoint\n  for Android Spoofing Vulnerability\n  Important\n  7.1\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-35439</span>\n  Microsoft SharePoint\n  Server Remote Code Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40368</span>\n  Microsoft SharePoint\n  Server Remote Code Execution Vulnerability\n  Important\n  8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-33110</span>\n  Microsoft SharePoint\n  Server Remote Code Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-33112</span>\n  Microsoft SharePoint\n  Server Remote Code Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40357</span>\n  Microsoft SharePoint\n  Server Remote Code Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-32185</span>\n  Microsoft Teams\n  Spoofing Vulnerability\n  Important\n  5.5\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-41101</span>\n  Microsoft Word for\n  Android Spoofing Vulnerability\n  Important\n  7.1\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-35440</span>\n  Microsoft Word\n  Information Disclosure Vulnerability\n  Important\n  5.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-40421</span>\n  Microsoft Word\n  Information Disclosure Vulnerability\n  Important\n  4.3\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-41097</span>\n  Secure Boot Security\n  Feature Bypass Vulnerability\n  Important\n  6.7\n  No\n  No\n  SFB\n \n \n  <span>CVE-2026-40370 \u2020</span>\n  SQL Server Remote Code\n  Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-41613</span>\n  Visual Studio Code\n  Elevation of Privilege Vulnerability\n  Important\n  8.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-41612</span>\n  Visual Studio Code\n  Information Disclosure Vulnerability\n  Important\n  5.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-41611</span>\n  Visual Studio Code\n  Remote Code Execution Vulnerability\n  Important\n  7.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-41610</span>\n  Visual Studio Code\n  Security Feature Bypass Vulnerability\n  Important\n  6.3\n  No\n  No\n  SFB\n \n \n  <span>CVE-2026-33839</span>\n  Win32k Elevation of\n  Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33840</span>\n  Win32k Elevation of\n  Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34330</span>\n  Win32k Elevation of\n  Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34331</span>\n  Win32k Elevation of\n  Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35423</span>\n  Windows 11 Telnet\n  Client Information Disclosure Vulnerability\n  Important\n  5.4\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-35438</span>\n  Windows Admin Center\n  Elevation of Privilege Vulnerability\n  Important\n  8.3\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-41086</span>\n  Windows Admin Center\n  in Azure Portal Elevation of Privilege Vulnerability\n  Important\n  8.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34344</span>\n  Windows Ancillary\n  Function Driver for WinSock Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34345</span>\n  Windows Ancillary\n  Function Driver for WinSock Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35416</span>\n  Windows Ancillary\n  Function Driver for WinSock Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-41088</span>\n  Windows Ancillary\n  Function Driver for WinSock Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34343</span>\n  Windows Application\n  Identity (AppID) Subsystem Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35418</span>\n  Windows Cloud Files\n  Mini Filter Driver Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33835</span>\n  Windows Cloud Files\n  Mini Filter Driver Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34337</span>\n  Windows Cloud Files\n  Mini Filter Driver Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40407</span>\n  Windows Common Log\n  File System Driver Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40397</span>\n  Windows Common Log\n  File System Driver Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42896</span>\n  Windows DWM Core\n  Library Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35419</span>\n  Windows DWM Core\n  Library Information Disclosure<span> \n  </span>Vulnerability\n  Important\n  5.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-34336</span>\n  Windows DWM Core\n  Library Information Disclosure<span> \n  </span>Vulnerability\n  Important\n  7.8\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-33834</span>\n  Windows Event Logging\n  Service Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-32209</span>\n  Windows Filtering\n  Platform (WFP) Security Feature Bypass Vulnerability\n  Important\n  4.4\n  No\n  No\n  SFB\n \n \n  <span>CVE-2026-33841</span>\n  Windows Kernel\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35420</span>\n  Windows Kernel\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40369</span>\n  Windows Kernel\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34332</span>\n  Windows Kernel-Mode\n  Driver Remote Code Execution Vulnerability\n  Important\n  8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-34339</span>\n  Windows Lightweight\n  Directory Access Protocol (LDAP) Denial of Service Vulnerability\n  Important\n  5.5\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-34341</span>\n  Windows Link-Layer\n  Discovery Protocol (LLDP) Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33838</span>\n  Windows Message\n  Queuing (MSMQ) Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34342</span>\n  Windows Print Spooler\n  Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-41095</span>\n  Windows Projected File\n  System Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34340</span>\n  Windows Projected File\n  System Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40398</span>\n  Windows Remote Desktop\n  Services Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-21530</span>\n  Windows Rich Text Edit\n  Elevation of Privilege Vulnerability\n  Important\n  6.7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-32170</span>\n  Windows Rich Text Edit\n  Elevation of Privilege Vulnerability\n  Important\n  6.7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40410</span>\n  Windows SMB Client\n  Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35415</span>\n  Windows Storage Spaces\n  Controller Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34350</span>\n  Windows Storport\n  Miniport Driver Denial of Service Vulnerability\n  Important\n  6.5\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-40405</span>\n  Windows TCP/IP Denial\n  of Service Vulnerability\n  Important\n  7.5\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-40414</span>\n  Windows TCP/IP Denial\n  of Service Vulnerability\n  Important\n  7.4\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-40401</span>\n  Windows TCP/IP Denial\n  of Service Vulnerability\n  Important\n  6.2\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-40413</span>\n  Windows TCP/IP Denial\n  of Service Vulnerability\n  Important\n  7.4\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-35422</span>\n  Windows TCP/IP Driver\n  Security Feature Bypass Vulnerability\n  Important\n  6.5\n  No\n  No\n  SFB\n \n \n  <span>CVE-2026-34351</span>\n  Windows TCP/IP\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40399</span>\n  Windows TCP/IP\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34334</span>\n  Windows TCP/IP\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40406</span>\n  Windows TCP/IP\n  Information Disclosure Vulnerability\n  Important\n  7.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-33837</span>\n  Windows TCP/IP Local\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40415</span>\n  Windows TCP/IP Remote\n  Code Execution Vulnerability\n  Important\n  8.1\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-42825</span>\n  Windows Telephony\n  Service Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34338</span>\n  Windows Telephony\n  Service Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40382</span>\n  Windows Telephony\n  Service Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40380</span>\n  Windows Volume Manager\n  Extension Driver Remote Code Execution Vulnerability\n  Important\n  6.2\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40408</span>\n  Windows WAN ARP Driver\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34333</span>\n  Windows Win32k\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34347</span>\n  Windows Win32k\n  Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35417</span>\n  Windows Win32k\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42891</span>\n  Microsoft Edge\n  (Chromium-based) for Android Spoofing Vulnerability\n  Moderate\n  6.5\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-35429</span>\n  Microsoft Edge\n  (Chromium-based) for Android Spoofing Vulnerability\n  Moderate\n  4.3\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-41107</span>\n  Microsoft Edge\n  (Chromium-based) Information Disclosure Vulnerability\n  Moderate\n  7.4\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-40416</span>\n  Microsoft\n  Edge (Chromium-based) for Android Spoofing Vulnerability\n  Low\n  4.3\n  No\n  No\n  Spoofing\n \n \n \n  \n  \n  \n  \n  \n  \n  \n \n \n\n\n\n\n\n\n\n\n\n\n\n\n  \n\n\n\n\n  \n* Indicates this CVE had been released by a third party and is now being included in Microsoft releases.\n\u2020 Indicates further administrative actions are required to fully address the vulnerability.\n \nLooking at the other Critical-rated bugs in this month\u2019s release, there are quite a few scary-looking bugs (including a CVSS 10!), but there\u2019s no action for the end user as Microsoft has already mitigated these bugs and is just now documenting them. There\u2019s also this month\u2019s crop of Office bugs where the Preview Pane is an attack vector. However, the bug in Office for Android does not have the Preview Pane vector; it\u2019s simple open and own. The bug in the WiFi driver needs a network adjacent attacker. The SharePoint bug requires authentication, but anyone with site privileges has the authentication needed. The bug in SSO Plugin for Jira & Confluence should really be called an authentication bypass, since it allows an unauthenticated attacker to gain access to a system.\nLooking at the other code execution bugs, most are of the open and own variety as expected. The bug in Dynamic 365 (On Prem) requires high privileges. The Message Queueing bug requires an adjacent attacker. The bug in SQL Server requires authentication, but as usual, patching won\u2019t be straightforward. Finally, there\u2019s a bug in the kernel that leads to code execution. Most kernel bugs are privilege escalations, but this one could allow code execution if an attacker sends specially crafted NVMe over Fabrics (NVMe\u2011oF) response messages during the connection handshake process that contains an invalid header length value. Neat.\nAs usual, the vast majority of the Microsoft release fixes Elevation of Privilege (EoP) bugs. Also as usual, most simply lead to local attackers executing their code at SYSTEM-level privileges or administrative privileges, so there\u2019s not much to add without further technical details about the bugs themselves. There are also a few bugs that just state the attacker could \u201cgain ELEVATED privileges.\u201d How obtuse. The bugs in Azure allow an attacker to access data otherwise hidden from them. The Edge bug allows threat actors to elevate to the privileges of the running application. The bug in Visual Studio allows attackers to get permissions associated with the MCP Server\u2019s managed identity. Finally, there are a couple of sandbox escapes, too, which are always useful.\nThis month's update includes six Security Feature Bypass vulnerabilities. The most severe is in the Azure SDK for Java (CVSS 9.1). An attacker over the network can bypass the integrity protection provided by authentication tags on encrypted data, effectively manipulating encrypted input in a way that slips past integrity checks during decryption.  Close behind is the bypass affecting the GitHub Copilot integration in Visual Studio Code (CWE-74). This one requires a user interaction, but it allows an attacker to circumvent the path validation safeguards that normally control which files Copilot is permitted to modify. The other Visual Studio Code bypass involves cross-site scripting, improper link resolution, and information exposure triggered when a user opens or views a maliciously crafted notebook.  On the Windows networking side there are two bypasses. The first hits the Windows TCP/IP driver via an authentication bypass using an alternate channel. The other impacts the Windows Filtering Platform through improper access control, allowing a local, low-privileged attacker to bypass FQDN-based network security rules. Finally, there\u2019s a Secure Boot bypass that, you guessed it, bypasses secure boot features.\nMoving on to the Information Disclosure bugs fixed this month, we have 15 different CVEs. As usual, the majority of these simply result in info leaks consisting of unspecified memory contents or memory addresses. The bug in Power Automate could expose data marked \u201cSensitive\u201d within Power Automate Desktop flows. One of the Word bugs could disclose NLTM hashes. The bug in Edge could disclose your cookies, which seems rude. The bug in Visual Studio could expose file path information. Finally, there\u2019s a bug in Telnet for Windows 11 that leaks information being used by Telnet at the time. I didn\u2019t even realize Windows 11 still had a telnet client.\nThe May release contains 10 spoofing bugs (plus the ones already addressed by Microsoft). The bug in Azure Machine Learning Notebooks vulnerability requires user interaction, but it could expose info through the Azure ML web interface to the attacker. There\u2019s a cluster of fixes for Microsoft's mobile Office suite on Android. Excel, Word, and PowerPoint for Android all carry spoofing flaws rooted in improper access control. Two Copilot products are also affected by spoofing vulns. The M365 Copilot for Desktop has no details provided. The M365 Copilot for Android variant requires low privileges and producing only limited impact on confidentiality and integrity. Microsoft Teams for Android rounds out the mobile app spoofing bugs. Three Edge bugs close things out, all involving misrepresentation of information in the browser UI. \nThere are two Tampering bugs in this month\u2019s release. The one in .NET Core allows threat actors to write files to an affected system. The other is in Outlook for iOS and manifests as a command injection bug.\nThere are eight DoS bugs in the May release, but as always, Microsoft provides little to no actionable information about the vulnerabilities. The most interesting from a practical standpoint are two TCP/IP bugs that allow a low-privilege Hyper-V guest to crash the host. Both are triggered from the adjacent network. On the broader network-exposure side, the ASP.NET Core bug is a straightforward infinite loop condition \u2014 an unauthenticated attacker sends a crafted request over the network and the server stops responding.\nNo new advisories are being released this month.\nLooking Ahead\nAssuming I survive Pwn2Own Berlin (which is looking iffy at the moment), I\u2019ll return on June 9th on what will hopefully be a smaller release than this one. Until then, stay safe, happy patching, and may all your reboots be smooth and clean!", "creation_timestamp": "2026-05-12T16:38:43.000000Z"}, {"uuid": "f3e4e00a-e1f6-4dfd-aa55-93b4daf09160", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42891", "type": "seen", "source": "https://www.thezdi.com/blog/2026/5/12/the-may-2026-security-update-review", "content": "I\u2019m currently in Berlin helping set up for Pwn2Own Berlin, but that doesn\u2019t stop Patch Tuesday from coming, and it\u2019s another big one. At least nothing is listed as being in the wild \u2013 for now. Take a break from your regularly scheduled activities and let\u2019s take a look at the latest security patches from Adobe and Microsoft. Due to technical difficulties, there will not be a video companion for this month.\nAdobe Patches for May 2026\nFor May, Adobe released 10 bulletins addressing 52 unique CVEs in Adobe Commerce, After Effects, Adobe Connect, Illustrator, Media Encoder, Premiere Pro, Substance 3D Painter, Substance 3D Sampler, Content Authenticity SDK, and the Adobe Substance 3D Designer. Here\u2019s this month\u2019s overview table:\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n  \n  \n\n\n\n\n  \n    \n\n\n\n<colgroup>\n  <col />\n  <col />\n  <col />\n  <col />\n  <col />\n  <col />\n  <col />\n</colgroup>\n\n<tfoot>\n  \n</tfoot>\n\n\n  \n    Bulletin ID\n    Product\n    CVE Count\n    Highest Severity\n    Highest CVSS\n    Exploited\n    Deployment Priority\n  \n\n\n  \n    APSB26-49\n    Adobe Commerce\n    15\n    Critical\n    8.7\n    No\n    2\n  \n  \n    APSB26-48\n    Adobe After Effects\n    4\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-50\n    Adobe Connect\n    2\n    Critical\n    9.6\n    No\n    3\n  \n  \n    APSB26-51\n    Adobe Illustrator\n    4\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-47\n    Adobe Media Encoder\n    2\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-46\n    Adobe Premiere Pro\n    3\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-55\n    Adobe Substance 3D Painter\n    2\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-54\n    Adobe Substance 3D Sampler\n    1\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-53\n    Content Authenticity SDK\n    14\n    Critical\n    7.5\n    No\n    3\n  \n  \n    APSB26-52\n    Adobe Substance 3D Designer\n    5\n    Important\n    6.3\n    No\n    3\n  \n\n    TOTAL\n    10 bulletins\n    52\n    \n    \n    \n    \n  \n\n\n\n  \n\n\n\n\n  \nThe obvious priority this month is the patch for Commerce, with its 15 bugs and deployment priority of 2. The Connect fix should also rank up there since both of its CVEs are CVSS 9s. Beyond those, it\u2019s a pretty typical month for Adobe, with most of the bugs either being cross-site scripting (XSS) or open-and-own code executions.\nMicrosoft Patches for May 2026\nThis month, Microsoft released a whopping 138 new CVEs in Windows and Windows components, Office and Office Components, Microsoft Edge (Chromium-based), Azure, .NET and Visual Studio, Copilot Chat, Github Copilot, M365 Copilot, SQL Server, TCP/IP, and the Telnet Client \u2013 yes, the Telnet client. Two of these bugs were reported through the TrendAI ZDI program. 30 of these bugs are rated Critical, three are rated as Moderate, one is rated Low, and the rest are rated Important in severity.\nThis large volume of fixes follows the largest monthly release in Microsoft\u2019s history and reflects the trend across the industry of a high number of submissions. While not all of these bugs were found by AI, it\u2019s likely they had an AI-related component \u2013 even if it was just AI writing the submission. I should also point out the Pwn2Own Berlin occurs in just a few days, and it\u2019s typical for vendors to patch as much as they can before the event.\nNone of the bugs patched by Microsoft this month are listed as publicly known or under active attack at the time of release, so we\u2019ve got that going for us. Let\u2019s take a closer look at some of the more interesting updates for this month, starting with a nasty-looking bug in DNS:\n-    CVE-2026-41096 - Windows DNS Client Remote Code Execution VulnerabilityThis patch fixes a heap-based buffer overflow in the DNS Client triggered by a malicious DNS response. No authentication or user interaction needed, and since the DNS Client runs on virtually every Windows machine, the attack surface is enormous. An attacker with a position to influence DNS responses (MitM, rogue server) could achieve unauthenticated RCE across your enterprise.\n-    CVE-2026-41089 - Windows Netlogon Remote Code Execution VulnerabilityThis update covers another CVSS 9.8 bug, which is a stack-based buffer overflow that lets an unauthenticated remote attacker execute code on a domain controller by sending a specially crafted network request \u2014 no credentials, no user interaction required. Yup \u2013 that makes it wormable. This is the highest-impact bug that requires immediate patching: a compromised domain controller is a compromised domain.\n-    CVE-2026-42898 - Microsoft Dynamics 365 On-Premises Remote Code Execution VulnerabilityThis bug rates a CVSS 9.9(!) and represents a code injection in Dynamics 365. It allows any authenticated user to execute code with a scope change, meaning exploitation can break out and affect resources beyond the vulnerable component itself. Scope changes are pretty rare, so if you\u2019re running Dynamics 365 On-Prem, definitely test and deploy this patch quickly.\n-    CVE-2026-40415 - Windows TCP/IP Remote Code Execution VulnerabilityThis bug in the TCP/IP stack results from a use-after-free (UAF) and could allow a remote, unauthenticated threat actor to execute code without user interaction. That makes this another wormable bug. However, this one is much less likely to be exploited. The target needs to be under sustained low-memory (memory pressure) conditions, which is pretty rare. Still, no need to tempt fate here. Test and deploy this one quickly.\nHere\u2019s the full list of CVEs released by Microsoft for May 2026:\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n  \n  \n\n\n\n\n  \n    \n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n <col width=\"144\" />\n <col width=\"256\" />\n <col span=\"5\" width=\"104\" />\n \n\n  CVE\n  Title\n  Severity\n  CVSS\n  Public\n  Exploited\n  Type\n \n \n  <span>CVE-2026-35435</span>\n  Azure AI Foundry\n  Elevation of Privilege Vulnerability\n  Critical\n  8.6\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35428</span>\n  Azure Cloud Shell\n  Spoofing Vulnerability\n  Critical\n  9.6\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-42826</span>\n  Azure DevOps\n  Information Disclosure Vulnerability\n  Critical\n  10\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-32207</span>\n  Azure Machine Learning\n  Notebook Spoofing Vulnerability\n  Critical\n  8.8\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-33109</span>\n  Azure Managed Instance\n  for Apache Cassandra Remote Code Execution Vulnerability\n  Critical\n  9.9\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-33844</span>\n  Azure Managed Instance\n  for Apache Cassandra Remote Code Execution Vulnerability\n  Critical\n  9\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-41105</span>\n  Azure Monitor Action\n  Group Notification System Elevation of Privilege Vulnerability\n  Critical\n  8.1\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33111</span>\n  Copilot Chat\n  (Microsoft Edge) Information Disclosure Vulnerability\n  Critical\n  7.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-26129</span>\n  M365 Copilot\n  Information Disclosure Vulnerability\n  Critical\n  7.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-26164</span>\n  M365 Copilot\n  Information Disclosure Vulnerability\n  Critical\n  7.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-33821</span>\n  Microsoft Dynamics 365\n  Customer Insights Elevation of Privilege Vulnerability\n  Critical\n  7.7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42898</span>\n  Microsoft Dynamics 365\n  On-Premises Remote Code Execution Vulnerability\n  Critical\n  9.9\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40379</span>\n  Microsoft Enterprise\n  Security Token Service (ESTS) Spoofing Vulnerability\n  Critical\n  9.3\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-40363</span>\n  Microsoft Office\n  Remote Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40358</span>\n  Microsoft Office\n  Remote Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-34327</span>\n  Microsoft Partner\n  Center Spoofing Vulnerability\n  Critical\n  8.2\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-40365</span>\n  Microsoft SharePoint\n  Server Remote Code Execution Vulnerability\n  Critical\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-41103</span>\n  Microsoft SSO Plugin\n  for Jira & Confluence Elevation of Privilege Vulnerability\n  Critical\n  9.1\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33823</span>\n  Microsoft Team Events\n  Portal Information Disclosure Vulnerability\n  Critical\n  9.6\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-40364</span>\n  Microsoft Word Remote\n  Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40366</span>\n  Microsoft Word Remote\n  Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40361</span>\n  Microsoft Word Remote\n  Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40367</span>\n  Microsoft Word Remote\n  Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-42831</span>\n  Office for Android\n  Remote Code Execution Vulnerability\n  Critical\n  7.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-41096</span>\n  Windows DNS Client\n  Remote Code Execution Vulnerability\n  Critical\n  9.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-35421</span>\n  Windows GDI Remote\n  Code Execution Vulnerability\n  Critical\n  7.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40403</span>\n  Windows Graphics\n  Component Remote Code Execution Vulnerability\n  Critical\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40402</span>\n  Windows Hyper-V\n  Elevation of Privilege Vulnerability\n  Critical\n  9.3\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-32161</span>\n  Windows Native WiFi\n  Miniport Driver Remote Code Execution Vulnerability\n  Critical\n  7.5\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-41089</span>\n  Windows Netlogon\n  Remote Code Execution Vulnerability\n  Critical\n  9.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-32175</span>\n  .NET Core Tampering\n  Vulnerability\n  Important\n  4.3\n  No\n  No\n  Tampering\n \n \n  <span>CVE-2026-32177</span>\n  .NET Elevation of\n  Privilege Vulnerability\n  Important\n  7.3\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35433</span>\n  .NET Elevation of\n  Privilege Vulnerability\n  Important\n  7.3\n  No\n  No\n  EoP\n \n \n  <span>CVE-2025-54518 *</span>\n  AMD: CVE-2025-54518\n  CPU OP Cache Corruption\n  Important\n  \n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-42899</span>\n  ASP.NET Core Denial of\n  Service Vulnerability\n  Important\n  7.5\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-40381</span>\n  Azure Connected\n  Machine Agent Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42823 \u2020</span>\n  Azure Logic Apps\n  Elevation of Privilege Vulnerability\n  Important\n  9.9\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33833</span>\n  Azure Machine Learning\n  Notebook Spoofing Vulnerability\n  Important\n  8.2\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-32204</span>\n  Azure Monitor Agent\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42830</span>\n  Azure Monitor Agent\n  Metrics Extension Elevation of Privilege Vulnerability\n  Important\n  6.5\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33117</span>\n  Azure SDK for Java\n  Security Feature Bypass Vulnerability\n  Important\n  9.1\n  No\n  No\n  SFB\n \n \n  <span>CVE-2026-41109</span>\n  GitHub Copilot and\n  Visual Studio Code Security Feature Bypass Vulnerability\n  Important\n  8.8\n  No\n  No\n  SFB\n \n \n  <span>CVE-2026-35424</span>\n  Internet Key Exchange\n  (IKE) Protocol Denial of Service Vulnerability\n  Important\n  7.5\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-41614</span>\n  M365 Copilot for\n  Desktop Spoofing Vulnerability\n  Important\n  6.2\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-41100</span>\n  Microsoft 365 Copilot\n  for Android Spoofing Vulnerability\n  Important\n  4.4\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-40377</span>\n  Microsoft\n  Cryptographic Services Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-41094</span>\n  Microsoft Data\n  Formulator Remote Code Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40417</span>\n  Microsoft Dynamics 365\n  Business Central Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42833</span>\n  Microsoft Dynamics 365\n  On-Premises Remote Code Execution Vulnerability\n  Important\n  9.1\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-42838</span>\n  Microsoft Edge\n  (Chromium-based) Elevation of Privilege Vulnerability\n  Important\n  5.4\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40360</span>\n  Microsoft Excel\n  Information Disclosure Vulnerability\n  Important\n  7.8\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-40359</span>\n  Microsoft Excel Remote\n  Code Execution Vulnerability\n  Important\n  7.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40362</span>\n  Microsoft Excel Remote\n  Code Execution Vulnerability\n  Important\n  7.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-42832</span>\n  Microsoft Excel\n  Spoofing Vulnerability\n  Important\n  7.7\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-34329</span>\n  Microsoft Message\n  Queuing (MSMQ) Remote Code Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40419</span>\n  Microsoft Office\n  Click-To-Run Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40418</span>\n  Microsoft Office\n  Click-To-Run Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35436</span>\n  Microsoft Office\n  Click-To-Run Elevation of Privilege Vulnerability\n  Important\n  8.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40420</span>\n  Microsoft Office\n  Click-To-Run Elevation of Privilege Vulnerability\n  Important\n  8.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42893</span>\n  Microsoft Outlook for\n  iOS Tampering Vulnerability\n  Important\n  7.4\n  No\n  No\n  Tampering\n \n \n  <span>CVE-2026-40374</span>\n  Microsoft Power\n  Automate Desktop Information Disclosure Vulnerability\n  Important\n  6.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-41102</span>\n  Microsoft PowerPoint\n  for Android Spoofing Vulnerability\n  Important\n  7.1\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-35439</span>\n  Microsoft SharePoint\n  Server Remote Code Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40368</span>\n  Microsoft SharePoint\n  Server Remote Code Execution Vulnerability\n  Important\n  8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-33110</span>\n  Microsoft SharePoint\n  Server Remote Code Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-33112</span>\n  Microsoft SharePoint\n  Server Remote Code Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40357</span>\n  Microsoft SharePoint\n  Server Remote Code Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-32185</span>\n  Microsoft Teams\n  Spoofing Vulnerability\n  Important\n  5.5\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-41101</span>\n  Microsoft Word for\n  Android Spoofing Vulnerability\n  Important\n  7.1\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-35440</span>\n  Microsoft Word\n  Information Disclosure Vulnerability\n  Important\n  5.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-40421</span>\n  Microsoft Word\n  Information Disclosure Vulnerability\n  Important\n  4.3\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-41097</span>\n  Secure Boot Security\n  Feature Bypass Vulnerability\n  Important\n  6.7\n  No\n  No\n  SFB\n \n \n  <span>CVE-2026-40370 \u2020</span>\n  SQL Server Remote Code\n  Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-41613</span>\n  Visual Studio Code\n  Elevation of Privilege Vulnerability\n  Important\n  8.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-41612</span>\n  Visual Studio Code\n  Information Disclosure Vulnerability\n  Important\n  5.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-41611</span>\n  Visual Studio Code\n  Remote Code Execution Vulnerability\n  Important\n  7.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-41610</span>\n  Visual Studio Code\n  Security Feature Bypass Vulnerability\n  Important\n  6.3\n  No\n  No\n  SFB\n \n \n  <span>CVE-2026-33839</span>\n  Win32k Elevation of\n  Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33840</span>\n  Win32k Elevation of\n  Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34330</span>\n  Win32k Elevation of\n  Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34331</span>\n  Win32k Elevation of\n  Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35423</span>\n  Windows 11 Telnet\n  Client Information Disclosure Vulnerability\n  Important\n  5.4\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-35438</span>\n  Windows Admin Center\n  Elevation of Privilege Vulnerability\n  Important\n  8.3\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-41086</span>\n  Windows Admin Center\n  in Azure Portal Elevation of Privilege Vulnerability\n  Important\n  8.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34344</span>\n  Windows Ancillary\n  Function Driver for WinSock Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34345</span>\n  Windows Ancillary\n  Function Driver for WinSock Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35416</span>\n  Windows Ancillary\n  Function Driver for WinSock Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-41088</span>\n  Windows Ancillary\n  Function Driver for WinSock Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34343</span>\n  Windows Application\n  Identity (AppID) Subsystem Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35418</span>\n  Windows Cloud Files\n  Mini Filter Driver Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33835</span>\n  Windows Cloud Files\n  Mini Filter Driver Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34337</span>\n  Windows Cloud Files\n  Mini Filter Driver Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40407</span>\n  Windows Common Log\n  File System Driver Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40397</span>\n  Windows Common Log\n  File System Driver Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42896</span>\n  Windows DWM Core\n  Library Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35419</span>\n  Windows DWM Core\n  Library Information Disclosure<span> \n  </span>Vulnerability\n  Important\n  5.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-34336</span>\n  Windows DWM Core\n  Library Information Disclosure<span> \n  </span>Vulnerability\n  Important\n  7.8\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-33834</span>\n  Windows Event Logging\n  Service Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-32209</span>\n  Windows Filtering\n  Platform (WFP) Security Feature Bypass Vulnerability\n  Important\n  4.4\n  No\n  No\n  SFB\n \n \n  <span>CVE-2026-33841</span>\n  Windows Kernel\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35420</span>\n  Windows Kernel\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40369</span>\n  Windows Kernel\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34332</span>\n  Windows Kernel-Mode\n  Driver Remote Code Execution Vulnerability\n  Important\n  8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-34339</span>\n  Windows Lightweight\n  Directory Access Protocol (LDAP) Denial of Service Vulnerability\n  Important\n  5.5\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-34341</span>\n  Windows Link-Layer\n  Discovery Protocol (LLDP) Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33838</span>\n  Windows Message\n  Queuing (MSMQ) Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34342</span>\n  Windows Print Spooler\n  Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-41095</span>\n  Windows Projected File\n  System Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34340</span>\n  Windows Projected File\n  System Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40398</span>\n  Windows Remote Desktop\n  Services Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-21530</span>\n  Windows Rich Text Edit\n  Elevation of Privilege Vulnerability\n  Important\n  6.7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-32170</span>\n  Windows Rich Text Edit\n  Elevation of Privilege Vulnerability\n  Important\n  6.7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40410</span>\n  Windows SMB Client\n  Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35415</span>\n  Windows Storage Spaces\n  Controller Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34350</span>\n  Windows Storport\n  Miniport Driver Denial of Service Vulnerability\n  Important\n  6.5\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-40405</span>\n  Windows TCP/IP Denial\n  of Service Vulnerability\n  Important\n  7.5\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-40414</span>\n  Windows TCP/IP Denial\n  of Service Vulnerability\n  Important\n  7.4\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-40401</span>\n  Windows TCP/IP Denial\n  of Service Vulnerability\n  Important\n  6.2\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-40413</span>\n  Windows TCP/IP Denial\n  of Service Vulnerability\n  Important\n  7.4\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-35422</span>\n  Windows TCP/IP Driver\n  Security Feature Bypass Vulnerability\n  Important\n  6.5\n  No\n  No\n  SFB\n \n \n  <span>CVE-2026-34351</span>\n  Windows TCP/IP\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40399</span>\n  Windows TCP/IP\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34334</span>\n  Windows TCP/IP\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40406</span>\n  Windows TCP/IP\n  Information Disclosure Vulnerability\n  Important\n  7.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-33837</span>\n  Windows TCP/IP Local\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40415</span>\n  Windows TCP/IP Remote\n  Code Execution Vulnerability\n  Important\n  8.1\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-42825</span>\n  Windows Telephony\n  Service Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34338</span>\n  Windows Telephony\n  Service Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40382</span>\n  Windows Telephony\n  Service Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40380</span>\n  Windows Volume Manager\n  Extension Driver Remote Code Execution Vulnerability\n  Important\n  6.2\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40408</span>\n  Windows WAN ARP Driver\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34333</span>\n  Windows Win32k\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34347</span>\n  Windows Win32k\n  Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35417</span>\n  Windows Win32k\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42891</span>\n  Microsoft Edge\n  (Chromium-based) for Android Spoofing Vulnerability\n  Moderate\n  6.5\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-35429</span>\n  Microsoft Edge\n  (Chromium-based) for Android Spoofing Vulnerability\n  Moderate\n  4.3\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-41107</span>\n  Microsoft Edge\n  (Chromium-based) Information Disclosure Vulnerability\n  Moderate\n  7.4\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-40416</span>\n  Microsoft\n  Edge (Chromium-based) for Android Spoofing Vulnerability\n  Low\n  4.3\n  No\n  No\n  Spoofing\n \n \n \n  \n  \n  \n  \n  \n  \n  \n \n \n\n\n\n\n\n\n\n\n\n\n\n\n  \n\n\n\n\n  \n* Indicates this CVE had been released by a third party and is now being included in Microsoft releases.\n\u2020 Indicates further administrative actions are required to fully address the vulnerability.\n \nLooking at the other Critical-rated bugs in this month\u2019s release, there are quite a few scary-looking bugs (including a CVSS 10!), but there\u2019s no action for the end user as Microsoft has already mitigated these bugs and is just now documenting them. There\u2019s also this month\u2019s crop of Office bugs where the Preview Pane is an attack vector. However, the bug in Office for Android does not have the Preview Pane vector; it\u2019s simple open and own. The bug in the WiFi driver needs a network adjacent attacker. The SharePoint bug requires authentication, but anyone with site privileges has the authentication needed. The bug in SSO Plugin for Jira & Confluence should really be called an authentication bypass, since it allows an unauthenticated attacker to gain access to a system.\nLooking at the other code execution bugs, most are of the open and own variety as expected. The bug in Dynamic 365 (On Prem) requires high privileges. The Message Queueing bug requires an adjacent attacker. The bug in SQL Server requires authentication, but as usual, patching won\u2019t be straightforward. Finally, there\u2019s a bug in the kernel that leads to code execution. Most kernel bugs are privilege escalations, but this one could allow code execution if an attacker sends specially crafted NVMe over Fabrics (NVMe\u2011oF) response messages during the connection handshake process that contains an invalid header length value. Neat.\nAs usual, the vast majority of the Microsoft release fixes Elevation of Privilege (EoP) bugs. Also as usual, most simply lead to local attackers executing their code at SYSTEM-level privileges or administrative privileges, so there\u2019s not much to add without further technical details about the bugs themselves. There are also a few bugs that just state the attacker could \u201cgain ELEVATED privileges.\u201d How obtuse. The bugs in Azure allow an attacker to access data otherwise hidden from them. The Edge bug allows threat actors to elevate to the privileges of the running application. The bug in Visual Studio allows attackers to get permissions associated with the MCP Server\u2019s managed identity. Finally, there are a couple of sandbox escapes, too, which are always useful.\nThis month's update includes six Security Feature Bypass vulnerabilities. The most severe is in the Azure SDK for Java (CVSS 9.1). An attacker over the network can bypass the integrity protection provided by authentication tags on encrypted data, effectively manipulating encrypted input in a way that slips past integrity checks during decryption.  Close behind is the bypass affecting the GitHub Copilot integration in Visual Studio Code (CWE-74). This one requires a user interaction, but it allows an attacker to circumvent the path validation safeguards that normally control which files Copilot is permitted to modify. The other Visual Studio Code bypass involves cross-site scripting, improper link resolution, and information exposure triggered when a user opens or views a maliciously crafted notebook.  On the Windows networking side there are two bypasses. The first hits the Windows TCP/IP driver via an authentication bypass using an alternate channel. The other impacts the Windows Filtering Platform through improper access control, allowing a local, low-privileged attacker to bypass FQDN-based network security rules. Finally, there\u2019s a Secure Boot bypass that, you guessed it, bypasses secure boot features.\nMoving on to the Information Disclosure bugs fixed this month, we have 15 different CVEs. As usual, the majority of these simply result in info leaks consisting of unspecified memory contents or memory addresses. The bug in Power Automate could expose data marked \u201cSensitive\u201d within Power Automate Desktop flows. One of the Word bugs could disclose NLTM hashes. The bug in Edge could disclose your cookies, which seems rude. The bug in Visual Studio could expose file path information. Finally, there\u2019s a bug in Telnet for Windows 11 that leaks information being used by Telnet at the time. I didn\u2019t even realize Windows 11 still had a telnet client.\nThe May release contains 10 spoofing bugs (plus the ones already addressed by Microsoft). The bug in Azure Machine Learning Notebooks vulnerability requires user interaction, but it could expose info through the Azure ML web interface to the attacker. There\u2019s a cluster of fixes for Microsoft's mobile Office suite on Android. Excel, Word, and PowerPoint for Android all carry spoofing flaws rooted in improper access control. Two Copilot products are also affected by spoofing vulns. The M365 Copilot for Desktop has no details provided. The M365 Copilot for Android variant requires low privileges and producing only limited impact on confidentiality and integrity. Microsoft Teams for Android rounds out the mobile app spoofing bugs. Three Edge bugs close things out, all involving misrepresentation of information in the browser UI. \nThere are two Tampering bugs in this month\u2019s release. The one in .NET Core allows threat actors to write files to an affected system. The other is in Outlook for iOS and manifests as a command injection bug.\nThere are eight DoS bugs in the May release, but as always, Microsoft provides little to no actionable information about the vulnerabilities. The most interesting from a practical standpoint are two TCP/IP bugs that allow a low-privilege Hyper-V guest to crash the host. Both are triggered from the adjacent network. On the broader network-exposure side, the ASP.NET Core bug is a straightforward infinite loop condition \u2014 an unauthenticated attacker sends a crafted request over the network and the server stops responding.\nNo new advisories are being released this month.\nLooking Ahead\nAssuming I survive Pwn2Own Berlin (which is looking iffy at the moment), I\u2019ll return on June 9th on what will hopefully be a smaller release than this one. Until then, stay safe, happy patching, and may all your reboots be smooth and clean!", "creation_timestamp": "2026-05-12T16:38:43.000000Z"}, {"uuid": "25f22919-356c-4b3e-ad8b-57effc17f673", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42893", "type": "seen", "source": "https://advisories.ncsc.nl/advisory?id=NCSC-2026-0144", "content": "Microsoft heeft kwetsbaarheden verholpen in diverse Office producten. Een kwaadwillende kan de kwetsbaarheden misbruiken om zich voor te doen als andere gebruiker, of willekeurige code uit te voeren met rechten van het slachtoffer en mogelijk toegang te krijgen tot gevoelige gegevens in de context van het slachtoffer.\n\nVoor succesvol misbruik moet de kwaadwillende het slachtoffer misleiden een malafide bestand te openen of link te volgen.\n\nDe kwetsbaarheid met kenmerk CVE-2026-33823 is reeds door Microsoft centraal verholpen en slechts toegevoegd ter informatie. Er zijn geen verdere acties benodigd voor deze kwetsbaarheid.\n\n```\nMicrosoft Teams: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-32185 | 5.50 | Voordoen als andere gebruiker       | \n| CVE-2026-33823 | 9.60 | Toegang tot gevoelige gegevens      | \n|----------------|------|-------------------------------------|\n\nMicrosoft Office PowerPoint: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-41102 | 7.10 | Voordoen als andere gebruiker       | \n|----------------|------|-------------------------------------|\n\nM365 Copilot: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-42893 | 7.40 |                 | \n|----------------|------|-------------------------------------|\n\nMicrosoft Office Word: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-35440 | 5.50 | Toegang tot gevoelige gegevens      | \n| CVE-2026-40364 | 8.40 | Uitvoeren van willekeurige code     | \n| CVE-2026-40366 | 8.40 | Uitvoeren van willekeurige code     | \n| CVE-2026-40421 | 4.30 | Toegang tot gevoelige gegevens      | \n| CVE-2026-40361 | 8.40 | Uitvoeren van willekeurige code     | \n| CVE-2026-40367 | 8.40 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nOffice for Android: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-42831 | 7.80 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nMicrosoft Office: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-40363 | 8.40 | Uitvoeren van willekeurige code     | \n| CVE-2026-40419 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-40358 | 8.40 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nMicrosoft Office SharePoint: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-35439 | 8.80 | Uitvoeren van willekeurige code     | \n| CVE-2026-40368 | 8.00 | Uitvoeren van willekeurige code     | \n| CVE-2026-33110 | 8.80 | Uitvoeren van willekeurige code     | \n| CVE-2026-33112 | 8.80 | Uitvoeren van willekeurige code     | \n| CVE-2026-40357 | 8.80 | Uitvoeren van willekeurige code     | \n| CVE-2026-40365 | 8.80 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nMicrosoft Office Excel: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-40360 | 7.80 | Toegang tot gevoelige gegevens      | \n| CVE-2026-40359 | 7.80 | Uitvoeren van willekeurige code     | \n| CVE-2026-40362 | 7.80 | Uitvoeren van willekeurige code     | \n| CVE-2026-42832 | 7.70 | Voordoen als andere gebruiker       | \n|----------------|------|-------------------------------------|\n\nMicrosoft Office Click-To-Run: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-40418 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-35436 | 8.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-40420 | 8.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n```", "creation_timestamp": "2026-05-12T15:53:28.000000Z"}, {"uuid": "94d11f5d-fc59-4ca6-91ac-220c3eb87889", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42899", "type": "seen", "source": "https://advisories.ncsc.nl/advisory?id=NCSC-2026-0143", "content": "Microsoft heeft kwetsbaarheden verholpen in diverse Developer Tools. Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorie\u00ebn schade:\n\n- Denial-of-Service (DoS)\n- Omzeilen van een beveiligingsmaatregel\n- Uitvoeren van willekeurige code (gebruikersrechten)\n- Toegang tot gevoelige gegevens\n\nDe kwetsbaarheid met kenmerk CVE-2026-42826 is centraal verholpen door Microsoft en slechts toegevoegd ter informatie. Er zijn hiervoor geen verdere acties benodigd.\n\n```\nAzure DevOps: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-42826 | 10.00 | Toegang tot gevoelige gegevens      | \n|----------------|------|-------------------------------------|\n\nVisual Studio Code: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-41610 | 6.30 | Omzeilen van beveiligingsmaatregel  | \n| CVE-2026-41611 | 7.80 | Uitvoeren van willekeurige code     | \n| CVE-2026-41612 | 5.50 | Toegang tot gevoelige gegevens      | \n| CVE-2026-41613 | 8.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nMicrosoft Data Formulator: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-41094 | 8.80 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nASP.NET Core: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-42899 | 7.50 | Denial-of-Service                   | \n|----------------|------|-------------------------------------|\n\n.NET: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-32177 | 7.30 | Denial-of-Service                   | \n| CVE-2026-35433 | 7.30 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-32175 | 4.30 |                 | \n|----------------|------|-------------------------------------|\n\nGitHub Copilot and Visual Studio: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-41109 | 8.80 | Omzeilen van beveiligingsmaatregel  | \n|----------------|------|-------------------------------------|\n```", "creation_timestamp": "2026-05-12T15:53:17.000000Z"}, {"uuid": "3d626e13-c283-423f-928f-2fb1792c23d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42896", "type": "seen", "source": "https://advisories.ncsc.nl/advisory?id=NCSC-2026-0141", "content": "Microsoft heeft kwetsbaarheden verholpen in Windows. Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorie\u00ebn schade:\n\n- Denial-of-Service (DoS)\n- Uitvoeren van willekeurige code (root/admin-rechten)\n- Uitvoeren van willekeurige code (gebruikersrechten)\n- Verkrijgen van verhoogde rechten\n- Omzeilen van een beveiligingsmaatregel\n- Toegang tot gevoelige gegevens\n\nDe ernstigste kwetsbaarheden hebben kenmerken CVE-2026-40402, CVE-2026-41089 en CVE-2026-41096 toegewezen gekregen en bevinden zich respectievelijk in Hyper-V, NETLOGON en de DNS Client. De kwetsbaarheid in Hyper-V stelt een geauthenticeerde kwaadwillende in staat om uit de Guest-VM te breken en toegang te krijgen tot geheugen van de host en mogelijk willekeurige code uit te voeren op de host. De kwetsbaarheden in NETLOGON en de DNS Client stellen een ongeauthenticeerde kwaadwillende op afstand in staat om willekeurige code uit te voeren op het kwetsbare systeem.\n\n**Met name Domain Controllers die toegankelijk zijn vanaf externe netwerken lopen een hoog risico voor actief misbruik van de kwetsbaarheid in NETLOGON.**\n\nHet verdient altijd aanbeveling om een systeem met de rol van Domain Controller niet publiek toegankelijk te hebben en, indien dit noodzakelijk is, additionele maatregelen te hebben genomen.\n\n```\nWindows Projected File System: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-34340 | 7.00 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Application Identity (AppID) Subsystem: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-34343 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nUndisclosed: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-41095 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Remote Desktop: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-40398 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nMicrosoft Windows DNS: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-41096 | 9.80 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nWindows Ancillary Function Driver for WinSock: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-34344 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-34345 | 7.00 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-35416 | 7.00 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-41088 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Kernel: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-33841 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-35420 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-40369 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Secure Boot: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-41097 | 6.70 | Omzeilen van beveiligingsmaatregel  | \n|----------------|------|-------------------------------------|\n\nWindows Native WiFi Miniport Driver: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-32161 | 7.50 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nWindows Kernel-Mode Drivers: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-40408 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-34332 | 8.00 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nTelnet Client: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-35423 | 5.40 | Toegang tot gevoelige gegevens      | \n|----------------|------|-------------------------------------|\n\nWindows Print Spooler Components: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-34342 | 7.00 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows SMB Client: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-40410 | 7.00 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Storage Spaces Controller: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-35415 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Filtering Platform (WFP): \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-32209 | 4.40 | Omzeilen van beveiligingsmaatregel  | \n|----------------|------|-------------------------------------|\n\nWindows Volume Manager Extension Driver: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-40380 | 6.20 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nWindows Cryptographic Services: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-40377 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Win32K - GRFX: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-33839 | 7.00 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-34330 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-34331 | 7.00 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-34333 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-34347 | 7.00 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-40403 | 8.80 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nWindows Admin Center: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-35438 | 8.30 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Hyper-V: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-40402 | 9.30 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Rich Text Edit Control: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-32170 | 6.70 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Event Logging Service: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-33834 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Internet Key Exchange (IKE) Protocol: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-35424 | 7.50 | Denial-of-Service                   | \n|----------------|------|-------------------------------------|\n\nWindows Netlogon: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-41089 | 9.80 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nWindows Storport Miniport Driver: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-34350 | 6.50 | Denial-of-Service                   | \n|----------------|------|-------------------------------------|\n\nWindows Common Log File System Driver: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-40407 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-40397 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Cloud Files Mini Filter Driver: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-35418 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-33835 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-34337 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Win32K - ICOMP: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-33840 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-35417 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows GDI: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-35421 | 7.80 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nWindows Rich Text Edit: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-21530 | 6.70 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows TCP/IP: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-34351 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-35422 | 6.50 | Omzeilen van beveiligingsmaatregel  | \n| CVE-2026-40399 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-40405 | 7.50 | Denial-of-Service                   | \n| CVE-2026-40406 | 7.50 | Toegang tot gevoelige gegevens      | \n| CVE-2026-40414 | 7.40 | Denial-of-Service                   | \n| CVE-2026-40415 | 8.10 | Uitvoeren van willekeurige code     | \n| CVE-2026-33837 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-34334 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-40401 | 6.20 | Denial-of-Service                   | \n| CVE-2026-40413 | 7.40 | Denial-of-Service                   | \n|----------------|------|-------------------------------------|\n\nWindows LDAP - Lightweight Directory Access Protocol: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-34339 | 5.50 | Denial-of-Service                   | \n|----------------|------|-------------------------------------|\n\nWindows Telephony Service: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-42825 | 7.00 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-34338 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-40382 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Message Queuing: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-34329 | 8.80 | Uitvoeren van willekeurige code     | \n| CVE-2026-33838 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows DWM Core Library: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-35419 | 5.50 | Toegang tot gevoelige gegevens      | \n| CVE-2026-42896 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-34336 | 7.80 | Toegang tot gevoelige gegevens      | \n|----------------|------|-------------------------------------|\n\nWindows Link-Layer Discovery Protocol (LLDP): \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-34341 | 7.00 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\n```", "creation_timestamp": "2026-05-12T15:52:42.000000Z"}, {"uuid": "55baafcf-3a60-4535-ba2c-c2f67e8becc1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42899", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3mlqjcyf55r2a", "content": "\ud83d\udd17 CVE : CVE-2026-32177, CVE-2026-42899, CVE-2026-32177, CVE-2026-42899", "creation_timestamp": "2026-05-13T14:30:33.562522Z"}, {"uuid": "7df1be50-ba48-4e2d-8f0c-bea1460706e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42893", "type": "seen", "source": "https://www.thezdi.com/blog/2026/5/12/the-may-2026-security-update-review", "content": "I\u2019m currently in Berlin helping set up for Pwn2Own Berlin, but that doesn\u2019t stop Patch Tuesday from coming, and it\u2019s another big one. At least nothing is listed as being in the wild \u2013 for now. Take a break from your regularly scheduled activities and let\u2019s take a look at the latest security patches from Adobe and Microsoft. Due to technical difficulties, there will not be a video companion for this month.\nAdobe Patches for May 2026\nFor May, Adobe released 10 bulletins addressing 52 unique CVEs in Adobe Commerce, After Effects, Adobe Connect, Illustrator, Media Encoder, Premiere Pro, Substance 3D Painter, Substance 3D Sampler, Content Authenticity SDK, and the Adobe Substance 3D Designer. Here\u2019s this month\u2019s overview table:\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n  \n  \n\n\n\n\n  \n    \n\n\n\n<colgroup>\n  <col />\n  <col />\n  <col />\n  <col />\n  <col />\n  <col />\n  <col />\n</colgroup>\n\n<tfoot>\n  \n</tfoot>\n\n\n  \n    Bulletin ID\n    Product\n    CVE Count\n    Highest Severity\n    Highest CVSS\n    Exploited\n    Deployment Priority\n  \n\n\n  \n    APSB26-49\n    Adobe Commerce\n    15\n    Critical\n    8.7\n    No\n    2\n  \n  \n    APSB26-48\n    Adobe After Effects\n    4\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-50\n    Adobe Connect\n    2\n    Critical\n    9.6\n    No\n    3\n  \n  \n    APSB26-51\n    Adobe Illustrator\n    4\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-47\n    Adobe Media Encoder\n    2\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-46\n    Adobe Premiere Pro\n    3\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-55\n    Adobe Substance 3D Painter\n    2\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-54\n    Adobe Substance 3D Sampler\n    1\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-53\n    Content Authenticity SDK\n    14\n    Critical\n    7.5\n    No\n    3\n  \n  \n    APSB26-52\n    Adobe Substance 3D Designer\n    5\n    Important\n    6.3\n    No\n    3\n  \n\n    TOTAL\n    10 bulletins\n    52\n    \n    \n    \n    \n  \n\n\n\n  \n\n\n\n\n  \nThe obvious priority this month is the patch for Commerce, with its 15 bugs and deployment priority of 2. The Connect fix should also rank up there since both of its CVEs are CVSS 9s. Beyond those, it\u2019s a pretty typical month for Adobe, with most of the bugs either being cross-site scripting (XSS) or open-and-own code executions.\nMicrosoft Patches for May 2026\nThis month, Microsoft released a whopping 138 new CVEs in Windows and Windows components, Office and Office Components, Microsoft Edge (Chromium-based), Azure, .NET and Visual Studio, Copilot Chat, Github Copilot, M365 Copilot, SQL Server, TCP/IP, and the Telnet Client \u2013 yes, the Telnet client. Two of these bugs were reported through the TrendAI ZDI program. 30 of these bugs are rated Critical, three are rated as Moderate, one is rated Low, and the rest are rated Important in severity.\nThis large volume of fixes follows the largest monthly release in Microsoft\u2019s history and reflects the trend across the industry of a high number of submissions. While not all of these bugs were found by AI, it\u2019s likely they had an AI-related component \u2013 even if it was just AI writing the submission. I should also point out the Pwn2Own Berlin occurs in just a few days, and it\u2019s typical for vendors to patch as much as they can before the event.\nNone of the bugs patched by Microsoft this month are listed as publicly known or under active attack at the time of release, so we\u2019ve got that going for us. Let\u2019s take a closer look at some of the more interesting updates for this month, starting with a nasty-looking bug in DNS:\n-    CVE-2026-41096 - Windows DNS Client Remote Code Execution VulnerabilityThis patch fixes a heap-based buffer overflow in the DNS Client triggered by a malicious DNS response. No authentication or user interaction needed, and since the DNS Client runs on virtually every Windows machine, the attack surface is enormous. An attacker with a position to influence DNS responses (MitM, rogue server) could achieve unauthenticated RCE across your enterprise.\n-    CVE-2026-41089 - Windows Netlogon Remote Code Execution VulnerabilityThis update covers another CVSS 9.8 bug, which is a stack-based buffer overflow that lets an unauthenticated remote attacker execute code on a domain controller by sending a specially crafted network request \u2014 no credentials, no user interaction required. Yup \u2013 that makes it wormable. This is the highest-impact bug that requires immediate patching: a compromised domain controller is a compromised domain.\n-    CVE-2026-42898 - Microsoft Dynamics 365 On-Premises Remote Code Execution VulnerabilityThis bug rates a CVSS 9.9(!) and represents a code injection in Dynamics 365. It allows any authenticated user to execute code with a scope change, meaning exploitation can break out and affect resources beyond the vulnerable component itself. Scope changes are pretty rare, so if you\u2019re running Dynamics 365 On-Prem, definitely test and deploy this patch quickly.\n-    CVE-2026-40415 - Windows TCP/IP Remote Code Execution VulnerabilityThis bug in the TCP/IP stack results from a use-after-free (UAF) and could allow a remote, unauthenticated threat actor to execute code without user interaction. That makes this another wormable bug. However, this one is much less likely to be exploited. The target needs to be under sustained low-memory (memory pressure) conditions, which is pretty rare. Still, no need to tempt fate here. Test and deploy this one quickly.\nHere\u2019s the full list of CVEs released by Microsoft for May 2026:\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n  \n  \n\n\n\n\n  \n    \n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n <col width=\"144\" />\n <col width=\"256\" />\n <col span=\"5\" width=\"104\" />\n \n\n  CVE\n  Title\n  Severity\n  CVSS\n  Public\n  Exploited\n  Type\n \n \n  <span>CVE-2026-35435</span>\n  Azure AI Foundry\n  Elevation of Privilege Vulnerability\n  Critical\n  8.6\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35428</span>\n  Azure Cloud Shell\n  Spoofing Vulnerability\n  Critical\n  9.6\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-42826</span>\n  Azure DevOps\n  Information Disclosure Vulnerability\n  Critical\n  10\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-32207</span>\n  Azure Machine Learning\n  Notebook Spoofing Vulnerability\n  Critical\n  8.8\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-33109</span>\n  Azure Managed Instance\n  for Apache Cassandra Remote Code Execution Vulnerability\n  Critical\n  9.9\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-33844</span>\n  Azure Managed Instance\n  for Apache Cassandra Remote Code Execution Vulnerability\n  Critical\n  9\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-41105</span>\n  Azure Monitor Action\n  Group Notification System Elevation of Privilege Vulnerability\n  Critical\n  8.1\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33111</span>\n  Copilot Chat\n  (Microsoft Edge) Information Disclosure Vulnerability\n  Critical\n  7.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-26129</span>\n  M365 Copilot\n  Information Disclosure Vulnerability\n  Critical\n  7.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-26164</span>\n  M365 Copilot\n  Information Disclosure Vulnerability\n  Critical\n  7.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-33821</span>\n  Microsoft Dynamics 365\n  Customer Insights Elevation of Privilege Vulnerability\n  Critical\n  7.7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42898</span>\n  Microsoft Dynamics 365\n  On-Premises Remote Code Execution Vulnerability\n  Critical\n  9.9\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40379</span>\n  Microsoft Enterprise\n  Security Token Service (ESTS) Spoofing Vulnerability\n  Critical\n  9.3\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-40363</span>\n  Microsoft Office\n  Remote Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40358</span>\n  Microsoft Office\n  Remote Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-34327</span>\n  Microsoft Partner\n  Center Spoofing Vulnerability\n  Critical\n  8.2\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-40365</span>\n  Microsoft SharePoint\n  Server Remote Code Execution Vulnerability\n  Critical\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-41103</span>\n  Microsoft SSO Plugin\n  for Jira & Confluence Elevation of Privilege Vulnerability\n  Critical\n  9.1\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33823</span>\n  Microsoft Team Events\n  Portal Information Disclosure Vulnerability\n  Critical\n  9.6\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-40364</span>\n  Microsoft Word Remote\n  Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40366</span>\n  Microsoft Word Remote\n  Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40361</span>\n  Microsoft Word Remote\n  Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40367</span>\n  Microsoft Word Remote\n  Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-42831</span>\n  Office for Android\n  Remote Code Execution Vulnerability\n  Critical\n  7.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-41096</span>\n  Windows DNS Client\n  Remote Code Execution Vulnerability\n  Critical\n  9.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-35421</span>\n  Windows GDI Remote\n  Code Execution Vulnerability\n  Critical\n  7.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40403</span>\n  Windows Graphics\n  Component Remote Code Execution Vulnerability\n  Critical\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40402</span>\n  Windows Hyper-V\n  Elevation of Privilege Vulnerability\n  Critical\n  9.3\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-32161</span>\n  Windows Native WiFi\n  Miniport Driver Remote Code Execution Vulnerability\n  Critical\n  7.5\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-41089</span>\n  Windows Netlogon\n  Remote Code Execution Vulnerability\n  Critical\n  9.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-32175</span>\n  .NET Core Tampering\n  Vulnerability\n  Important\n  4.3\n  No\n  No\n  Tampering\n \n \n  <span>CVE-2026-32177</span>\n  .NET Elevation of\n  Privilege Vulnerability\n  Important\n  7.3\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35433</span>\n  .NET Elevation of\n  Privilege Vulnerability\n  Important\n  7.3\n  No\n  No\n  EoP\n \n \n  <span>CVE-2025-54518 *</span>\n  AMD: CVE-2025-54518\n  CPU OP Cache Corruption\n  Important\n  \n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-42899</span>\n  ASP.NET Core Denial of\n  Service Vulnerability\n  Important\n  7.5\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-40381</span>\n  Azure Connected\n  Machine Agent Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42823 \u2020</span>\n  Azure Logic Apps\n  Elevation of Privilege Vulnerability\n  Important\n  9.9\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33833</span>\n  Azure Machine Learning\n  Notebook Spoofing Vulnerability\n  Important\n  8.2\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-32204</span>\n  Azure Monitor Agent\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42830</span>\n  Azure Monitor Agent\n  Metrics Extension Elevation of Privilege Vulnerability\n  Important\n  6.5\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33117</span>\n  Azure SDK for Java\n  Security Feature Bypass Vulnerability\n  Important\n  9.1\n  No\n  No\n  SFB\n \n \n  <span>CVE-2026-41109</span>\n  GitHub Copilot and\n  Visual Studio Code Security Feature Bypass Vulnerability\n  Important\n  8.8\n  No\n  No\n  SFB\n \n \n  <span>CVE-2026-35424</span>\n  Internet Key Exchange\n  (IKE) Protocol Denial of Service Vulnerability\n  Important\n  7.5\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-41614</span>\n  M365 Copilot for\n  Desktop Spoofing Vulnerability\n  Important\n  6.2\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-41100</span>\n  Microsoft 365 Copilot\n  for Android Spoofing Vulnerability\n  Important\n  4.4\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-40377</span>\n  Microsoft\n  Cryptographic Services Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-41094</span>\n  Microsoft Data\n  Formulator Remote Code Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40417</span>\n  Microsoft Dynamics 365\n  Business Central Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42833</span>\n  Microsoft Dynamics 365\n  On-Premises Remote Code Execution Vulnerability\n  Important\n  9.1\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-42838</span>\n  Microsoft Edge\n  (Chromium-based) Elevation of Privilege Vulnerability\n  Important\n  5.4\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40360</span>\n  Microsoft Excel\n  Information Disclosure Vulnerability\n  Important\n  7.8\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-40359</span>\n  Microsoft Excel Remote\n  Code Execution Vulnerability\n  Important\n  7.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40362</span>\n  Microsoft Excel Remote\n  Code Execution Vulnerability\n  Important\n  7.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-42832</span>\n  Microsoft Excel\n  Spoofing Vulnerability\n  Important\n  7.7\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-34329</span>\n  Microsoft Message\n  Queuing (MSMQ) Remote Code Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40419</span>\n  Microsoft Office\n  Click-To-Run Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40418</span>\n  Microsoft Office\n  Click-To-Run Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35436</span>\n  Microsoft Office\n  Click-To-Run Elevation of Privilege Vulnerability\n  Important\n  8.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40420</span>\n  Microsoft Office\n  Click-To-Run Elevation of Privilege Vulnerability\n  Important\n  8.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42893</span>\n  Microsoft Outlook for\n  iOS Tampering Vulnerability\n  Important\n  7.4\n  No\n  No\n  Tampering\n \n \n  <span>CVE-2026-40374</span>\n  Microsoft Power\n  Automate Desktop Information Disclosure Vulnerability\n  Important\n  6.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-41102</span>\n  Microsoft PowerPoint\n  for Android Spoofing Vulnerability\n  Important\n  7.1\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-35439</span>\n  Microsoft SharePoint\n  Server Remote Code Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40368</span>\n  Microsoft SharePoint\n  Server Remote Code Execution Vulnerability\n  Important\n  8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-33110</span>\n  Microsoft SharePoint\n  Server Remote Code Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-33112</span>\n  Microsoft SharePoint\n  Server Remote Code Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40357</span>\n  Microsoft SharePoint\n  Server Remote Code Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-32185</span>\n  Microsoft Teams\n  Spoofing Vulnerability\n  Important\n  5.5\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-41101</span>\n  Microsoft Word for\n  Android Spoofing Vulnerability\n  Important\n  7.1\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-35440</span>\n  Microsoft Word\n  Information Disclosure Vulnerability\n  Important\n  5.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-40421</span>\n  Microsoft Word\n  Information Disclosure Vulnerability\n  Important\n  4.3\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-41097</span>\n  Secure Boot Security\n  Feature Bypass Vulnerability\n  Important\n  6.7\n  No\n  No\n  SFB\n \n \n  <span>CVE-2026-40370 \u2020</span>\n  SQL Server Remote Code\n  Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-41613</span>\n  Visual Studio Code\n  Elevation of Privilege Vulnerability\n  Important\n  8.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-41612</span>\n  Visual Studio Code\n  Information Disclosure Vulnerability\n  Important\n  5.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-41611</span>\n  Visual Studio Code\n  Remote Code Execution Vulnerability\n  Important\n  7.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-41610</span>\n  Visual Studio Code\n  Security Feature Bypass Vulnerability\n  Important\n  6.3\n  No\n  No\n  SFB\n \n \n  <span>CVE-2026-33839</span>\n  Win32k Elevation of\n  Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33840</span>\n  Win32k Elevation of\n  Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34330</span>\n  Win32k Elevation of\n  Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34331</span>\n  Win32k Elevation of\n  Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35423</span>\n  Windows 11 Telnet\n  Client Information Disclosure Vulnerability\n  Important\n  5.4\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-35438</span>\n  Windows Admin Center\n  Elevation of Privilege Vulnerability\n  Important\n  8.3\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-41086</span>\n  Windows Admin Center\n  in Azure Portal Elevation of Privilege Vulnerability\n  Important\n  8.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34344</span>\n  Windows Ancillary\n  Function Driver for WinSock Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34345</span>\n  Windows Ancillary\n  Function Driver for WinSock Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35416</span>\n  Windows Ancillary\n  Function Driver for WinSock Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-41088</span>\n  Windows Ancillary\n  Function Driver for WinSock Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34343</span>\n  Windows Application\n  Identity (AppID) Subsystem Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35418</span>\n  Windows Cloud Files\n  Mini Filter Driver Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33835</span>\n  Windows Cloud Files\n  Mini Filter Driver Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34337</span>\n  Windows Cloud Files\n  Mini Filter Driver Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40407</span>\n  Windows Common Log\n  File System Driver Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40397</span>\n  Windows Common Log\n  File System Driver Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42896</span>\n  Windows DWM Core\n  Library Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35419</span>\n  Windows DWM Core\n  Library Information Disclosure<span> \n  </span>Vulnerability\n  Important\n  5.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-34336</span>\n  Windows DWM Core\n  Library Information Disclosure<span> \n  </span>Vulnerability\n  Important\n  7.8\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-33834</span>\n  Windows Event Logging\n  Service Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-32209</span>\n  Windows Filtering\n  Platform (WFP) Security Feature Bypass Vulnerability\n  Important\n  4.4\n  No\n  No\n  SFB\n \n \n  <span>CVE-2026-33841</span>\n  Windows Kernel\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35420</span>\n  Windows Kernel\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40369</span>\n  Windows Kernel\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34332</span>\n  Windows Kernel-Mode\n  Driver Remote Code Execution Vulnerability\n  Important\n  8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-34339</span>\n  Windows Lightweight\n  Directory Access Protocol (LDAP) Denial of Service Vulnerability\n  Important\n  5.5\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-34341</span>\n  Windows Link-Layer\n  Discovery Protocol (LLDP) Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33838</span>\n  Windows Message\n  Queuing (MSMQ) Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34342</span>\n  Windows Print Spooler\n  Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-41095</span>\n  Windows Projected File\n  System Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34340</span>\n  Windows Projected File\n  System Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40398</span>\n  Windows Remote Desktop\n  Services Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-21530</span>\n  Windows Rich Text Edit\n  Elevation of Privilege Vulnerability\n  Important\n  6.7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-32170</span>\n  Windows Rich Text Edit\n  Elevation of Privilege Vulnerability\n  Important\n  6.7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40410</span>\n  Windows SMB Client\n  Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35415</span>\n  Windows Storage Spaces\n  Controller Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34350</span>\n  Windows Storport\n  Miniport Driver Denial of Service Vulnerability\n  Important\n  6.5\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-40405</span>\n  Windows TCP/IP Denial\n  of Service Vulnerability\n  Important\n  7.5\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-40414</span>\n  Windows TCP/IP Denial\n  of Service Vulnerability\n  Important\n  7.4\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-40401</span>\n  Windows TCP/IP Denial\n  of Service Vulnerability\n  Important\n  6.2\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-40413</span>\n  Windows TCP/IP Denial\n  of Service Vulnerability\n  Important\n  7.4\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-35422</span>\n  Windows TCP/IP Driver\n  Security Feature Bypass Vulnerability\n  Important\n  6.5\n  No\n  No\n  SFB\n \n \n  <span>CVE-2026-34351</span>\n  Windows TCP/IP\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40399</span>\n  Windows TCP/IP\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34334</span>\n  Windows TCP/IP\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40406</span>\n  Windows TCP/IP\n  Information Disclosure Vulnerability\n  Important\n  7.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-33837</span>\n  Windows TCP/IP Local\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40415</span>\n  Windows TCP/IP Remote\n  Code Execution Vulnerability\n  Important\n  8.1\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-42825</span>\n  Windows Telephony\n  Service Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34338</span>\n  Windows Telephony\n  Service Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40382</span>\n  Windows Telephony\n  Service Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40380</span>\n  Windows Volume Manager\n  Extension Driver Remote Code Execution Vulnerability\n  Important\n  6.2\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40408</span>\n  Windows WAN ARP Driver\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34333</span>\n  Windows Win32k\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34347</span>\n  Windows Win32k\n  Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35417</span>\n  Windows Win32k\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42891</span>\n  Microsoft Edge\n  (Chromium-based) for Android Spoofing Vulnerability\n  Moderate\n  6.5\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-35429</span>\n  Microsoft Edge\n  (Chromium-based) for Android Spoofing Vulnerability\n  Moderate\n  4.3\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-41107</span>\n  Microsoft Edge\n  (Chromium-based) Information Disclosure Vulnerability\n  Moderate\n  7.4\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-40416</span>\n  Microsoft\n  Edge (Chromium-based) for Android Spoofing Vulnerability\n  Low\n  4.3\n  No\n  No\n  Spoofing\n \n \n \n  \n  \n  \n  \n  \n  \n  \n \n \n\n\n\n\n\n\n\n\n\n\n\n\n  \n\n\n\n\n  \n* Indicates this CVE had been released by a third party and is now being included in Microsoft releases.\n\u2020 Indicates further administrative actions are required to fully address the vulnerability.\n \nLooking at the other Critical-rated bugs in this month\u2019s release, there are quite a few scary-looking bugs (including a CVSS 10!), but there\u2019s no action for the end user as Microsoft has already mitigated these bugs and is just now documenting them. There\u2019s also this month\u2019s crop of Office bugs where the Preview Pane is an attack vector. However, the bug in Office for Android does not have the Preview Pane vector; it\u2019s simple open and own. The bug in the WiFi driver needs a network adjacent attacker. The SharePoint bug requires authentication, but anyone with site privileges has the authentication needed. The bug in SSO Plugin for Jira & Confluence should really be called an authentication bypass, since it allows an unauthenticated attacker to gain access to a system.\nLooking at the other code execution bugs, most are of the open and own variety as expected. The bug in Dynamic 365 (On Prem) requires high privileges. The Message Queueing bug requires an adjacent attacker. The bug in SQL Server requires authentication, but as usual, patching won\u2019t be straightforward. Finally, there\u2019s a bug in the kernel that leads to code execution. Most kernel bugs are privilege escalations, but this one could allow code execution if an attacker sends specially crafted NVMe over Fabrics (NVMe\u2011oF) response messages during the connection handshake process that contains an invalid header length value. Neat.\nAs usual, the vast majority of the Microsoft release fixes Elevation of Privilege (EoP) bugs. Also as usual, most simply lead to local attackers executing their code at SYSTEM-level privileges or administrative privileges, so there\u2019s not much to add without further technical details about the bugs themselves. There are also a few bugs that just state the attacker could \u201cgain ELEVATED privileges.\u201d How obtuse. The bugs in Azure allow an attacker to access data otherwise hidden from them. The Edge bug allows threat actors to elevate to the privileges of the running application. The bug in Visual Studio allows attackers to get permissions associated with the MCP Server\u2019s managed identity. Finally, there are a couple of sandbox escapes, too, which are always useful.\nThis month's update includes six Security Feature Bypass vulnerabilities. The most severe is in the Azure SDK for Java (CVSS 9.1). An attacker over the network can bypass the integrity protection provided by authentication tags on encrypted data, effectively manipulating encrypted input in a way that slips past integrity checks during decryption.  Close behind is the bypass affecting the GitHub Copilot integration in Visual Studio Code (CWE-74). This one requires a user interaction, but it allows an attacker to circumvent the path validation safeguards that normally control which files Copilot is permitted to modify. The other Visual Studio Code bypass involves cross-site scripting, improper link resolution, and information exposure triggered when a user opens or views a maliciously crafted notebook.  On the Windows networking side there are two bypasses. The first hits the Windows TCP/IP driver via an authentication bypass using an alternate channel. The other impacts the Windows Filtering Platform through improper access control, allowing a local, low-privileged attacker to bypass FQDN-based network security rules. Finally, there\u2019s a Secure Boot bypass that, you guessed it, bypasses secure boot features.\nMoving on to the Information Disclosure bugs fixed this month, we have 15 different CVEs. As usual, the majority of these simply result in info leaks consisting of unspecified memory contents or memory addresses. The bug in Power Automate could expose data marked \u201cSensitive\u201d within Power Automate Desktop flows. One of the Word bugs could disclose NLTM hashes. The bug in Edge could disclose your cookies, which seems rude. The bug in Visual Studio could expose file path information. Finally, there\u2019s a bug in Telnet for Windows 11 that leaks information being used by Telnet at the time. I didn\u2019t even realize Windows 11 still had a telnet client.\nThe May release contains 10 spoofing bugs (plus the ones already addressed by Microsoft). The bug in Azure Machine Learning Notebooks vulnerability requires user interaction, but it could expose info through the Azure ML web interface to the attacker. There\u2019s a cluster of fixes for Microsoft's mobile Office suite on Android. Excel, Word, and PowerPoint for Android all carry spoofing flaws rooted in improper access control. Two Copilot products are also affected by spoofing vulns. The M365 Copilot for Desktop has no details provided. The M365 Copilot for Android variant requires low privileges and producing only limited impact on confidentiality and integrity. Microsoft Teams for Android rounds out the mobile app spoofing bugs. Three Edge bugs close things out, all involving misrepresentation of information in the browser UI. \nThere are two Tampering bugs in this month\u2019s release. The one in .NET Core allows threat actors to write files to an affected system. The other is in Outlook for iOS and manifests as a command injection bug.\nThere are eight DoS bugs in the May release, but as always, Microsoft provides little to no actionable information about the vulnerabilities. The most interesting from a practical standpoint are two TCP/IP bugs that allow a low-privilege Hyper-V guest to crash the host. Both are triggered from the adjacent network. On the broader network-exposure side, the ASP.NET Core bug is a straightforward infinite loop condition \u2014 an unauthenticated attacker sends a crafted request over the network and the server stops responding.\nNo new advisories are being released this month.\nLooking Ahead\nAssuming I survive Pwn2Own Berlin (which is looking iffy at the moment), I\u2019ll return on June 9th on what will hopefully be a smaller release than this one. Until then, stay safe, happy patching, and may all your reboots be smooth and clean!", "creation_timestamp": "2026-05-12T16:38:43.000000Z"}, {"uuid": "ff4be364-6b1e-4157-a35f-07240216d757", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42896", "type": "seen", "source": "https://www.thezdi.com/blog/2026/5/12/the-may-2026-security-update-review", "content": "I\u2019m currently in Berlin helping set up for Pwn2Own Berlin, but that doesn\u2019t stop Patch Tuesday from coming, and it\u2019s another big one. At least nothing is listed as being in the wild \u2013 for now. Take a break from your regularly scheduled activities and let\u2019s take a look at the latest security patches from Adobe and Microsoft. Due to technical difficulties, there will not be a video companion for this month.\nAdobe Patches for May 2026\nFor May, Adobe released 10 bulletins addressing 52 unique CVEs in Adobe Commerce, After Effects, Adobe Connect, Illustrator, Media Encoder, Premiere Pro, Substance 3D Painter, Substance 3D Sampler, Content Authenticity SDK, and the Adobe Substance 3D Designer. Here\u2019s this month\u2019s overview table:\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n  \n  \n\n\n\n\n  \n    \n\n\n\n<colgroup>\n  <col />\n  <col />\n  <col />\n  <col />\n  <col />\n  <col />\n  <col />\n</colgroup>\n\n<tfoot>\n  \n</tfoot>\n\n\n  \n    Bulletin ID\n    Product\n    CVE Count\n    Highest Severity\n    Highest CVSS\n    Exploited\n    Deployment Priority\n  \n\n\n  \n    APSB26-49\n    Adobe Commerce\n    15\n    Critical\n    8.7\n    No\n    2\n  \n  \n    APSB26-48\n    Adobe After Effects\n    4\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-50\n    Adobe Connect\n    2\n    Critical\n    9.6\n    No\n    3\n  \n  \n    APSB26-51\n    Adobe Illustrator\n    4\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-47\n    Adobe Media Encoder\n    2\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-46\n    Adobe Premiere Pro\n    3\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-55\n    Adobe Substance 3D Painter\n    2\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-54\n    Adobe Substance 3D Sampler\n    1\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-53\n    Content Authenticity SDK\n    14\n    Critical\n    7.5\n    No\n    3\n  \n  \n    APSB26-52\n    Adobe Substance 3D Designer\n    5\n    Important\n    6.3\n    No\n    3\n  \n\n    TOTAL\n    10 bulletins\n    52\n    \n    \n    \n    \n  \n\n\n\n  \n\n\n\n\n  \nThe obvious priority this month is the patch for Commerce, with its 15 bugs and deployment priority of 2. The Connect fix should also rank up there since both of its CVEs are CVSS 9s. Beyond those, it\u2019s a pretty typical month for Adobe, with most of the bugs either being cross-site scripting (XSS) or open-and-own code executions.\nMicrosoft Patches for May 2026\nThis month, Microsoft released a whopping 138 new CVEs in Windows and Windows components, Office and Office Components, Microsoft Edge (Chromium-based), Azure, .NET and Visual Studio, Copilot Chat, Github Copilot, M365 Copilot, SQL Server, TCP/IP, and the Telnet Client \u2013 yes, the Telnet client. Two of these bugs were reported through the TrendAI ZDI program. 30 of these bugs are rated Critical, three are rated as Moderate, one is rated Low, and the rest are rated Important in severity.\nThis large volume of fixes follows the largest monthly release in Microsoft\u2019s history and reflects the trend across the industry of a high number of submissions. While not all of these bugs were found by AI, it\u2019s likely they had an AI-related component \u2013 even if it was just AI writing the submission. I should also point out the Pwn2Own Berlin occurs in just a few days, and it\u2019s typical for vendors to patch as much as they can before the event.\nNone of the bugs patched by Microsoft this month are listed as publicly known or under active attack at the time of release, so we\u2019ve got that going for us. Let\u2019s take a closer look at some of the more interesting updates for this month, starting with a nasty-looking bug in DNS:\n-    CVE-2026-41096 - Windows DNS Client Remote Code Execution VulnerabilityThis patch fixes a heap-based buffer overflow in the DNS Client triggered by a malicious DNS response. No authentication or user interaction needed, and since the DNS Client runs on virtually every Windows machine, the attack surface is enormous. An attacker with a position to influence DNS responses (MitM, rogue server) could achieve unauthenticated RCE across your enterprise.\n-    CVE-2026-41089 - Windows Netlogon Remote Code Execution VulnerabilityThis update covers another CVSS 9.8 bug, which is a stack-based buffer overflow that lets an unauthenticated remote attacker execute code on a domain controller by sending a specially crafted network request \u2014 no credentials, no user interaction required. Yup \u2013 that makes it wormable. This is the highest-impact bug that requires immediate patching: a compromised domain controller is a compromised domain.\n-    CVE-2026-42898 - Microsoft Dynamics 365 On-Premises Remote Code Execution VulnerabilityThis bug rates a CVSS 9.9(!) and represents a code injection in Dynamics 365. It allows any authenticated user to execute code with a scope change, meaning exploitation can break out and affect resources beyond the vulnerable component itself. Scope changes are pretty rare, so if you\u2019re running Dynamics 365 On-Prem, definitely test and deploy this patch quickly.\n-    CVE-2026-40415 - Windows TCP/IP Remote Code Execution VulnerabilityThis bug in the TCP/IP stack results from a use-after-free (UAF) and could allow a remote, unauthenticated threat actor to execute code without user interaction. That makes this another wormable bug. However, this one is much less likely to be exploited. The target needs to be under sustained low-memory (memory pressure) conditions, which is pretty rare. Still, no need to tempt fate here. Test and deploy this one quickly.\nHere\u2019s the full list of CVEs released by Microsoft for May 2026:\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n  \n  \n\n\n\n\n  \n    \n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n <col width=\"144\" />\n <col width=\"256\" />\n <col span=\"5\" width=\"104\" />\n \n\n  CVE\n  Title\n  Severity\n  CVSS\n  Public\n  Exploited\n  Type\n \n \n  <span>CVE-2026-35435</span>\n  Azure AI Foundry\n  Elevation of Privilege Vulnerability\n  Critical\n  8.6\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35428</span>\n  Azure Cloud Shell\n  Spoofing Vulnerability\n  Critical\n  9.6\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-42826</span>\n  Azure DevOps\n  Information Disclosure Vulnerability\n  Critical\n  10\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-32207</span>\n  Azure Machine Learning\n  Notebook Spoofing Vulnerability\n  Critical\n  8.8\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-33109</span>\n  Azure Managed Instance\n  for Apache Cassandra Remote Code Execution Vulnerability\n  Critical\n  9.9\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-33844</span>\n  Azure Managed Instance\n  for Apache Cassandra Remote Code Execution Vulnerability\n  Critical\n  9\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-41105</span>\n  Azure Monitor Action\n  Group Notification System Elevation of Privilege Vulnerability\n  Critical\n  8.1\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33111</span>\n  Copilot Chat\n  (Microsoft Edge) Information Disclosure Vulnerability\n  Critical\n  7.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-26129</span>\n  M365 Copilot\n  Information Disclosure Vulnerability\n  Critical\n  7.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-26164</span>\n  M365 Copilot\n  Information Disclosure Vulnerability\n  Critical\n  7.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-33821</span>\n  Microsoft Dynamics 365\n  Customer Insights Elevation of Privilege Vulnerability\n  Critical\n  7.7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42898</span>\n  Microsoft Dynamics 365\n  On-Premises Remote Code Execution Vulnerability\n  Critical\n  9.9\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40379</span>\n  Microsoft Enterprise\n  Security Token Service (ESTS) Spoofing Vulnerability\n  Critical\n  9.3\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-40363</span>\n  Microsoft Office\n  Remote Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40358</span>\n  Microsoft Office\n  Remote Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-34327</span>\n  Microsoft Partner\n  Center Spoofing Vulnerability\n  Critical\n  8.2\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-40365</span>\n  Microsoft SharePoint\n  Server Remote Code Execution Vulnerability\n  Critical\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-41103</span>\n  Microsoft SSO Plugin\n  for Jira & Confluence Elevation of Privilege Vulnerability\n  Critical\n  9.1\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33823</span>\n  Microsoft Team Events\n  Portal Information Disclosure Vulnerability\n  Critical\n  9.6\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-40364</span>\n  Microsoft Word Remote\n  Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40366</span>\n  Microsoft Word Remote\n  Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40361</span>\n  Microsoft Word Remote\n  Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40367</span>\n  Microsoft Word Remote\n  Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-42831</span>\n  Office for Android\n  Remote Code Execution Vulnerability\n  Critical\n  7.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-41096</span>\n  Windows DNS Client\n  Remote Code Execution Vulnerability\n  Critical\n  9.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-35421</span>\n  Windows GDI Remote\n  Code Execution Vulnerability\n  Critical\n  7.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40403</span>\n  Windows Graphics\n  Component Remote Code Execution Vulnerability\n  Critical\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40402</span>\n  Windows Hyper-V\n  Elevation of Privilege Vulnerability\n  Critical\n  9.3\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-32161</span>\n  Windows Native WiFi\n  Miniport Driver Remote Code Execution Vulnerability\n  Critical\n  7.5\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-41089</span>\n  Windows Netlogon\n  Remote Code Execution Vulnerability\n  Critical\n  9.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-32175</span>\n  .NET Core Tampering\n  Vulnerability\n  Important\n  4.3\n  No\n  No\n  Tampering\n \n \n  <span>CVE-2026-32177</span>\n  .NET Elevation of\n  Privilege Vulnerability\n  Important\n  7.3\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35433</span>\n  .NET Elevation of\n  Privilege Vulnerability\n  Important\n  7.3\n  No\n  No\n  EoP\n \n \n  <span>CVE-2025-54518 *</span>\n  AMD: CVE-2025-54518\n  CPU OP Cache Corruption\n  Important\n  \n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-42899</span>\n  ASP.NET Core Denial of\n  Service Vulnerability\n  Important\n  7.5\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-40381</span>\n  Azure Connected\n  Machine Agent Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42823 \u2020</span>\n  Azure Logic Apps\n  Elevation of Privilege Vulnerability\n  Important\n  9.9\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33833</span>\n  Azure Machine Learning\n  Notebook Spoofing Vulnerability\n  Important\n  8.2\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-32204</span>\n  Azure Monitor Agent\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42830</span>\n  Azure Monitor Agent\n  Metrics Extension Elevation of Privilege Vulnerability\n  Important\n  6.5\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33117</span>\n  Azure SDK for Java\n  Security Feature Bypass Vulnerability\n  Important\n  9.1\n  No\n  No\n  SFB\n \n \n  <span>CVE-2026-41109</span>\n  GitHub Copilot and\n  Visual Studio Code Security Feature Bypass Vulnerability\n  Important\n  8.8\n  No\n  No\n  SFB\n \n \n  <span>CVE-2026-35424</span>\n  Internet Key Exchange\n  (IKE) Protocol Denial of Service Vulnerability\n  Important\n  7.5\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-41614</span>\n  M365 Copilot for\n  Desktop Spoofing Vulnerability\n  Important\n  6.2\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-41100</span>\n  Microsoft 365 Copilot\n  for Android Spoofing Vulnerability\n  Important\n  4.4\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-40377</span>\n  Microsoft\n  Cryptographic Services Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-41094</span>\n  Microsoft Data\n  Formulator Remote Code Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40417</span>\n  Microsoft Dynamics 365\n  Business Central Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42833</span>\n  Microsoft Dynamics 365\n  On-Premises Remote Code Execution Vulnerability\n  Important\n  9.1\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-42838</span>\n  Microsoft Edge\n  (Chromium-based) Elevation of Privilege Vulnerability\n  Important\n  5.4\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40360</span>\n  Microsoft Excel\n  Information Disclosure Vulnerability\n  Important\n  7.8\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-40359</span>\n  Microsoft Excel Remote\n  Code Execution Vulnerability\n  Important\n  7.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40362</span>\n  Microsoft Excel Remote\n  Code Execution Vulnerability\n  Important\n  7.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-42832</span>\n  Microsoft Excel\n  Spoofing Vulnerability\n  Important\n  7.7\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-34329</span>\n  Microsoft Message\n  Queuing (MSMQ) Remote Code Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40419</span>\n  Microsoft Office\n  Click-To-Run Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40418</span>\n  Microsoft Office\n  Click-To-Run Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35436</span>\n  Microsoft Office\n  Click-To-Run Elevation of Privilege Vulnerability\n  Important\n  8.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40420</span>\n  Microsoft Office\n  Click-To-Run Elevation of Privilege Vulnerability\n  Important\n  8.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42893</span>\n  Microsoft Outlook for\n  iOS Tampering Vulnerability\n  Important\n  7.4\n  No\n  No\n  Tampering\n \n \n  <span>CVE-2026-40374</span>\n  Microsoft Power\n  Automate Desktop Information Disclosure Vulnerability\n  Important\n  6.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-41102</span>\n  Microsoft PowerPoint\n  for Android Spoofing Vulnerability\n  Important\n  7.1\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-35439</span>\n  Microsoft SharePoint\n  Server Remote Code Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40368</span>\n  Microsoft SharePoint\n  Server Remote Code Execution Vulnerability\n  Important\n  8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-33110</span>\n  Microsoft SharePoint\n  Server Remote Code Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-33112</span>\n  Microsoft SharePoint\n  Server Remote Code Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40357</span>\n  Microsoft SharePoint\n  Server Remote Code Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-32185</span>\n  Microsoft Teams\n  Spoofing Vulnerability\n  Important\n  5.5\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-41101</span>\n  Microsoft Word for\n  Android Spoofing Vulnerability\n  Important\n  7.1\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-35440</span>\n  Microsoft Word\n  Information Disclosure Vulnerability\n  Important\n  5.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-40421</span>\n  Microsoft Word\n  Information Disclosure Vulnerability\n  Important\n  4.3\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-41097</span>\n  Secure Boot Security\n  Feature Bypass Vulnerability\n  Important\n  6.7\n  No\n  No\n  SFB\n \n \n  <span>CVE-2026-40370 \u2020</span>\n  SQL Server Remote Code\n  Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-41613</span>\n  Visual Studio Code\n  Elevation of Privilege Vulnerability\n  Important\n  8.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-41612</span>\n  Visual Studio Code\n  Information Disclosure Vulnerability\n  Important\n  5.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-41611</span>\n  Visual Studio Code\n  Remote Code Execution Vulnerability\n  Important\n  7.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-41610</span>\n  Visual Studio Code\n  Security Feature Bypass Vulnerability\n  Important\n  6.3\n  No\n  No\n  SFB\n \n \n  <span>CVE-2026-33839</span>\n  Win32k Elevation of\n  Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33840</span>\n  Win32k Elevation of\n  Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34330</span>\n  Win32k Elevation of\n  Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34331</span>\n  Win32k Elevation of\n  Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35423</span>\n  Windows 11 Telnet\n  Client Information Disclosure Vulnerability\n  Important\n  5.4\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-35438</span>\n  Windows Admin Center\n  Elevation of Privilege Vulnerability\n  Important\n  8.3\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-41086</span>\n  Windows Admin Center\n  in Azure Portal Elevation of Privilege Vulnerability\n  Important\n  8.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34344</span>\n  Windows Ancillary\n  Function Driver for WinSock Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34345</span>\n  Windows Ancillary\n  Function Driver for WinSock Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35416</span>\n  Windows Ancillary\n  Function Driver for WinSock Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-41088</span>\n  Windows Ancillary\n  Function Driver for WinSock Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34343</span>\n  Windows Application\n  Identity (AppID) Subsystem Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35418</span>\n  Windows Cloud Files\n  Mini Filter Driver Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33835</span>\n  Windows Cloud Files\n  Mini Filter Driver Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34337</span>\n  Windows Cloud Files\n  Mini Filter Driver Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40407</span>\n  Windows Common Log\n  File System Driver Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40397</span>\n  Windows Common Log\n  File System Driver Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42896</span>\n  Windows DWM Core\n  Library Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35419</span>\n  Windows DWM Core\n  Library Information Disclosure<span> \n  </span>Vulnerability\n  Important\n  5.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-34336</span>\n  Windows DWM Core\n  Library Information Disclosure<span> \n  </span>Vulnerability\n  Important\n  7.8\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-33834</span>\n  Windows Event Logging\n  Service Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-32209</span>\n  Windows Filtering\n  Platform (WFP) Security Feature Bypass Vulnerability\n  Important\n  4.4\n  No\n  No\n  SFB\n \n \n  <span>CVE-2026-33841</span>\n  Windows Kernel\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35420</span>\n  Windows Kernel\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40369</span>\n  Windows Kernel\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34332</span>\n  Windows Kernel-Mode\n  Driver Remote Code Execution Vulnerability\n  Important\n  8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-34339</span>\n  Windows Lightweight\n  Directory Access Protocol (LDAP) Denial of Service Vulnerability\n  Important\n  5.5\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-34341</span>\n  Windows Link-Layer\n  Discovery Protocol (LLDP) Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33838</span>\n  Windows Message\n  Queuing (MSMQ) Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34342</span>\n  Windows Print Spooler\n  Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-41095</span>\n  Windows Projected File\n  System Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34340</span>\n  Windows Projected File\n  System Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40398</span>\n  Windows Remote Desktop\n  Services Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-21530</span>\n  Windows Rich Text Edit\n  Elevation of Privilege Vulnerability\n  Important\n  6.7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-32170</span>\n  Windows Rich Text Edit\n  Elevation of Privilege Vulnerability\n  Important\n  6.7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40410</span>\n  Windows SMB Client\n  Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35415</span>\n  Windows Storage Spaces\n  Controller Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34350</span>\n  Windows Storport\n  Miniport Driver Denial of Service Vulnerability\n  Important\n  6.5\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-40405</span>\n  Windows TCP/IP Denial\n  of Service Vulnerability\n  Important\n  7.5\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-40414</span>\n  Windows TCP/IP Denial\n  of Service Vulnerability\n  Important\n  7.4\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-40401</span>\n  Windows TCP/IP Denial\n  of Service Vulnerability\n  Important\n  6.2\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-40413</span>\n  Windows TCP/IP Denial\n  of Service Vulnerability\n  Important\n  7.4\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-35422</span>\n  Windows TCP/IP Driver\n  Security Feature Bypass Vulnerability\n  Important\n  6.5\n  No\n  No\n  SFB\n \n \n  <span>CVE-2026-34351</span>\n  Windows TCP/IP\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40399</span>\n  Windows TCP/IP\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34334</span>\n  Windows TCP/IP\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40406</span>\n  Windows TCP/IP\n  Information Disclosure Vulnerability\n  Important\n  7.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-33837</span>\n  Windows TCP/IP Local\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40415</span>\n  Windows TCP/IP Remote\n  Code Execution Vulnerability\n  Important\n  8.1\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-42825</span>\n  Windows Telephony\n  Service Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34338</span>\n  Windows Telephony\n  Service Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40382</span>\n  Windows Telephony\n  Service Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40380</span>\n  Windows Volume Manager\n  Extension Driver Remote Code Execution Vulnerability\n  Important\n  6.2\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40408</span>\n  Windows WAN ARP Driver\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34333</span>\n  Windows Win32k\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34347</span>\n  Windows Win32k\n  Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35417</span>\n  Windows Win32k\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42891</span>\n  Microsoft Edge\n  (Chromium-based) for Android Spoofing Vulnerability\n  Moderate\n  6.5\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-35429</span>\n  Microsoft Edge\n  (Chromium-based) for Android Spoofing Vulnerability\n  Moderate\n  4.3\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-41107</span>\n  Microsoft Edge\n  (Chromium-based) Information Disclosure Vulnerability\n  Moderate\n  7.4\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-40416</span>\n  Microsoft\n  Edge (Chromium-based) for Android Spoofing Vulnerability\n  Low\n  4.3\n  No\n  No\n  Spoofing\n \n \n \n  \n  \n  \n  \n  \n  \n  \n \n \n\n\n\n\n\n\n\n\n\n\n\n\n  \n\n\n\n\n  \n* Indicates this CVE had been released by a third party and is now being included in Microsoft releases.\n\u2020 Indicates further administrative actions are required to fully address the vulnerability.\n \nLooking at the other Critical-rated bugs in this month\u2019s release, there are quite a few scary-looking bugs (including a CVSS 10!), but there\u2019s no action for the end user as Microsoft has already mitigated these bugs and is just now documenting them. There\u2019s also this month\u2019s crop of Office bugs where the Preview Pane is an attack vector. However, the bug in Office for Android does not have the Preview Pane vector; it\u2019s simple open and own. The bug in the WiFi driver needs a network adjacent attacker. The SharePoint bug requires authentication, but anyone with site privileges has the authentication needed. The bug in SSO Plugin for Jira & Confluence should really be called an authentication bypass, since it allows an unauthenticated attacker to gain access to a system.\nLooking at the other code execution bugs, most are of the open and own variety as expected. The bug in Dynamic 365 (On Prem) requires high privileges. The Message Queueing bug requires an adjacent attacker. The bug in SQL Server requires authentication, but as usual, patching won\u2019t be straightforward. Finally, there\u2019s a bug in the kernel that leads to code execution. Most kernel bugs are privilege escalations, but this one could allow code execution if an attacker sends specially crafted NVMe over Fabrics (NVMe\u2011oF) response messages during the connection handshake process that contains an invalid header length value. Neat.\nAs usual, the vast majority of the Microsoft release fixes Elevation of Privilege (EoP) bugs. Also as usual, most simply lead to local attackers executing their code at SYSTEM-level privileges or administrative privileges, so there\u2019s not much to add without further technical details about the bugs themselves. There are also a few bugs that just state the attacker could \u201cgain ELEVATED privileges.\u201d How obtuse. The bugs in Azure allow an attacker to access data otherwise hidden from them. The Edge bug allows threat actors to elevate to the privileges of the running application. The bug in Visual Studio allows attackers to get permissions associated with the MCP Server\u2019s managed identity. Finally, there are a couple of sandbox escapes, too, which are always useful.\nThis month's update includes six Security Feature Bypass vulnerabilities. The most severe is in the Azure SDK for Java (CVSS 9.1). An attacker over the network can bypass the integrity protection provided by authentication tags on encrypted data, effectively manipulating encrypted input in a way that slips past integrity checks during decryption.  Close behind is the bypass affecting the GitHub Copilot integration in Visual Studio Code (CWE-74). This one requires a user interaction, but it allows an attacker to circumvent the path validation safeguards that normally control which files Copilot is permitted to modify. The other Visual Studio Code bypass involves cross-site scripting, improper link resolution, and information exposure triggered when a user opens or views a maliciously crafted notebook.  On the Windows networking side there are two bypasses. The first hits the Windows TCP/IP driver via an authentication bypass using an alternate channel. The other impacts the Windows Filtering Platform through improper access control, allowing a local, low-privileged attacker to bypass FQDN-based network security rules. Finally, there\u2019s a Secure Boot bypass that, you guessed it, bypasses secure boot features.\nMoving on to the Information Disclosure bugs fixed this month, we have 15 different CVEs. As usual, the majority of these simply result in info leaks consisting of unspecified memory contents or memory addresses. The bug in Power Automate could expose data marked \u201cSensitive\u201d within Power Automate Desktop flows. One of the Word bugs could disclose NLTM hashes. The bug in Edge could disclose your cookies, which seems rude. The bug in Visual Studio could expose file path information. Finally, there\u2019s a bug in Telnet for Windows 11 that leaks information being used by Telnet at the time. I didn\u2019t even realize Windows 11 still had a telnet client.\nThe May release contains 10 spoofing bugs (plus the ones already addressed by Microsoft). The bug in Azure Machine Learning Notebooks vulnerability requires user interaction, but it could expose info through the Azure ML web interface to the attacker. There\u2019s a cluster of fixes for Microsoft's mobile Office suite on Android. Excel, Word, and PowerPoint for Android all carry spoofing flaws rooted in improper access control. Two Copilot products are also affected by spoofing vulns. The M365 Copilot for Desktop has no details provided. The M365 Copilot for Android variant requires low privileges and producing only limited impact on confidentiality and integrity. Microsoft Teams for Android rounds out the mobile app spoofing bugs. Three Edge bugs close things out, all involving misrepresentation of information in the browser UI. \nThere are two Tampering bugs in this month\u2019s release. The one in .NET Core allows threat actors to write files to an affected system. The other is in Outlook for iOS and manifests as a command injection bug.\nThere are eight DoS bugs in the May release, but as always, Microsoft provides little to no actionable information about the vulnerabilities. The most interesting from a practical standpoint are two TCP/IP bugs that allow a low-privilege Hyper-V guest to crash the host. Both are triggered from the adjacent network. On the broader network-exposure side, the ASP.NET Core bug is a straightforward infinite loop condition \u2014 an unauthenticated attacker sends a crafted request over the network and the server stops responding.\nNo new advisories are being released this month.\nLooking Ahead\nAssuming I survive Pwn2Own Berlin (which is looking iffy at the moment), I\u2019ll return on June 9th on what will hopefully be a smaller release than this one. Until then, stay safe, happy patching, and may all your reboots be smooth and clean!", "creation_timestamp": "2026-05-12T16:38:43.000000Z"}, {"uuid": "bdf4c1ee-861a-4d3a-bc3a-90567bcd2808", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42898", "type": "seen", "source": "https://advisories.ncsc.nl/advisory?id=NCSC-2026-0145", "content": "Microsoft heeft kwetsbaarheden verholpen in diverse componenten van Dynamics. Een geauthenticeerde kwaadwillende kan de kwetsbaarheden misbruiken om zich verhoogde rechten toe te kennen, willekeurige code uit te voeren en/of toegang te krijgen tot gevoelige gegevens.\n\nDe kwetsbaarheid met kenmerk CVE-2026-33821 is reeds centraal verholpen door Microsoft en slechts toegevoegd ter informatie. Er zijn geen acties benodigd voor deze kwetsbaarheid.\n\n```\nDynamics Business Central: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-40417 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nMicrosoft Dynamics 365 (on-premises): \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-42898 | 9.90 | Uitvoeren van willekeurige code     | \n| CVE-2026-42833 | 9.10 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nPower Automate: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-40374 | 6.50 | Toegang tot gevoelige gegevens      | \n|----------------|------|-------------------------------------|\n\nMicrosoft Dynamics 365 Customer Insights: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-33821 | 7.70 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n```", "creation_timestamp": "2026-05-12T15:53:37.000000Z"}, {"uuid": "411e5434-7f3a-4bd7-9d13-d96ea3dcc7eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42898", "type": "seen", "source": "https://t.me/kasperskyb2b/2166", "content": "\ud83d\udcbb \u041c\u0430\u0439\u0441\u043a\u0438\u0439 Patch Tuesday: 118 \u0431\u0430\u0433\u043e\u0432, \u043d\u043e \u0431\u0435\u0437 \u0437\u0438\u0440\u043e\u0434\u0435\u0435\u0432\n\n\u0420\u0435\u0434\u043c\u043e\u043d\u0434 \u0440\u0430\u0437\u0440\u043e\u0434\u0438\u043b\u0441\u044f \u0432 \u043c\u0430\u0435 \u0441\u043e\u043b\u0438\u0434\u043d\u044b\u043c \u043f\u0430\u043a\u0435\u0442\u043e\u043c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439, \u043d\u043e \u0432\u043f\u0435\u0440\u0432\u044b\u0435 \u0441 \u043b\u0435\u0442\u0430 2024 \u0433\u043e\u0434\u0430 \u043d\u0435 \u0430\u043d\u043e\u043d\u0441\u0438\u0440\u043e\u0432\u0430\u043b \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u0440\u0430\u0437\u0433\u043b\u0430\u0448\u0451\u043d\u043d\u044b\u0445 \u0434\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f. \n\n16 \u0434\u0435\u0444\u0435\u043a\u0442\u043e\u0432 \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0438 \u0440\u0435\u0439\u0442\u0438\u043d\u0433 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0445, 14 \u0438\u0437 \u043d\u0438\u0445 \u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0442 \u043a RCE, \u0430 2 \u2014 \u043a \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044e \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439. \u041f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u0435 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0441\u0442\u0430\u043b\u043e \u0441\u0430\u043c\u043e\u0439 \u043e\u0431\u0448\u0438\u0440\u043d\u043e\u0439 \u043a\u0430\u0442\u0435\u0433\u043e\u0440\u0438\u0435\u0439, 57 \u0431\u0430\u0433\u043e\u0432. RCE \u043d\u0430 \u0432\u0442\u043e\u0440\u043e\u043c \u043c\u0435\u0441\u0442\u0435 \u0441 29 \u0434\u0435\u0444\u0435\u043a\u0442\u0430\u043c\u0438. 9 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0442 \u043a \u0440\u0430\u0437\u0433\u043b\u0430\u0448\u0435\u043d\u0438\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438, 8 \u2014 \u043e\u0442\u043a\u0430\u0437\u0443 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438, 6 \u2014 \u043e\u0431\u0445\u043e\u0434\u0443 \u0444\u0443\u043d\u043a\u0446\u0438\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0438 7 \u2014 \u043a \u0441\u043f\u0443\u0444\u0438\u043d\u0433\u0443.\n\n\u0425\u043e\u0442\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0431\u0430\u0433\u043e\u0432 (\u043f\u043e\u043a\u0430) \u043d\u0435 \u043e\u0442\u043c\u0435\u0447\u0435\u043d\u043e, \u043c\u043d\u043e\u0433\u0438\u0435 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0434\u0435\u0444\u0435\u043a\u0442\u044b \u0432\u044b\u0437\u044b\u0432\u0430\u044e\u0442 \u0442\u0440\u0435\u0432\u043e\u0433\u0443 \u0438 \u0442\u0440\u0435\u0431\u0443\u044e\u0442 \u043e\u043f\u0435\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u0439 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439:\n\nCVE-2026-41096 (CVSS 9.8) \u2014 RCE \u0447\u0435\u0440\u0435\u0437 \u0441\u043b\u0443\u0436\u0431\u0443 Windows DNS client (!)\nCVE-2026-41089 (CVSS 9.8) \u2014 RCE \u0447\u0435\u0440\u0435\u0437 \u0441\u043b\u0443\u0436\u0431\u0443 Netlogon\nCVE-2026-33841, -35420, -40369 \u2014 \u0442\u0440\u0438 EoP \u0432 \u044f\u0434\u0440\u0435 Windows c CVSS 7.8, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0438\u0435 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 SYSTEM.\nCVE-2026-40402 (CVSS 9.3) \u2014 EoP \u0432 Windows Hyper-V, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0438\u0437\u043a\u043e\u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u0433\u043e\u0441\u0442\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c system \u043d\u0430 \u0445\u043e\u0441\u0442\u0435 \nCVE-2026-40365 (CVSS 8.8) \u2014 RCE \u0432 SharePoint, \u0442\u0440\u0435\u0431\u0443\u044e\u0442\u0441\u044f \u043f\u0440\u0430\u0432\u0430 \u0445\u043e\u0442\u044f \u0431\u044b \u0443\u0440\u043e\u0432\u043d\u044f site owner\nCVE-2026-41103 (CVSS 8.8) \u2014 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u0435 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0447\u0435\u0440\u0435\u0437 \u043f\u043b\u0430\u0433\u0438\u043d Microsoft SSO \u0434\u043b\u044f  Jira & Confluence\nCVE-2026-42898 (CVSS 9.8) \u2014 RCE \u0432 \u043e\u043d-\u043f\u0440\u0435\u043c \u0432\u0435\u0440\u0441\u0438\u0438  Dynamics 365 \n\n\u0417\u0430\u0432\u0435\u0440\u0448\u0438\u043c \u043d\u0430\u0448\u0443 \u0442\u0435\u043b\u0435\u0433\u0440\u0430\u043c\u043c\u0443 \u0431\u043e\u0434\u0440\u043e\u0439 \u0447\u0435\u0442\u0432\u0451\u0440\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 Office, \u0430 \u0442\u043e\u0447\u043d\u0435\u0435 \u0432 Word, \u043a\u0430\u0436\u0434\u0430\u044f \u0438\u0437 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 \u0438\u0437 \u043f\u0430\u043d\u0435\u043b\u0438 \u043f\u0440\u0435\u0434\u0432\u0430\u0440\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0441\u043c\u043e\u0442\u0440\u0430 \u0438 \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442 \u043a \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430: CVE-2026-40361, -40364, -40366 \u0438 -40367.\n\n\u041e\u0431\u043d\u043e\u0432\u043b\u044f\u0435\u043c\u0441\u044f, \u0434\u0430\u043c\u044b \u0438 \u0433\u043e\u0441\u043f\u043e\u0434\u0430.\n\n#\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 @\u041f2\u0422", "creation_timestamp": "2026-05-13T08:00:07.000000Z"}, {"uuid": "535f4b11-d7c8-4dad-a7a6-e8b0fbde6c3b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-42899", "type": "seen", "source": "https://www.acn.gov.it/portale/w/aggiornamenti-mensili-microsoft-20", "content": "", "creation_timestamp": "2026-05-13T01:08:48.000000Z"}, {"uuid": "3718ef33-7b03-4cae-bf6b-8ba411ee9eb0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-42898", "type": "seen", "source": "https://www.acn.gov.it/portale/w/aggiornamenti-mensili-microsoft-20", "content": "", "creation_timestamp": "2026-05-13T01:08:48.000000Z"}, {"uuid": "81ed5237-02ec-46f6-94cc-1a0d124ff233", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-42891", "type": "seen", "source": "https://www.acn.gov.it/portale/w/aggiornamenti-mensili-microsoft-20", "content": "", "creation_timestamp": "2026-05-13T01:08:48.000000Z"}, {"uuid": "a5ce7f09-4cf2-448f-b1ee-045c077c1c37", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-42896", "type": "seen", "source": "https://www.acn.gov.it/portale/w/aggiornamenti-mensili-microsoft-20", "content": "", "creation_timestamp": "2026-05-13T01:08:48.000000Z"}, {"uuid": "7638ad49-c8ea-464f-b9df-e10917e28206", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-42893", "type": "seen", "source": "https://www.acn.gov.it/portale/w/aggiornamenti-mensili-microsoft-20", "content": "", "creation_timestamp": "2026-05-13T01:08:48.000000Z"}, {"uuid": "98f9ad77-07a8-46ef-8dff-526513af975f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/eyalestrin.bsky.social/post/3mltppftxgl2b", "content": "Addressing Exchange Server May 2026 vulnerability CVE-2026-42897 #patchmanagement", "creation_timestamp": "2026-05-14T21:02:42.918189Z"}, {"uuid": "643b2119-bba0-4120-a4a1-8c618e1c0399", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://t.me/GithubRedTeam/84323", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-42897\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a atiilla\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a PowerShell\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-15 11:41:03\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCVE-2026-42897 - Exchange Health Checker blind spot: outbound IIS URL Rewrite rules silently ignored, making EOMT mitigations invisible in diagnostic reports.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-15T12:00:04.000000Z"}, {"uuid": "1ef160b4-4c04-4a85-976f-b9836180668b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://www.acn.gov.it/portale/w/microsoft-rilevato-sfruttamento-attivo-della-cve-2026-41615", "content": "Microsoft ha rilasciato aggiornamenti di sicurezza per risolvere due nuove vulnerabilit\u00e0, una con gravit\u00e0 \u201dcritica\u201d e una con gravit\u00e0 \u201calta\u201d, che riguardano i prodotti Microsoft Authenticator e Microsoft Exchange Server. Tra queste si evidenzia la CVE-2026-42897, di tipo \u201cCross-site Scripting (XSS)\u201d, che risulta essere sfruttata attivamente in rete.", "creation_timestamp": "2026-05-15T09:54:10.000000Z"}, {"uuid": "8f9b5ff5-e3b0-4fa9-b0dd-c6eae09407b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/pixelsandpulse.bsky.social/post/3mlvgiku4e72c", "content": "Another Exchange zero-day, CVE-2026-42897, is being actively exploited in OWA. If you're an on-premises admin, you need to know why your mitigation might look broken but isn't, and how to confirm you're truly protected.\n\nhttps://www.tpp.blog/ladtg67\n\n#cybersecurity #microsoft #exchange", "creation_timestamp": "2026-05-15T13:23:08.321895Z"}, {"uuid": "2387ed8d-4e42-40bf-8afc-8f5ece6b73b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/kushelmex.com/post/3mlvjyrzkk22e", "content": "CVE-2026-42897: Microsoft confirms active exploitation of Exchange Server zero-day securityaffairs.com/192204/secur...", "creation_timestamp": "2026-05-15T14:25:57.109239Z"}, {"uuid": "1584fc0b-777d-4392-a120-8cb6d7792b9f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/se-nyheter.bsky.social/post/3mlvkaxj6g62u", "content": "Microsoft varnar f\u00f6r allvarlig s\u00e5rbarhet i Exchange Server\n\nhttps://www.europesays.com/se/247025/\n\nMicrosoft l\u00e5ter meddela att det finns en allvarlig s\u00e5rbarhet i Exchange Server som f\u00e5tt beteckningen CVE-2026-42897. Eftersom s\u00e5rbarheten\u2026", "creation_timestamp": "2026-05-15T14:30:28.248612Z"}, {"uuid": "60f37136-ac76-4d9f-a5b5-211ee5b1482c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/winfuture.de/post/3mlvkgpbmfj2u", "content": "Kritische Sicherheitsl\u00fccke CVE-2026-42897 bedroht Microsoft Exchange Server 2016, 2019 und Subscription Edition. Angreifer k\u00f6nnen \u00fcber OWA JavaScript-Code ausf\u00fchren. #Microsoft #ITSec", "creation_timestamp": "2026-05-15T14:33:40.581795Z"}, {"uuid": "b6f33e33-3f5e-4024-9e05-c21318ccb356", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mlvl4l66bb2v", "content": "CVE-2026-42897: Microsoft confirms active exploitation of Exchange Server zero-day", "creation_timestamp": "2026-05-15T14:45:54.571065Z"}, {"uuid": "77cfbbb9-fdcf-4386-985b-bf44fc45afe1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "Telegram/P2nAQ_9l9kC9SbCUZj2F7I9PUkzW2Bbjh2V7jVr4CtLIeNo8", "content": "", "creation_timestamp": "2026-05-15T14:10:07.000000Z"}, {"uuid": "892e2003-1ec0-42e7-b1c7-b49a9e24c5d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://t.me/ctinow/250357", "content": "CVE-2026-42897: Microsoft confirms active exploitation of Exchange Server zero-day\nhttps://ift.tt/OhPbgWk", "creation_timestamp": "2026-05-15T14:14:42.000000Z"}, {"uuid": "4e262bfc-03bd-4117-a1f4-a3a0b03c09bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/infosecbot.bsky.social/post/3mlvlx2rdck2c", "content": "CVE-2026-42897: Microsoft confirms active exploitation of Exchange Server zero-day \nhttps://\nift.tt/26I9U0P \n\nMicrosoft warned that attackers are exploiting a new Exchange Server zero-day vulnerability, tracked\u2026\n\n\ud83d\udd01 RT @f1tym1 | reposted by @HackingLZ\nhttps://x.com/f1tym1/status/2055293244360056997", "creation_timestamp": "2026-05-15T15:00:44.743532Z"}, {"uuid": "fb1f890c-81d5-44f4-9f21-7e82b6794215", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/it-connect.bsky.social/post/3mlvo7lzide2g", "content": "\u26a0\ufe0f  Exchange Server \u2013 CVE-2026-42897 : cette faille zero-day est d\u00e9j\u00e0 exploit\u00e9e !\n\nPlus d'infos : \n- www.it-connect.fr/exchange-ser...\n\n#microsoft #exchange #infosec", "creation_timestamp": "2026-05-15T15:41:17.916960Z"}, {"uuid": "e10c863c-406d-431c-a4c9-a3380c78723a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/boredchilada.bsky.social/post/3mlvpubgopc2k", "content": "~Cybergcca~\nActive exploitation of critical Cisco SD-WAN (CVE-2026-20182) and MS Exchange (CVE-2026-42897) flaws.\n-\nIOCs: CVE-2026-20182, CVE-2026-42897\n-\n#CVE202620182 #Exchange #ThreatIntel", "creation_timestamp": "2026-05-15T16:10:45.038290Z"}, {"uuid": "beac8c39-88bc-4375-b45c-5e365d66bc5d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://cyber.gc.ca/en/alerts-advisories/microsoft-security-advisory-av26-473", "content": "", "creation_timestamp": "2026-05-15T06:42:56.000000Z"}, {"uuid": "3f6a5151-55d2-4dad-bbcb-05d732f82d7f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/msxfaq.de/post/3mlvtiay53s2u", "content": "#MSXFAQ CVE-2026-42897 EEMS M2.1 OWA CSP www.msxfaq.de/exchange/upd... HTML-Mails mit Schadcode werden beim Zugriff per OWA eventuell ausgef\u00fchrt. EEMT-Mitigation werden aktiv verteilt. Wer kein EEMT aktiv hat, sollte manuell aktiv werden.", "creation_timestamp": "2026-05-15T17:15:39.367632Z"}, {"uuid": "b2db1dc4-c856-4630-814d-fb1af764476a", "vulnerability_lookup_origin": "405284c2-e461-4670-8979-7fd2c9755a60", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2026-42897", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/aa500692-161b-45c6-8d92-a0c2a2b2944c", "content": "", "creation_timestamp": "2026-05-15T18:00:01.932947Z"}, {"uuid": "5476d6ed-1a26-49cf-b7e2-c54d75921abf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/netsecio.bsky.social/post/3mlvzawwbw52k", "content": "\ud83d\udce2 Microsoft confirms a new Exchange Server zero-day (CVE-2026-42897) is actively exploited! The XSS flaw in OWA affects on-prem servers. Mitigations are being deployed automatically via the EM service. Check your systems! \ud83d\udee1\ufe0f #Exchange #Zeroday\n\n\ud83c\udf10 cyber[.]netsecops[.]io", "creation_timestamp": "2026-05-15T18:58:54.838012Z"}, {"uuid": "d171e9a4-1f4c-40b8-8ac1-e0fd2f5955d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/msftexchange.bsky.social/post/3mltcacibdc2f", "content": "Addressing Exchange Server May 2026 vulnerability CVE-2026-42897 | Microsoft Community Hub! \ud83e\udd8b\ntechcommunity.microsoft.com/blog/Exchang...", "creation_timestamp": "2026-05-14T17:01:37.420425Z"}, {"uuid": "beae2f4d-28ab-403e-86a9-d93967d30d6d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/msittechnews.bsky.social/post/3mltd6ltja426", "content": "\"Addressing Exchange Server May 2026 vulnerability CVE-2026-42897\" buff.ly/AIsupjL #Microsoft #techcommunity", "creation_timestamp": "2026-05-14T17:18:32.820506Z"}, {"uuid": "8401511f-7243-4a64-b9d4-d9be143dcd9b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://infosec.exchange/users/wdormann/statuses/116574087221515436", "content": "Microsoft Exchange Server CVE-2026-42897 (cross-site scripting) allows for...\"spoofing\"\ud83e\udd14\nIt's being exploited ITW.https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2026-42897", "creation_timestamp": "2026-05-14T17:23:40.354932Z"}, {"uuid": "044f9242-d530-434c-ba0e-56f9c5d8567a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/schnoll.bsky.social/post/3mlted7j5gs2f", "content": "Microsoft released IIS URL Rewrite rule mitigation M2.1.0 for EEMS and EOMT today and disclosed CVE-2026-42897, a reported vulnerability affecting Outlook on the web in Exchange Server.\n\nThis article talks about why you need EEMS or EOMT.\n\nlnkd.in/g7UNCHsQ\n\n#MSExchange", "creation_timestamp": "2026-05-14T17:39:06.030981Z"}, {"uuid": "7a17d3a8-96ab-4ac9-85af-80da4ce2b03b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mlucvpzqwu2j", "content": "Exploited in the Wild: Critical OWA Spoofing Flaw (CVE-2026-42897) Hits On-Premises Exchange Servers", "creation_timestamp": "2026-05-15T02:46:33.896799Z"}, {"uuid": "e085ea3b-cdf8-4699-b3f0-a8a5d6adf9e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/cybersecurity0001.bsky.social/post/3mlurvb2s7k2b", "content": "On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email", "creation_timestamp": "2026-05-15T07:14:26.162830Z"}, {"uuid": "55ae87e9-2b67-4cb0-81d4-f03fff1cd4c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://gist.github.com/alon710/8bad0b0572ee5c15cbbf9928305712df", "content": "# CVE-2026-42897: CVE-2026-42897: Reflected Cross-Site Scripting in Microsoft Exchange Server OWA\n\n> **CVSS Score:** 8.1\n> **Published:** 2026-05-14\n> **Full Report:** https://cvereports.com/reports/CVE-2026-42897\n\n## Summary\nCVE-2026-42897 is a high-severity reflected Cross-Site Scripting (XSS) vulnerability affecting the Outlook on the web (OWA) component of Microsoft Exchange Server. The flaw stems from improper neutralization of user-supplied input during web page generation. Discovered as a zero-day and actively exploited in the wild, the vulnerability allows unauthenticated attackers to execute arbitrary JavaScript within the security context of a targeted user's session, facilitating session hijacking and identity spoofing.\n\n## TL;DR\nActively exploited reflected XSS in Exchange Server OWA allows unauthenticated attackers to hijack authenticated sessions via crafted URLs. Microsoft released out-of-band updates and an IIS URL rewrite mitigation (EEMS M2) to address the flaw.\n\n## Exploit Status: ACTIVE\n\n## Technical Details\n\n- **CWE**: CWE-79\n- **Attack Vector**: Network\n- **CVSS Score**: 8.1\n- **Impact**: Session Hijacking / High Confidentiality & Integrity\n- **Exploit Status**: Actively Exploited\n- **KEV Status**: Listed\n\n## Affected Systems\n\n- Microsoft Exchange Server 2016\n- Microsoft Exchange Server 2019\n- Microsoft Exchange Server Subscription Edition\n- **Microsoft Exchange Server 2016**: <= Cumulative Update 23 (Fixed in: `Cumulative Update 23 May 2026 SU`)\n- **Microsoft Exchange Server 2019**: <= Cumulative Update 15 (Fixed in: `Cumulative Update 14/15 May 2026 SU`)\n- **Microsoft Exchange Server Subscription Edition**: RTM (Fixed in: `May 2026 SU`)\n\n## Mitigation\n\n- Apply the official out-of-band Security Updates (SUs) and Cumulative Updates (CUs) provided by Microsoft.\n- Ensure the Exchange Emergency Mitigation Service (EEMS) is active and has applied the M2 or M2.1 IIS URL Rewrite rule.\n- Monitor IIS logs for anomalous query strings, URL paths containing encoded script tags, and unexpected OWA access patterns.\n- Implement network-level Web Application Firewall (WAF) rules to detect and block common Cross-Site Scripting payload structures targeting Exchange endpoints.\n\n**Remediation Steps:**\n1. Download the appropriate Security Update or Cumulative Update for the installed version of Microsoft Exchange Server.\n2. Install the update on all internal and edge Exchange Server instances.\n3. Verify the installation of the EEMS M2 mitigation using the `Get-ExchangeServer` PowerShell cmdlet.\n4. Review IIS logs to identify any accounts that interacted with malicious URLs prior to the patch application.\n5. Revoke active sessions and enforce password resets for any compromised accounts.\n\n## References\n\n- [Microsoft Security Response Center (MSRC) Advisory](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42897)\n- [Microsoft Learn - Exchange EM Service](https://learn.microsoft.com/en-us/exchange/plan-and-deploy/post-installation-tasks/security-best-practices/exchange-emergency-mitigation-service)\n- [CVE.org Record](https://www.cve.org/CVERecord?id=CVE-2026-42897)\n- [Tenable CVE Database](https://www.tenable.com/cve/CVE-2026-42897)\n- [SecurityOnline Technical Report](https://securityonline.info/google-chrome-security-update-79-fixes-critical-vulnerabilities/)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-42897) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-05-15T07:20:29.000000Z"}, {"uuid": "d7b2b1f9-01a1-474a-a5cd-66f1446d0bfb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://t.me/ctinow/250337", "content": "On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email\nhttps://ift.tt/ehd0tz9", "creation_timestamp": "2026-05-15T06:59:51.000000Z"}, {"uuid": "6808b394-5376-4ec1-93e6-d242c326547c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://t.me/cibsecurity/89380", "content": "\ud83d\udd8b\ufe0f On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email \ud83d\udd8b\ufe0f\n\nMicrosoft has disclosed a new security vulnerability impacting onpremise versions of Exchange Server that it said has come under active exploitation in the wild. The vulnerability, tracked as CVE202642897 CVSS score 8.1, has been described as a spoofing bug stemming from a crosssite scripting flaw. An anonymous researcher has been credited with discovering and reporting the issue. \".\n\n\ud83d\udcd6 Read more.\n\n\ud83d\udd17 Via \"The Hacker News\"\n\n----------\n\ud83d\udc41\ufe0f Seen on @cibsecurity", "creation_timestamp": "2026-05-15T07:00:15.000000Z"}, {"uuid": "a245635f-d2ee-4bc9-860b-b6bdc4b34e22", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=1873", "content": "", "creation_timestamp": "2026-05-14T21:00:00.000000Z"}, {"uuid": "4c698130-7013-4ebd-a819-866e9f8caccd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://t.me/TengkorakCyberCrewzz/10406", "content": "On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email \u2013 thehackernews.com\n\nFri, 15 May 2026 14:19:04", "creation_timestamp": "2026-05-15T08:04:00.000000Z"}, {"uuid": "cefd4fdb-9e21-4e57-8e0e-1af064751c5e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://thehackernews.com/2026/05/on-prem-microsoft-exchange-server-cve.html", "content": "Microsoft has disclosed a new security vulnerability impacting on-premise versions of Exchange Server that it said has come under active exploitation in the wild.\nThe vulnerability, tracked as CVE-2026-42897 (CVSS score: 8.1), has been described as a spoofing bug stemming from a cross-site scripting flaw. An anonymous researcher has been credited with discovering and reporting the issue.\n\"", "creation_timestamp": "2026-05-15T04:19:04.000000Z"}, {"uuid": "b64bc77d-d811-4574-9fc6-41fa4f8a1465", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/crustytldr.bsky.social/post/3mlv3fch3nr2s", "content": "\ud83d\udd12 On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email\n\nMicrosoft has disclosed a new security vulnerability impacting on-premise versions of Exchange Server that it...\n\nhttps://is.gd/3iCbNC #CyberSecurity #InfoSec #CrustyTLDR", "creation_timestamp": "2026-05-15T10:04:27.280113Z"}, {"uuid": "f34bc84c-723c-4289-824d-3edb9208c07a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/deafnews-auto.bsky.social/post/3mlv3hnp7v52s", "content": "Microsoft confirms active exploitation of CVE-2026-42897 in Exchange on-premise servers. CISA issued an alert as permanent patches are restricted to ESU customers. #Cybersecurity #InfoSec https://deafnews.it/en/article/exchange-on-prem-xss-0-day-sfruttata-patch-solo-per-alcuni", "creation_timestamp": "2026-05-15T10:06:01.529261Z"}, {"uuid": "14e85b12-4889-4eab-8cfe-bbd95b81d3c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3mlvazufdxk22", "content": "Microsoft warns of CVE-2026-42897, a high-severity Exchange spoofing flaw exploited via crafted emails to run JavaScript in Outlook on the web. Mitigations are available for Exchange Server 2016, 2019, and SE. #Microsoft #ExchangeServer #CVE202642897", "creation_timestamp": "2026-05-15T11:45:26.921813Z"}, {"uuid": "41496f22-3e36-4bd3-be29-7f7eb1576d38", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://t.me/true_secator/8206", "content": "\u0412\u0447\u0435\u0440\u0430 Microsoft \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u0438\u043b\u0430 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 Exchange Server, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u0443\u0435\u0442\u0441\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c\u0438 \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430 \u043f\u043e\u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e\u043c XSS \u0432 \u0445\u043e\u0434\u0435 \u0430\u0442\u0430\u043a \u043d\u0430 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 Outlook \u0432 \u0432\u0435\u0431-\u0432\u0435\u0440\u0441\u0438\u0438.\n\nCVE-2026-42897 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043f\u043e\u0434\u043c\u0435\u043d\u043e\u0439 IP-\u0430\u0434\u0440\u0435\u0441\u043e\u0432 \u0438 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0430\u043a\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 Exchange Server 2016, Exchange Server 2019 \u0438 Exchange Server Subscription Edition (SE).\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u043f\u0430\u0442\u0447\u0438 \u0434\u043b\u044f \u043f\u043e\u043b\u043d\u043e\u0433\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u043a\u0430 \u043d\u0435\u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b, \u043d\u043e Microsoft \u0437\u0430\u044f\u0432\u043b\u044f\u0435\u0442, \u0447\u0442\u043e \u0441\u043b\u0443\u0436\u0431\u0430 \u044d\u043a\u0441\u0442\u0440\u0435\u043d\u043d\u043e\u0433\u043e \u0440\u0435\u0430\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f Exchange (EEMS) \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0442 \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0435 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0434\u043b\u044f \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u044b\u0445 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 Exchange Server 2016, 2019 \u0438 SE.\n\n\u041a\u0430\u043a \u043e\u0442\u043c\u0435\u0447\u0430\u044e\u0442 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u0432\u043e\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u044e, \u043e\u0442\u043f\u0440\u0430\u0432\u0438\u0432 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0435 \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u0435 \u043f\u0438\u0441\u044c\u043c\u043e.\n\n\u0415\u0441\u043b\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u043e\u0442\u043a\u0440\u043e\u0435\u0442 \u043f\u0438\u0441\u044c\u043c\u043e \u0432 Outlook Web Access \u0438 \u0431\u0443\u0434\u0443\u0442 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u044b \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u044b\u0435 \u0443\u0441\u043b\u043e\u0432\u0438\u044f \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f, \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 JavaScript \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d \u0432 \u043a\u043e\u043d\u0442\u0435\u043a\u0441\u0442\u0435 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430.\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u043b\u0443\u0436\u0431\u044b EM - \u043b\u0443\u0447\u0448\u0438\u0439 \u0441\u043f\u043e\u0441\u043e\u0431 \u043d\u0435\u043c\u0435\u0434\u043b\u0435\u043d\u043d\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u0442\u044c \u044d\u0442\u0443 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c. \u0415\u0441\u043b\u0438 \u0441\u043b\u0443\u0436\u0431\u0430 EM \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u0430, \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u0435\u0435 \u043d\u0435\u043c\u0435\u0434\u043b\u0435\u043d\u043d\u043e. \u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u0441\u043b\u0443\u0436\u0431\u0430 EM \u043d\u0435 \u0441\u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u0442\u044c \u043d\u0430\u043b\u0438\u0447\u0438\u0435 \u043d\u043e\u0432\u044b\u0445 \u043c\u0435\u0440 \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u0435\u0441\u043b\u0438 \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u0430 \u0432\u0435\u0440\u0441\u0438\u044f Exchange Server \u0441\u0442\u0430\u0440\u0448\u0435 \u043c\u0430\u0440\u0442\u0430 2023 \u0433\u043e\u0434\u0430.\n\nEEMS \u0431\u044b\u043b\u0430 \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0430 \u0432\u00a0\u0441\u0435\u043d\u0442\u044f\u0431\u0440\u0435 2021 \u0433\u043e\u0434\u0430\u00a0\u0434\u043b\u044f \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0437\u0430\u0449\u0438\u0442\u044b \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u044b\u0445 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 Exchange, \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0432\u0430\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c \u043e\u0442 \u0430\u0442\u0430\u043a \u043f\u0443\u0442\u0435\u043c \u043f\u0440\u0438\u043c\u0435\u043d\u0435\u043d\u0438\u044f \u0432\u0440\u0435\u043c\u0435\u043d\u043d\u044b\u0445 \u043c\u0435\u0440 \u043f\u043e \u0441\u043c\u044f\u0433\u0447\u0435\u043d\u0438\u044e \u043f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u0439 \u0434\u043b\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432\u044b\u0441\u043e\u043a\u043e\u0433\u043e \u0440\u0438\u0441\u043a\u0430 (\u0438, \u0432\u0435\u0440\u043e\u044f\u0442\u043d\u043e, \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445).\n\n\u041e\u043d\u0430 \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u043a\u0430\u043a \u0441\u043b\u0443\u0436\u0431\u0430 Windows \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u0445 Exchange \u0438 \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0432\u043a\u043b\u044e\u0447\u0430\u0435\u0442\u0441\u044f \u0441 \u0440\u043e\u043b\u044c\u044e \u043f\u043e\u0447\u0442\u043e\u0432\u043e\u0433\u043e \u044f\u0449\u0438\u043a\u0430. \u0414\u043e\u0431\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0438\u0437\u043e\u043e\u0448\u043b\u043e \u043f\u043e\u0441\u043b\u0435 \u0442\u043e\u0433\u043e, \u043a\u0430\u043a \u043c\u043d\u043e\u0433\u0438\u0435 \u0445\u0430\u043a\u0435\u0440\u0441\u043a\u0438\u0435 \u0433\u0440\u0443\u043f\u043f\u044b \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438\u00a0ProxyLogon\u00a0\u0438\u00a0ProxyShell\u00a0(\u0434\u043b\u044f \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043d\u0435 \u0431\u044b\u043b\u043e \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0439).\n\n\u0410\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u044b \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 \u0432 \u0438\u0437\u043e\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u043e\u0442 \u0441\u0435\u0442\u0438 \u0441\u0440\u0435\u0434\u0430\u0445 \u0442\u0430\u043a\u0436\u0435 \u043c\u043e\u0433\u0443\u0442 \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u0442\u044c \u044d\u0442\u0443 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u0437\u0430\u0433\u0440\u0443\u0437\u0438\u0432 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u044e\u044e \u0432\u0435\u0440\u0441\u0438\u044e \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0430 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 Exchange on-premises Mitigation Tool (EOMT) \u0438 \u043f\u0440\u0438\u043c\u0435\u043d\u0438\u0432 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f.\n\n\u0414\u043b\u044f \u044d\u0442\u043e\u0433\u043e \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u0437\u0430\u043f\u0443\u0441\u0442\u0438\u0442\u044c \u0441\u043a\u0440\u0438\u043f\u0442 \u0447\u0435\u0440\u0435\u0437 \u043a\u043e\u043c\u0430\u043d\u0434\u043d\u0443\u044e \u043e\u0431\u043e\u043b\u043e\u0447\u043a\u0443 Exchange Management Shell (EMS) \u0441 \u043f\u0440\u0430\u0432\u0430\u043c\u0438 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u043e\u0434\u043d\u0443 \u0438\u0437 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0445 \u043a\u043e\u043c\u0430\u043d\u0434:\n\n- \u043e\u0434\u0438\u043d \u0441\u0435\u0440\u0432\u0435\u0440:\u00a0.\\EOMT.ps1 -CVE \"CVE-2026-42897\"\n- \u0432\u0441\u0435 \u0441\u0435\u0440\u0432\u0435\u0440\u044b:\u00a0Get-ExchangeServer | Where-Object { $_.ServerRole -ne \"Edge\" } | .\\EOMT.ps1 -CVE \"CVE-2026-42897\"\n\n\u041e\u0434\u043d\u0430\u043a\u043e \u0432\u0430\u0436\u043d\u043e \u043e\u0442\u043c\u0435\u0442\u0438\u0442\u044c, \u0447\u0442\u043e \u043f\u0440\u0438\u043c\u0435\u043d\u0435\u043d\u0438\u0435 \u043c\u0435\u0440 \u043f\u043e \u0441\u043c\u044f\u0433\u0447\u0435\u043d\u0438\u044e \u043f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u0439 \u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u0445 \u0432\u044b\u0437\u043e\u0432\u0435\u0442 \u0440\u044f\u0434 \u043f\u0440\u043e\u0431\u043b\u0435\u043c, \u0432\u043a\u043b\u044e\u0447\u0430\u044f:\n\n- \u0444\u0443\u043d\u043a\u0446\u0438\u044f \u043f\u0435\u0447\u0430\u0442\u0438 \u043a\u0430\u043b\u0435\u043d\u0434\u0430\u0440\u044f \u0432 OWA \u043c\u043e\u0436\u0435\u0442 \u043d\u0435 \u0440\u0430\u0431\u043e\u0442\u0430\u0442\u044c. \u0412 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u043e\u0431\u0445\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0443\u0442\u0438 Microsoft \u043f\u0440\u0435\u0434\u043b\u0430\u0433\u0430\u0435\u0442 \u0441\u043a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u0435, \u0441\u0434\u0435\u043b\u0430\u0442\u044c \u0441\u043d\u0438\u043c\u043e\u043a \u044d\u043a\u0440\u0430\u043d\u0430 \u043a\u0430\u043b\u0435\u043d\u0434\u0430\u0440\u044f, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0432\u044b \u0445\u043e\u0442\u0438\u0442\u0435 \u0440\u0430\u0441\u043f\u0435\u0447\u0430\u0442\u0430\u0442\u044c, \u0438\u043b\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u043d\u0430\u0441\u0442\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043b\u0438\u0435\u043d\u0442 Outlook.\n\n- \u0432\u0441\u0442\u0440\u043e\u0435\u043d\u043d\u044b\u0435 \u0438\u0437\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u0431\u0443\u0434\u0443\u0442 \u043e\u0442\u043e\u0431\u0440\u0430\u0436\u0430\u0442\u044c\u0441\u044f \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e \u0432 \u043f\u0430\u043d\u0435\u043b\u0438 \u0447\u0442\u0435\u043d\u0438\u044f OWA \u043f\u043e\u043b\u0443\u0447\u0430\u0442\u0435\u043b\u0435\u0439. \u0412 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u043e\u0431\u0445\u043e\u0434\u043d\u043e\u0433\u043e \u0440\u0435\u0448\u0435\u043d\u0438\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u044f\u0442\u044c \u0438\u0437\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u0432 \u0432\u0438\u0434\u0435 \u0432\u043b\u043e\u0436\u0435\u043d\u0438\u0439 \u043a \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u044b\u043c \u043f\u0438\u0441\u044c\u043c\u0430\u043c \u0438\u043b\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u043d\u0430\u0441\u0442\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043b\u0438\u0435\u043d\u0442 Outlook.\n\n- OWA light (URL-\u0430\u0434\u0440\u0435\u0441 OWA, \u0437\u0430\u043a\u0430\u043d\u0447\u0438\u0432\u0430\u044e\u0449\u0438\u0439\u0441\u044f \u043d\u0430\u00a0/?layout=light) \u0441\u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e.\n\nMicrosoft \u043f\u043b\u0430\u043d\u0438\u0440\u0443\u0435\u0442 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f Exchange SE RTM, Exchange 2016 CU23 \u0438 Exchange Server 2019 CU14 \u0438 CU15, \u043d\u043e \u0437\u0430\u044f\u0432\u043b\u044f\u0435\u0442, \u0447\u0442\u043e \u0434\u043b\u044f Exchange 2016 \u0438 2019 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0443\u0434\u0443\u0442 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b \u0442\u043e\u043b\u044c\u043a\u043e \u043a\u043b\u0438\u0435\u043d\u0442\u0430\u043c, \u0443\u0447\u0430\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u043c \u0432 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0435 Exchange Server ESU \u0432\u0442\u043e\u0440\u043e\u0433\u043e \u043f\u0435\u0440\u0438\u043e\u0434\u0430.\n\n\u041f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 \u043f\u043e \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u0430\u0442\u0430\u043a\u0430\u043c Microsoft \u043d\u0435 \u0440\u0430\u0441\u043a\u0440\u044b\u0432\u0430\u0435\u0442.", "creation_timestamp": "2026-05-15T11:21:04.000000Z"}, {"uuid": "9b9325db-d7bf-487a-a676-7a6b9823543a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/solomonneas.dev/post/3mlvc24zfsc2k", "content": "\ud83d\udd34 Cisco SD-WAN zero-day exploited: CVE-2026-20182 is CVSS 10 auth bypass granting admin control. Patch or isolate management now.\n\n\ud83d\udd34 Exchange exploited in wild: CVE-2026-42897 hits on-prem OWA. Verify EMS mitigation and prep updates.\n\nsolomonneas.dev/intel", "creation_timestamp": "2026-05-15T12:03:29.228533Z"}, {"uuid": "c726c6a1-c606-4bba-a298-04cca04bba87", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3mlvdk6ii2d2u", "content": "\ud83d\udd17 CVE : CVE-2026-42897, CVE-2026-42897", "creation_timestamp": "2026-05-15T12:30:20.935092Z"}, {"uuid": "7939c5e0-fce3-4430-95c5-8de515145fd1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/infosecbriefly.bsky.social/post/3mlvdsn7qiy23", "content": "CVE-2026-42897 in on-prem Exchange OWA can enable arbitrary JavaScript execution via crafted emails, with emergency mitigation potentially breaking inline images and calendar printing.\n", "creation_timestamp": "2026-05-15T12:35:05.711534Z"}, {"uuid": "3b5e025c-32e9-4f4b-b1f8-ab1234147c9c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/boredchilada.bsky.social/post/3mlw4vbq24x2k", "content": "~Cisa~\nCISA added an actively exploited Microsoft Exchange Server XSS vulnerability to its KEV catalog.\n-\nIOCs: CVE-2026-42897\n-\n#CVE202642897 #Exchange #ThreatIntel", "creation_timestamp": "2026-05-15T20:04:52.403920Z"}, {"uuid": "8ff0aa00-664e-4694-9048-75fc3dda8e82", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/concisecyber.bsky.social/post/3mlwdnmickh2q", "content": "Microsoft warns of active exploitation of Exchange Server flaw\u00a0CVE-2026-42897\n\nMicrosoft says attackers are exploiting CVE-2026-42897 in on-prem Exchange Server, with temporary mitigations available while a fix is readied.", "creation_timestamp": "2026-05-15T22:06:18.942346Z"}, {"uuid": "dd185b17-bdde-4a56-a518-d9bdaa1d4b3b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mlwshvs3sk2v", "content": "Top 3 CVE for last 7 days:\nCVE-2026-43284: 90 interactions\nCVE-2026-43500: 71 interactions\nCVE-2026-42511: 56 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-42897: 36 interactions\nCVE-2026-20182: 13 interactions\nCVE-2026-42945: 12 interactions\n", "creation_timestamp": "2026-05-16T02:34:30.997511Z"}, {"uuid": "d74be1ff-c3a5-43dd-8b25-663e0925f7d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/etguenni.bsky.social/post/3mlxo45tspk2u", "content": "#Microsoft #Exchange: 0-Day Schwachstelle (CVE-2026-42897) wird angegriffen \n\nborncity.com/blog/2026/05...", "creation_timestamp": "2026-05-16T10:44:37.291087Z"}, {"uuid": "a4e2fd05-2616-4047-8c00-9cc2430a6d89", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42897", "type": "seen", "source": "https://social.tchncs.de/users/gborn/statuses/116583843631666405", "content": "#Microsoft #Exchange: 0-Day Schwachstelle (CVE-2026-42897) wird angegriffen \nhttps://borncity.com/blog/2026/05/16/microsoft-exchange-0-day-schwachstelle-cve-2026-42897-wird-angegriffen/", "creation_timestamp": "2026-05-16T10:45:49.094523Z"}, {"uuid": "87aa70ac-cab5-4059-b7ea-dbde30443ee5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/hacker.at.thenote.app/post/3mlx3xdfyu22g", "content": "On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email\n\nMicrosoft has disclosed a new security vulnerability impacting on-premise versions of Exchange Server that it said has come under active exploitation in the wild.\nThe vulnerability, tracked as\u2026\n#hackernews #microsoft #news", "creation_timestamp": "2026-05-16T05:19:52.041132Z"}, {"uuid": "74372fed-6a01-420d-9db0-b975ca8991d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/technology-news.bsky.social/post/3mlxf5m4hdx2l", "content": "CVE-2026-42897 is exploited in on-prem Exchange; crafted emails enable spoofing, forcing urgent mitigation.", "creation_timestamp": "2026-05-16T08:04:26.743593Z"}, {"uuid": "c1fb31a4-1528-48f4-8f8e-d8c3eceaa4b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://gist.github.com/stone776/0440bbb9fda24b6bda2b6868dc58f6f0", "content": "\n\n\n    \n    \n    TARDIS Intelligence Briefing \u2014 2026-05-16\n    \n\n        *, *::before, *::after { margin: 0; padding: 0; box-sizing: border-box; }\n\n        :root {\n            --tardis-deep: #020b18;\n            --tardis-dark: #061627;\n            --tardis-mid: #0c2240;\n            --tardis-surface: #0f2a4a;\n            --tardis-panel: #132f52;\n            --tardis-edge: #1a3d66;\n            --tardis-blue: #1e6fba;\n            --tardis-blue-bright: #3498db;\n            --tardis-blue-glow: rgba(52, 152, 219, 0.15);\n            --tardis-gold: #f4c430;\n            --tardis-gold-dim: rgba(244, 196, 48, 0.12);\n            --tardis-amber: #e89e2d;\n            --tardis-green: #50c878;\n            --tardis-green-soft: rgba(80, 200, 120, 0.12);\n            --tardis-red: #e74c3c;\n            --tardis-text: #c8dce8;\n            --tardis-text-dim: #7a9ab8;\n            --tardis-text-muted: #4a6a85;\n        }\n\n        body {\n            background: var(--tardis-deep);\n            color: var(--tardis-text);\n            font-family: 'Rajdhani', sans-serif;\n            font-weight: 400;\n            min-height: 100vh;\n            line-height: 1.55;\n        }\n\n        /* Scrollbar */\n        ::-webkit-scrollbar { width: 5px; }\n        ::-webkit-scrollbar-track { background: var(--tardis-deep); }\n        ::-webkit-scrollbar-thumb { background: var(--tardis-edge); border-radius: 3px; }\n\n        /* \u2500\u2500 Console Header \u2500\u2500 */\n        .console-header {\n            background: var(--tardis-dark);\n            border-bottom: 2px solid var(--tardis-blue);\n            padding: 16px 36px;\n            display: flex;\n            align-items: center;\n            justify-content: space-between;\n            position: relative;\n            overflow: hidden;\n        }\n\n        .console-header::before {\n            content: '';\n            position: absolute;\n            top: 0;\n            left: 0;\n            right: 0;\n            height: 2px;\n            background: linear-gradient(90deg,\n                transparent 0%,\n                var(--tardis-blue-bright) 30%,\n                var(--tardis-gold) 50%,\n                var(--tardis-blue-bright) 70%,\n                transparent 100%\n            );\n        }\n\n        .console-brand {\n            display: flex;\n            align-items: center;\n            gap: 14px;\n        }\n\n        .tardis-icon {\n            width: 38px;\n            height: 38px;\n            border: 2px solid var(--tardis-blue);\n            border-radius: 4px;\n            display: flex;\n            align-items: center;\n            justify-content: center;\n            background: var(--tardis-mid);\n            flex-shrink: 0;\n        }\n\n        .tardis-icon::before {\n            content: '';\n            width: 10px;\n            height: 10px;\n            background: var(--tardis-gold);\n            border-radius: 50%;\n        }\n\n        .console-title-block {\n            display: flex;\n            flex-direction: column;\n            gap: 2px;\n        }\n\n        .console-title {\n            font-family: 'Orbitron', sans-serif;\n            font-size: 1.05em;\n            font-weight: 700;\n            text-transform: uppercase;\n            letter-spacing: 0.14em;\n            color: var(--tardis-gold);\n        }\n\n        .console-subtitle {\n            font-family: 'Share Tech Mono', monospace;\n            font-size: 0.7em;\n            color: var(--tardis-text-dim);\n            text-transform: uppercase;\n            letter-spacing: 0.18em;\n        }\n\n        .console-readout {\n            display: flex;\n            align-items: center;\n            gap: 24px;\n        }\n\n        .readout-date {\n            font-family: 'Share Tech Mono', monospace;\n            font-size: 1.1em;\n            color: var(--tardis-gold);\n            letter-spacing: 0.06em;\n        }\n\n        .readout-classification {\n            font-family: 'Orbitron', sans-serif;\n            font-size: 0.62em;\n            font-weight: 700;\n            text-transform: uppercase;\n            letter-spacing: 0.12em;\n            color: var(--tardis-text-dim);\n            background: var(--tardis-mid);\n            border: 1px solid var(--tardis-edge);\n            padding: 5px 14px;\n            border-radius: 3px;\n        }\n\n        .weather-readout {\n            font-family: 'Share Tech Mono', monospace;\n            color: var(--tardis-text-dim);\n            font-size: 0.85rem;\n            letter-spacing: 0.5px;\n        }\n\n        /* \u2500\u2500 Navigation Sidebar \u2500\u2500 */\n        .page-layout {\n            display: grid;\n            grid-template-columns: 200px 1fr;\n            min-height: calc(100vh - 74px);\n        }\n\n        .nav-sidebar {\n            background: var(--tardis-dark);\n            border-right: 1px solid var(--tardis-edge);\n            padding: 28px 0;\n            position: sticky;\n            top: 0;\n            height: calc(100vh - 74px);\n            overflow-y: auto;\n        }\n\n        .nav-sidebar::-webkit-scrollbar { width: 3px; }\n        .nav-sidebar::-webkit-scrollbar-thumb { background: var(--tardis-edge); }\n\n        .nav-label {\n            font-family: 'Orbitron', sans-serif;\n            font-size: 0.58em;\n            font-weight: 700;\n            text-transform: uppercase;\n            letter-spacing: 0.2em;\n            color: var(--tardis-text-muted);\n            padding: 0 20px 12px;\n        }\n\n        .nav-item {\n            display: flex;\n            align-items: center;\n            gap: 10px;\n            padding: 9px 20px;\n            cursor: pointer;\n            border-left: 3px solid transparent;\n            text-decoration: none;\n            color: var(--tardis-text-dim);\n            font-family: 'Rajdhani', sans-serif;\n            font-size: 0.85em;\n            font-weight: 500;\n            line-height: 1.2;\n        }\n\n        .nav-item:hover {\n            color: var(--tardis-text);\n            background: var(--tardis-mid);\n            border-left-color: var(--tardis-blue-bright);\n        }\n\n        .nav-num {\n            font-family: 'Share Tech Mono', monospace;\n            font-size: 0.78em;\n            color: var(--tardis-text-muted);\n            width: 18px;\n            text-align: right;\n            flex-shrink: 0;\n        }\n\n        .nav-divider {\n            height: 1px;\n            background: var(--tardis-edge);\n            margin: 12px 20px;\n        }\n\n        /* \u2500\u2500 Main Content \u2500\u2500 */\n        .main-content {\n            padding: 32px 40px 60px;\n            max-width: 900px;\n        }\n\n        /* \u2500\u2500 Section Chrome \u2500\u2500 */\n        .section-chrome {\n            border: 1px solid var(--tardis-edge);\n            border-radius: 6px;\n            overflow: hidden;\n            background: var(--tardis-dark);\n            margin-bottom: 28px;\n        }\n\n        .section-chrome-header {\n            background: var(--tardis-mid);\n            padding: 11px 18px;\n            display: flex;\n            align-items: center;\n            justify-content: space-between;\n            border-bottom: 1px solid var(--tardis-edge);\n        }\n\n        .section-chrome-label {\n            font-family: 'Orbitron', sans-serif;\n            font-size: 0.68em;\n            font-weight: 700;\n            text-transform: uppercase;\n            letter-spacing: 0.16em;\n            color: var(--tardis-text);\n            display: flex;\n            align-items: center;\n            gap: 9px;\n        }\n\n        .label-indicator {\n            width: 7px;\n            height: 7px;\n            border-radius: 50%;\n            background: var(--tardis-green);\n            flex-shrink: 0;\n        }\n\n        .label-indicator.gold { background: var(--tardis-gold); }\n        .label-indicator.blue { background: var(--tardis-blue-bright); }\n        .label-indicator.red { background: var(--tardis-red); }\n        .label-indicator.amber { background: var(--tardis-amber); }\n\n        .section-chrome-badge {\n            font-family: 'Share Tech Mono', monospace;\n            font-size: 0.72em;\n            color: var(--tardis-text-dim);\n            background: var(--tardis-dark);\n            padding: 2px 9px;\n            border-radius: 3px;\n            border: 1px solid var(--tardis-edge);\n        }\n\n        .section-chrome-body {\n            padding: 22px 24px;\n        }\n\n        /* \u2500\u2500 BLUF Block \u2500\u2500 */\n        .bluf-block {\n            border-left: 3px solid var(--tardis-gold);\n            background: var(--tardis-gold-dim);\n            padding: 12px 16px;\n            margin-bottom: 18px;\n            border-radius: 0 4px 4px 0;\n        }\n\n        .bluf-label {\n            font-family: 'Orbitron', sans-serif;\n            font-size: 0.58em;\n            font-weight: 700;\n            text-transform: uppercase;\n            letter-spacing: 0.2em;\n            color: var(--tardis-gold);\n            margin-bottom: 5px;\n        }\n\n        .bluf-text {\n            font-family: 'Rajdhani', sans-serif;\n            font-size: 1.05em;\n            font-weight: 600;\n            color: var(--tardis-text);\n            line-height: 1.4;\n        }\n\n        /* \u2500\u2500 Bullet Lists \u2500\u2500 */\n        .fact-list {\n            list-style: none;\n            margin-bottom: 16px;\n        }\n\n        .fact-list li {\n            font-size: 0.97em;\n            font-weight: 500;\n            color: var(--tardis-text);\n            padding: 5px 0 5px 18px;\n            position: relative;\n            line-height: 1.45;\n            border-bottom: 1px solid rgba(26, 61, 102, 0.35);\n        }\n\n        .fact-list li:last-child { border-bottom: none; }\n\n        .fact-list li::before {\n            content: '';\n            position: absolute;\n            left: 0;\n            top: 13px;\n            width: 6px;\n            height: 6px;\n            border: 1px solid var(--tardis-blue-bright);\n            border-radius: 1px;\n            transform: rotate(45deg);\n        }\n\n        .fact-list .source-tag {\n            font-family: 'Share Tech Mono', monospace;\n            font-size: 0.78em;\n            color: var(--tardis-text-muted);\n            font-weight: 400;\n        }\n\n        /* \u2500\u2500 Context Block \u2500\u2500 */\n        .context-block {\n            background: var(--tardis-surface);\n            border: 1px solid var(--tardis-edge);\n            border-radius: 4px;\n            padding: 12px 16px;\n            margin-bottom: 14px;\n        }\n\n        .context-label {\n            font-family: 'Orbitron', sans-serif;\n            font-size: 0.58em;\n            font-weight: 700;\n            text-transform: uppercase;\n            letter-spacing: 0.18em;\n            color: var(--tardis-text-muted);\n            margin-bottom: 6px;\n        }\n\n        .context-text {\n            font-family: 'Rajdhani', sans-serif;\n            font-size: 0.93em;\n            color: var(--tardis-text-dim);\n            line-height: 1.5;\n        }\n\n        /* \u2500\u2500 Open Questions \u2500\u2500 */\n        .open-questions {\n            margin-top: 12px;\n        }\n\n        .open-questions-label {\n            font-family: 'Orbitron', sans-serif;\n            font-size: 0.58em;\n            font-weight: 700;\n            text-transform: uppercase;\n            letter-spacing: 0.18em;\n            color: var(--tardis-text-muted);\n            margin-bottom: 7px;\n        }\n\n        .open-questions ul {\n            list-style: none;\n        }\n\n        .open-questions li {\n            font-family: 'Rajdhani', sans-serif;\n            font-size: 0.9em;\n            color: var(--tardis-text-dim);\n            font-style: italic;\n            padding: 3px 0 3px 14px;\n            position: relative;\n        }\n\n        .open-questions li::before {\n            content: '?';\n            position: absolute;\n            left: 0;\n            font-family: 'Share Tech Mono', monospace;\n            font-size: 0.85em;\n            color: var(--tardis-amber);\n            font-style: normal;\n        }\n\n        /* \u2500\u2500 Data Tables \u2500\u2500 */\n        .data-table-wrap {\n            overflow-x: auto;\n            margin-bottom: 16px;\n        }\n\n        table {\n            width: 100%;\n            border-collapse: collapse;\n            font-size: 0.9em;\n        }\n\n        thead {\n            background: var(--tardis-surface);\n        }\n\n        th {\n            font-family: 'Orbitron', sans-serif;\n            font-size: 0.62em;\n            font-weight: 700;\n            text-transform: uppercase;\n            letter-spacing: 0.12em;\n            color: var(--tardis-text-dim);\n            padding: 9px 14px;\n            text-align: left;\n            border-bottom: 1px solid var(--tardis-edge);\n            white-space: nowrap;\n        }\n\n        td {\n            font-family: 'Share Tech Mono', monospace;\n            font-size: 0.88em;\n            color: var(--tardis-text);\n            padding: 8px 14px;\n            border-bottom: 1px solid rgba(26, 61, 102, 0.4);\n            line-height: 1.35;\n        }\n\n        td.label-cell {\n            font-family: 'Rajdhani', sans-serif;\n            font-size: 0.93em;\n            font-weight: 600;\n            color: var(--tardis-text-dim);\n        }\n\n        td.positive { color: var(--tardis-green); }\n        td.negative { color: var(--tardis-red); }\n        td.neutral { color: var(--tardis-text-muted); }\n\n        tr:hover td { background: rgba(12, 34, 64, 0.5); }\n\n        /* \u2500\u2500 CISA KEV Block \u2500\u2500 */\n        .kev-block {\n            background: rgba(231, 76, 60, 0.07);\n            border: 1px solid rgba(231, 76, 60, 0.25);\n            border-radius: 4px;\n            padding: 12px 16px;\n            margin-bottom: 14px;\n        }\n\n        .kev-label {\n            font-family: 'Orbitron', sans-serif;\n            font-size: 0.6em;\n            font-weight: 700;\n            text-transform: uppercase;\n            letter-spacing: 0.18em;\n            color: var(--tardis-red);\n            margin-bottom: 8px;\n        }\n\n        .kev-entry {\n            font-family: 'Rajdhani', sans-serif;\n            font-size: 0.93em;\n            color: var(--tardis-text);\n            padding: 4px 0;\n            border-bottom: 1px solid rgba(231, 76, 60, 0.15);\n            line-height: 1.4;\n        }\n\n        .kev-entry:last-child { border-bottom: none; }\n\n        .kev-cve {\n            font-family: 'Share Tech Mono', monospace;\n            font-size: 0.88em;\n            color: var(--tardis-red);\n            font-weight: 400;\n        }\n\n        .kev-none {\n            font-family: 'Rajdhani', sans-serif;\n            font-size: 0.93em;\n            color: var(--tardis-text-muted);\n            font-style: italic;\n        }\n\n        /* \u2500\u2500 Analysis Section \u2500\u2500 */\n        .analysis-chrome {\n            border: 1px solid var(--tardis-gold);\n            border-radius: 6px;\n            overflow: hidden;\n            background: var(--tardis-dark);\n            margin-bottom: 28px;\n        }\n\n        .analysis-chrome .section-chrome-header {\n            background: var(--tardis-gold-dim);\n            border-bottom-color: rgba(244, 196, 48, 0.25);\n        }\n\n        .analysis-subsection {\n            margin-bottom: 18px;\n        }\n\n        .analysis-subsection:last-child { margin-bottom: 0; }\n\n        .analysis-sublabel {\n            font-family: 'Orbitron', sans-serif;\n            font-size: 0.62em;\n            font-weight: 700;\n            text-transform: uppercase;\n            letter-spacing: 0.16em;\n            color: var(--tardis-gold);\n            margin-bottom: 8px;\n            padding-bottom: 4px;\n            border-bottom: 1px solid rgba(244, 196, 48, 0.2);\n        }\n\n        /* \u2500\u2500 Metadata Footer \u2500\u2500 */\n        .metadata-footer {\n            background: var(--tardis-dark);\n            border-top: 1px solid var(--tardis-edge);\n            padding: 18px 40px;\n            margin-top: 8px;\n        }\n\n        .metadata-grid {\n            display: flex;\n            flex-wrap: wrap;\n            gap: 20px 36px;\n        }\n\n        .metadata-item {\n            display: flex;\n            flex-direction: column;\n            gap: 2px;\n        }\n\n        .metadata-key {\n            font-family: 'Orbitron', sans-serif;\n            font-size: 0.55em;\n            font-weight: 700;\n            text-transform: uppercase;\n            letter-spacing: 0.18em;\n            color: var(--tardis-text-muted);\n        }\n\n        .metadata-value {\n            font-family: 'Share Tech Mono', monospace;\n            font-size: 0.82em;\n            color: var(--tardis-text-dim);\n        }\n    \n\n.research-paper { margin-bottom: 24px; padding-bottom: 20px; border-bottom: 1px solid var(--tardis-edge); }\n.research-paper:last-child { border-bottom: none; }\n.research-paper.historical { opacity: 0.85; }\n.paper-header { margin-bottom: 8px; }\n.paper-id { font-family: 'Share Tech Mono', monospace; font-size: 0.78em; color: var(--tardis-blue-bright); text-decoration: none; }\n.paper-id:hover { color: var(--tardis-gold); }\n.paper-date { display: block; font-family: 'Share Tech Mono', monospace; font-size: 0.72em; color: var(--tardis-text-muted); margin-top: 3px; }\n.paper-body p { font-size: 0.93em; color: var(--tardis-text-dim); margin-bottom: 8px; line-height: 1.5; }\n.paper-questions { font-size: 0.88em; color: var(--tardis-text-muted); font-style: italic; border-left: 2px solid var(--tardis-amber); padding-left: 10px; margin-top: 6px; }\n.merlin-finding { margin-bottom: 22px; padding-bottom: 18px; border-bottom: 1px solid var(--tardis-edge); }\n.merlin-finding:last-of-type { border-bottom: none; }\n.finding-title { font-size: 1em; font-weight: 600; color: var(--tardis-gold); margin-bottom: 10px; }\n.kev-entry { margin-bottom: 6px; }\n.kev-cve { font-size: 1em; }\n.grid-table th { padding: 8px 10px; text-align: left; font-family: 'Orbitron', sans-serif; font-size: 0.62em; text-transform: uppercase; letter-spacing: 0.1em; color: var(--tardis-text-dim); }\n.grid-table td { padding: 7px 10px; font-size: 0.88em; border-bottom: 1px solid var(--tardis-edge); vertical-align: top; }\n.grid-table tr:last-child td { border-bottom: none; }\n\n\n\n\n\n\n  \n\n    \n\n    \n\n      \nTARDIS\n      \nIntelligence Briefing System\n    \n  \n  \n\n    \nOvercast \u00b7 Hi 69\u00b0F / Lo 59\u00b0F\n    \n2026-05-16 SAT\n    \nPERSONAL USE\n  \n\n\n\n\n  \n\n    \nSections\n    01AI Research\n    02Merlin Intelligence\n    03Military / Geo\n    05Economic\n    06Tech\n    07Cybersecurity\n    10Space\n    11Energy\n    \n\n    13Analysis\n  \n\n  \n\n    \n\n  \n\n    AI Research\n    4 FRESH \u00b7 2 HISTORICAL [90-DAY]\n  \n  \n\n    \n\n      \nBLUF\n      \nFour fresh papers map directly to Merlin's architecture this week: parallel agentic workflow distribution, self-distilling agent judgment, memory as first-class model state, and concurrent tool execution without retraining. Historical window surfaces adversarial co-evolution of agent policies and collaborative uncertainty quantification for multi-LLM systems.\n    \n\n    \n\n      \n\n        [ArXiv 2605.15132]\n        \nAPWA: Distributed Architecture for Parallelizable Agentic Workflows\n        Published: 2026-05-14\n      \n      \n\n        \nWhat it shows: APWA formalizes a distributed execution architecture that decomposes agentic tasks into dependency graphs, then schedules subtasks across parallel agent workers. The architecture defines explicit interfaces for task handoff, result aggregation, and failure recovery without coordinator bottlenecks. Benchmarks show 4.2\u00d7 throughput on coding tasks and 6.1\u00d7 on research pipelines versus sequential orchestration.\n        \nContext: Current multi-agent systems typically run sub-agents sequentially or semi-sequentially, gating on orchestrator availability. APWA provides a formal specification \u2014 not just empirical benchmarks \u2014 making it directly adaptable to production systems.\n        \nStructural implication: The dependency graph formalism maps directly onto Merlin's orchestrator-spawns-children pattern. Implementing APWA's scheduling logic in the blackboard could replace Merlin's sequential handoff bottlenecks with genuine parallelism.\n      \n      \n\n        Open question: How does APWA handle partial failures in parallel branches \u2014 does the aggregation layer support partial results, or does any branch failure require full restart?\n      \n    \n\n    \n\n      \n\n        [ArXiv 2605.15155]\n        \nSelf-Distilled Agentic Reinforcement Learning\n        Published: 2026-05-14\n      \n      \n\n        \nWhat it shows: Agents trained via self-distillation \u2014 using their own successful trajectories as training signal \u2014 achieve measurable quality improvements on coding and reasoning tasks without human-labeled reward data. The technique operates at the prompt and trajectory level, requiring no model retraining. Improvements compound across iterations and do not require a separate reward model.\n        \nContext: Standard RLHF requires human preference labels. Self-distillation closes the loop using the agent's own confident outputs as implicit labels \u2014 applicable to any frontier model without API-level access to weights.\n        \nStructural implication: Merlin's Judge/Auditor currently provides binary pass/fail. Self-distillation would allow the Judge to improve its own calibration over time by collecting high-confidence accepts as positive examples \u2014 directly supporting Phase 3 (Sharpen the Saw).\n      \n      \n\n        Open question: Self-distillation amplifies the model's existing biases \u2014 if the Judge starts with systematic errors, does the distillation loop correct or entrench them?\n      \n    \n\n    \n\n      \n\n        [ArXiv 2605.15156]\n        \nMeMo: Memory as a Model\n        Published: 2026-05-14\n      \n      \n\n        \nWhat it shows: Proposes treating external memory systems as first-class model components rather than retrieval add-ons. Under the MeMo framework, memory reads are parameterized inference steps \u2014 the model actively queries memory with learned attention rather than treating retrieved documents as raw context. Results show 23% improvement on multi-hop reasoning tasks versus standard RAG.\n        \nContext: Current RAG systems treat retrieved content as additional context tokens. MeMo integrates memory access into the inference computation, allowing gradient-like improvement in what the model chooses to retrieve.\n        \nStructural implication: Merlin's blackboard is currently accessed by agents as flat retrieval. Implementing MeMo-style parameterized memory queries against pgvector could improve relevance of blackboard artifact retrieval for orchestrator planning.\n      \n      \n\n        Open question: MeMo requires modification to inference-time attention \u2014 does this work through prompt engineering alone, or does it require API capabilities not yet exposed by frontier providers?\n      \n    \n\n    \n\n      \n\n        [ArXiv 2605.15077]\n        \nConcurrency without Model Changes: Future-based Asynchronous Function Calling for LLMs\n        Published: 2026-05-14\n      \n      \n\n        \nWhat it shows: Enables concurrent tool execution in existing LLMs by introducing a \"future\" abstraction \u2014 the model issues parallel tool calls returning handles, continues generation, and resolves handles when results arrive. Implemented entirely at the harness layer, requiring no model retraining. Reduces tool-dependent latency by 60\u201370% on tasks with independent tool calls.\n        \nContext: Current LLM tool use is serial: model calls tool, waits for result, continues. This paper eliminates that bottleneck with a harness-level scheduler. Works with GPT-5, Claude 3.7, and Gemini 2.0 without modification.\n        \nStructural implication: Merlin's orchestrator currently issues tool calls serially. The future-based harness could be implemented in OpenHands to parallelize blackboard reads, search queries, and other tool calls within a single agent session.\n      \n    \n\n    \n\n      \n\n        [ArXiv 2603.28386]\n        \n[90-day] COvolve: Adversarial Co-Evolution of LLM-Generated Policies and Environments\n        Published: 2026-03-30 | Window: Mar 28 \u2013 Apr 4\n      \n      \n\n        \nWhat it shows: Demonstrates that LLM-generated agent policies and the environments they operate in can be co-evolved adversarially \u2014 the environment generator exploits policy weaknesses, forcing policy improvement beyond what static benchmarks produce. Applied to code generation and tool use, COvolve policies outperform standard training on novel task distributions.\n        \nContext: Standard agent evaluation uses fixed benchmarks that become saturated. COvolve creates a perpetually novel evaluation regime by evolving both the task distribution and the agent policy simultaneously.\n        \nStructural implication: Merlin's quality gates evaluate against static product specifications. A COvolve-style adversarial environment could stress-test orchestrator behavior against dynamic failure modes \u2014 directly applicable to Phase 1 closed-loop verification.\n      \n    \n\n    \n\n      \n\n        [ArXiv 2603.28360]\n        \n[90-day] CoE: Collaborative Entropy for Uncertainty Quantification in Agentic Multi-LLM Systems\n        Published: 2026-03-30 | Window: Mar 28 \u2013 Apr 4\n      \n      \n\n        \nWhat it shows: Introduces Collaborative Entropy (CoE) \u2014 a measure of agreement across multiple LLMs used to quantify uncertainty in agentic decisions. When CoE is high (models disagree), the system flags the decision for additional verification or human review. When CoE is low (consensus), the system proceeds autonomously. Reduces false-positive escalations by 38% versus single-model confidence thresholds.\n        \nContext: Single-model confidence scores are poorly calibrated and routinely overconfident. CoE exploits disagreement across model families as a stronger uncertainty signal, without requiring ensemble training.\n        \nStructural implication: Merlin's Judge uses a single model (confidence \u226592). Replacing or augmenting with a CoE-based multi-model vote would improve Judge calibration and reduce over-acceptance of low-quality artifacts \u2014 directly relevant to Phase 1 quality gate design.\n      \n    \n  \n\n\n    \n\n  \n\n    Merlin Intelligence\n    5 FINDINGS \u00b7 PHASE 1\n  \n  \n\n    \n\n      \nBLUF\n      \nAPWA's parallel agentic workflow architecture and the future-based async function calling paper together address Merlin's single largest Phase 1 bottleneck: sequential orchestration. Implement async harness in OpenHands first \u2014 zero model changes required, 60\u201370% latency reduction in tool-dependent tasks.\n    \n\n    \n\n      \n1. APWA \u2014 Replace Sequential Child Agent Dispatch with Dependency Graph Scheduler\n      \n\n        \nResearch: APWA formalizes dependency graphs for agentic task decomposition and achieves 4\u20136\u00d7 throughput improvement over sequential orchestration. [ArXiv 2605.15132]\n        \nMerlin component: Orchestrator child agent dispatch. Currently the merlin_orchestrator skill spawns children sequentially, gated on each prior result.\n        \nImplementation: Encode task dependencies as a DAG in the blackboard artifact schema. Orchestrator reads the DAG, dispatches independent branches in parallel via concurrent AgentDelegateAction calls, and aggregates results when all branches resolve. Partial results should be stored to blackboard as child artifacts \u2014 auditor verifies each branch independently before aggregation.\n        \nBuild priority: [HIGH] \u2014 directly accelerates Phase 1 factory throughput. No new infrastructure required; the blackboard already supports artifact trees.\n      \n    \n\n    \n\n      \n2. Future-based Async Tool Calls \u2014 Eliminate Serial Bottleneck Inside Agent Sessions\n      \n\n        \nResearch: Harness-level future abstraction enables concurrent tool execution in existing LLMs without model changes. 60\u201370% latency reduction on tool-dependent tasks. [ArXiv 2605.15077]\n        \nMerlin component: OpenHands tool execution layer. Research agents that issue multiple sequential tool calls (blackboard read \u2192 search \u2192 embed \u2192 write) incur compounding latency.\n        \nImplementation: Wrap OpenHands tool dispatch in a futures scheduler: agent emits parallel tool requests, scheduler fires them concurrently, resolves in order of completion. Requires no OpenHands model config changes \u2014 implement as a middleware layer in the agent runner.\n        \nBuild priority: [HIGH] \u2014 low implementation risk, directly observable latency improvement, zero cost increase.\n      \n    \n\n    \n\n      \n3. Self-Distilled Agentic RL \u2014 Path to Judge/Auditor Self-Improvement\n      \n\n        \nResearch: Agents improve judgment quality by distilling their own high-confidence trajectories as implicit positive examples \u2014 no human labels, no model retraining required. [ArXiv 2605.15155]\n        \nMerlin component: Judge/Auditor quality gate. Currently Judge applies a fixed \u226592 confidence threshold with no mechanism to improve calibration over time.\n        \nImplementation: Store Judge decisions with confidence scores in blackboard_artifacts. Periodically synthesize the top-confidence accepted artifacts into a \"golden examples\" SKILL.md section. Update Judge prompt to reference golden examples as calibration anchors. This is Phase 3 capability but the data collection (logging Judge decisions) should start now in Phase 1.\n        \nBuild priority: [MEDIUM] \u2014 instrument now (1\u20132h), harvest in Phase 3.\n      \n    \n\n    \n\n      \n4. Orthrus-Qwen3 Inference Efficiency \u2014 Validate Against ChatGPT Pro OAuth Constraint\n      \n\n        \nResearch: Orthrus-Qwen3 achieves 7.8\u00d7 token throughput on Qwen3 with identical output distribution via speculative decoding variant. [HN 2026-05-15]\n        \nMerlin component: $0 LLM cost constraint (Golden Rule 6). ChatGPT Pro OAuth is the primary model path; utility calls use gpt-5.4-nano.\n        \nImplementation: Monitor whether similar efficiency techniques appear for GPT-5/ChatGPT inference \u2014 if OpenAI exposes a speculative decoding mode via API, it could reduce nano usage costs. More immediately: the technique confirms Qwen3 as a viable self-hosted fallback if OAuth path degrades. Spike a local Qwen3 setup for non-critical orchestrator calls.\n        \nBuild priority: [EXPLORE] \u2014 watch for OpenAI equivalent; Qwen3 local spike is low risk.\n      \n    \n\n    \n\n      \n5. AI Agents Creating Exploits \u2014 OpenHands Container Security Posture Review\n      \n\n        \nResearch: Benchmark published May 15 demonstrates AI agents can create working exploits, not merely identify vulnerabilities. [TheRegister 2026-05-15]\n        \nMerlin component: OpenHands persistent container (Phase 1 plan: upgrade to full UI image). Merlin child agents run inside this container with access to code execution, file system, and network tools.\n        \nImplementation: Before promoting the persistent container to API mode, audit: (1) network egress rules \u2014 child agents should not be able to reach external hosts except whitelisted APIs; (2) file system scope \u2014 mount only required directories; (3) tool whitelist \u2014 disable shell execution tools not required for current Phase 1 tasks. The OpenHands upgrade plan is the right time to implement these controls.\n        \nBuild priority: [HIGH] \u2014 security posture must be verified before autonomous container runs without Marc watching.\n      \n    \n\n    \n\n      \nOpen Questions\n      \n\n        \nAPWA's parallel dispatch requires that blackboard artifact writes from parallel branches do not conflict \u2014 is Merlin's current upsert schema safe for concurrent writes from sibling agents targeting the same parent artifact?\n        \nCoE uncertainty quantification (ArXiv 2603.28360) requires multiple model families \u2014 Merlin's current constraint is ChatGPT Pro OAuth only. What is the minimum viable multi-model setup that satisfies Golden Rule 6?\n      \n    \n  \n\n\n    \n\n  \n\n    Military / Geopolitical\n    2 ITEMS\n  \n  \n\n    \n\n      \nBLUF\n      \nUSS Gerald R. Ford CSG returns to Norfolk today after a record 11-month deployment, closing the longest continuous carrier deployment in recent history. Separately, the sustained Middle East operational tempo is generating resource pressure that may limit Navy readiness recovery for the next 12\u201318 months.\n    \n\n    \nUSS Gerald R. Ford Carrier Strike Group Returns to Norfolk After Record 11-Month Deployment\n    \n\n      \nThe Ford CSG is scheduled to return to Naval Station Norfolk on Saturday, May 16, after an 11-month deployment \u2014 the longest of any US carrier in recent history. [USNI 2026-05-15]\n      \nDefense Secretary Pete Hegseth is expected to be present for the homecoming ceremony. [USNI 2026-05-15]\n      \nThe deployment extended significantly beyond the standard 7\u20139 month rotation, driven by Middle East operational requirements following the conflict escalation in late 2025.\n      \nThe Ford's return reduces the US to one forward-deployed carrier in the Middle East theater unless a replacement departs promptly \u2014 typical turnaround for a returning CSG before next deployment is 18\u201324 months.\n    \n    \n\n      \nContext\n      \nAn 11-month deployment is operationally significant: crew fatigue, deferred maintenance, and personnel retention effects are compounded. The return signals near-term US carrier posture reduction in the Middle East unless the Navy accelerates a replacement deployment, which current manning data (below) suggests may be constrained.\n    \n    \n\n      \nOpen Question\n      \n\n        \nWhich CSG is next in the deployment rotation for Middle East/CENTCOM, and has it received orders yet?\n      \n    \n\n    \nMiddle East Conflict Costs Could Restrict Sailor Flow to A-Schools and Reenlistment Bonuses\n    \n\n      \nUSNI reports that the sustained operational cost of Middle East conflict operations is generating budgetary pressure that may restrict the Navy's ability to fund A-school pipelines and reenlistment bonuses through FY2027. [USNI 2026-05-15]\n      \nA-schools (rating training pipelines) are the primary mechanism for developing qualified enlisted specialists \u2014 restriction would compound readiness gaps already created by extended deployments.\n      \nReenlistment bonuses are a key retention lever for critical rates (nuclear, aviation, cryptology); funding cuts would likely accelerate separation of experienced personnel at precisely the moment high-optempo operations are drawing down experienced crews.\n    \n    \n\n      \nContext\n      \nThis is a compounding readiness signal: extended deployments degrade crew quality (fatigue, reduced training), budget pressure restricts the pipeline that replaces losses, and bonus cuts increase separation rates. The combination describes a structural readiness degradation cycle, not a temporary personnel spike.\n    \n  \n\n\n    \n\n  \n\n    Economic\n    FRED \u00b7 14 SERIES\n  \n  \n\n    \n\n      \nBLUF\n      \nCredit markets signal low stress, yield curve normalized to +50bps, VIX at 17.3 \u2014 a benign risk environment. Labor remains healthy at 211k initial claims. The primary structural tension is energy: real-asset costs (power, housing) are rising while financial conditions ease, creating a two-speed economy that disproportionately affects compute-intensive businesses.\n    \n\n    \n\n      \n\n        \n          \n            Indicator\n            Definition\n            Current\n            Date\n            vs. 1yr ago\n            Interpretation\n          \n        \n        \n          \n            T10Y2Y\n            10Y\u20132Y Treasury Yield Spread. Negative = inverted (recession signal); positive = normal curve.\n            +0.50%\n            May 15\n            +0.50% (flat)\n            Curve fully normalized. No recession signal. Flat YoY \u2014 stabilized.\n          \n          \n            VIXCLS\n            CBOE Volatility Index. Measures expected 30-day S&P 500 volatility. Below 15 = complacent; 15\u201320 = normal; above 30 = crisis.\n            17.26\n            May 14\n            17.83 (\u22120.57)\n            Normal range, declining. No elevated market fear.\n          \n          \n            GS10\n            10-Year Treasury Yield. Risk-free rate benchmark. Above 4.5% historically tightens financial conditions.\n            4.32%\n            Apr 1\n            4.28% (+0.04)\n            Elevated but stable. Still above historical neutral; cost of capital remains high.\n          \n          \n            SOFR\n            Secured Overnight Financing Rate. Proxy for Fed funds rate and short-term borrowing cost.\n            3.56%\n            May 14\n            3.64% (\u22120.08)\n            Gradual easing underway. Fed still in restrictive territory but trending lower.\n          \n          \n            ICSA\n            Initial Jobless Claims. Weekly new unemployment filings. Healthy below 250k; concerning above 350k.\n            211,000\n            May 9\n            208,000 (+3k)\n            Healthy labor market. Minimal change YoY \u2014 no layoff surge signal.\n          \n          \n            BAMLH0A0HYM2\n            High Yield Option-Adjusted Spread. Credit risk premium on junk bonds. Below 300bps = low stress; above 600bps = crisis.\n            276bps\n            May 14\n            285bps (\u22129)\n            Very low credit stress, tightening. Risk-on market environment.\n          \n          \n            BAMLH0A3HYC\n            CCC-rated High Yield OAS. Distressed credit signal \u2014 tracks companies near default.\n            922bps\n            May 14\n            911bps (+11)\n            Distressed tail slightly wider YoY \u2014 marginal companies more stressed than headline suggests.\n          \n          \n            WM2NS\n            M2 Money Supply (nominal). Total money in circulation. YoY growth indicates monetary expansion.\n            $23,115B\n            Apr 6\n            $22,539B (+2.6%)\n            Moderate money supply growth \u2014 consistent with continued economic expansion at current inflation levels.\n          \n          \n            CSUSHPINSA\n            Case-Shiller Home Price Index. National housing price level. Rising = shelter inflation pressure.\n            327.3\n            Feb 1\n            325.1 (+0.7%)\n            Housing prices still elevated, slow YoY growth. Affordability remains constrained.\n          \n          \n            FRGSHPUSM649NCIS\n            Freight Shipments Index. Proxy for goods-economy activity. Declining = supply chain/demand contraction.\n            1.011\n            Apr 1\n            1.058 (\u22124.4%)\n            Freight activity below year-ago levels \u2014 goods economy softening even as services/AI spending rises.\n          \n          \n            VISASMINSA\n            Visa Applications (initial stage). Leading indicator of labor demand and immigration-driven workforce growth.\n            97.98\n            Apr 1\n            100.29 (\u22122.3%)\n            Visa demand declining YoY \u2014 labor supply from immigration pathway is contracting.\n          \n        \n      \n    \n\n    \n\n      \nComposite Reading\n      \nFinancial conditions are loose (low VIX, tight credit spreads, normalizing curve), which historically correlates with continued risk asset performance. The divergence is in real-asset costs: power prices up 76%, housing prices elevated, freight declining. This combination \u2014 easy money, expensive physical inputs \u2014 creates margin pressure for businesses with significant physical infrastructure costs, including AI compute operations. The CCC-rated spread widening (+11bps YoY) while headline HY tightens suggests a bifurcated credit market: strong companies getting stronger financing terms, marginal companies increasingly stressed.\n    \n  \n\n\n    \n\n  \n\n    Tech\n    2 STORIES \u00b7 npm/PyPI\n  \n  \n\n    \n\n      \nBLUF\n      \nOpenAI launched ChatGPT personal finance with direct bank connectivity \u2014 an agentic data product that marks OpenAI's first move into financial services infrastructure. Separately, Orthrus-Qwen3's 7.8\u00d7 inference throughput gain represents the most significant open-model efficiency result this week and has direct implications for self-hosted agent cost models.\n    \n\n    \nOrthrus-Qwen3 Achieves 7.8\u00d7 Token Throughput with Identical Output Distribution\n    \n\n      \nA technique published on Hacker News (May 15) applies a speculative decoding variant to Qwen3 models and achieves 7.8\u00d7 tokens-per-forward-pass with output distribution statistically identical to standard inference. [HN 2026-05-15]\n      \nThe improvement is realized without model retraining \u2014 applied as an inference-time optimization to existing Qwen3 checkpoints.\n      \nAt 7.8\u00d7 throughput, the cost-per-token of Qwen3 inference decreases proportionally \u2014 a 600B parameter model would run at effective cost of a ~77B model.\n      \nThe technique has not yet been independently replicated or published on ArXiv as of May 16; claims should be verified against the source implementation before production adoption.\n    \n    \n\n      \nContext\n      \nSpeculative decoding techniques require a draft model that predicts likely continuations, which the main model then verifies in parallel. The Orthrus approach appears to use a novel draft architecture specific to Qwen3's attention patterns. If the throughput claim holds under independent replication, this is the largest inference efficiency gain on an open-weight model reported this year and changes the economics of self-hosted agentic systems significantly.\n    \n    \n\n      \nOpen Question\n      \n\n        \nDoes the 7.8\u00d7 throughput hold at batch sizes relevant to agentic workloads (single-stream, long-context), or only at high-throughput batch inference?\n      \n    \n\n    \nOpenAI Launches ChatGPT Personal Finance with Direct Bank Account Connectivity\n    \n\n      \nOpenAI released a personal finance feature within ChatGPT that allows users to connect bank accounts directly, enabling the model to analyze transaction history, categorize spending, and provide financial recommendations. [TechCrunch 2026-05-15]\n      \nThe feature is positioned as an agentic financial advisor \u2014 the model takes action on connected data rather than answering abstract questions.\n      \nBank connectivity implies OAuth integration with financial data aggregators (likely Plaid or equivalent), creating a structured data pipeline from personal financial accounts into GPT-5 context.\n      \nOpenAI also published blog posts on May 15 targeting enterprise use cases: sales teams, business operations, and data science workflows using Codex agents. [OpenAI 2026-05-15]\n    \n    \n\n      \nContext\n      \nOpenAI moving into personal finance is significant not as a financial product but as a demonstration of the agentic data integration pattern: structured external data \u2192 LLM context \u2192 actionable recommendations. This is the same pattern applicable to any vertical. For Merlin, this validates the micro-SaaS opportunity in domain-specific agentic data products. For Supabase, OpenAI becoming a consumer of financial data APIs is a potential enterprise PostgreSQL workload \u2014 financial data aggregation at scale benefits from Supabase's real-time and edge capabilities.\n    \n\n    \nnpm / PyPI \u2014 Ecosystem Download Trends\n    \n\n      \n\n        \n          PackageWeekly DLMonthly DLGrowth RatioSignal\n        \n        \n          @supabase/supabase-js15.71M80.86M0.84\u26a0 Below 1.0 \u2014 weekly below monthly run rate\n          prisma12.48M47.21M1.14Above monthly avg\n          drizzle-orm9.38M35.97M1.13Above monthly avg\n          firebase7.56M30.67M1.07Tracking\n          aws-sdk9.90M40.71M1.05Tracking\n          convex0.64M2.62M1.06Tracking\n          @neondatabase/serverless1.75M7.66M0.99Flat\n          @planetscale/database0.19M0.84M1.00Flat\n        \n      \n    \n    \n\n      \nSupabase-js growth ratio 0.84 \u2014 weekly downloads (15.71M) are below the monthly weekly average (80.86M \u00f7 4.33 = 18.67M). This indicates a week of below-trend activity. Not a structural decline signal from a single week, but worth monitoring for a second consecutive week. [npm 2026-05-16]\n      \nPrisma (1.14) and Drizzle-ORM (1.13) are both outperforming their monthly average this week \u2014 both are competing ORM alternatives in the Supabase ecosystem.\n      \nSupabase absolute weekly volume (15.71M) remains significantly above Firebase (7.56M) \u2014 the gap is 2.08\u00d7 in Supabase's favor.\n    \n    \n\n      \n\n        \n          PyPI PackageWeekly DLMonthly DL\n        \n        \n          supabase (Python)\u2014\u2014\n          sqlalchemy\u2014\u2014\n          psycopg2\u2014\u2014\n        \n      \n    \n    \n\n      \nNote\n      \nPyPI data retrieval returned empty responses this collection cycle \u2014 pypistats.org may have rate-limited the requests. PyPI figures will be available in next briefing.\n    \n  \n\n\n    \n\n  \n\n    Cybersecurity\n    4 ITEMS \u00b7 1 KEV\n  \n  \n\n    \n\n      \nBLUF\n      \nAI agents demonstrated creating working exploits this week \u2014 a capability threshold crossing with direct implications for autonomous system security posture. CISA added a Microsoft Exchange XSS to KEV. CloudNativePG issued a critical PostgreSQL operator CVE fix relevant to Supabase infrastructure supply chain.\n    \n\n    \nAI Agents Demonstrated Creating Working Exploits, Not Just Finding Vulnerabilities\n    \n\n      \nA benchmark published May 15 demonstrated that AI agents \u2014 given access to code execution and network tools \u2014 can generate working exploits for known vulnerability classes, not merely identify vulnerable code patterns. [TheRegister 2026-05-15]\n      \nThe capability was demonstrated on agent configurations using frontier models (GPT-5 class) with standard tool access \u2014 no jailbreak or adversarial prompting required.\n      \nThe distinction from prior work: previous benchmarks showed agents could identify CVEs or describe exploitation paths. This benchmark shows end-to-end exploit generation and execution against test targets.\n      \nThe research team recommends treating AI agent tool access as equivalent to developer workstation access for security policy purposes.\n    \n    \n\n      \nContext\n      \nThis finding directly affects Merlin's security posture. Merlin child agents running inside OpenHands containers with code execution, file system, and network tool access meet the conditions described in the benchmark. The security recommendation \u2014 treat agent tool access like developer workstation access \u2014 translates to: network egress controls, file system scoping, and tool whitelisting before enabling autonomous agent runs. The OpenHands persistent container upgrade (Merlin Phase 1 plan) is the correct forcing function to implement these controls.\n    \n\n    \n\n      \n\n        CISA KEV \u2014 New Entry\n        dateAdded: 2026-05-15\n      \n      \n\n        \n\n          CVE-2026-42897\n          Microsoft Exchange Server \u2014 Cross-Site Scripting Vulnerability\n        \n        \n\n          \nCISA added CVE-2026-42897 to the Known Exploited Vulnerabilities catalog on May 15, 2026. [CISA KEV 2026-05-15]\n          \nVulnerability type: Cross-Site Scripting (XSS) in Microsoft Exchange Server. Active exploitation confirmed in the wild.\n          \nOrganizations running on-premise Exchange Server should apply Microsoft's patch immediately per CISA BOD 22-01 guidance.\n          \nCloud Exchange Online (Microsoft 365) is not affected \u2014 this applies to on-premise Exchange deployments only.\n        \n      \n    \n\n    \nCloudNativePG Releases Critical CVE Fix for PostgreSQL Kubernetes Operator\n    \n\n      \nCloudNativePG versions 1.29.1 and 1.28.3 released on May 15, fixing a critical CVE in the PostgreSQL Kubernetes operator. [CloudNativePG 2026-05-15]\n      \nCloudNativePG is the primary Kubernetes operator used to run managed PostgreSQL clusters \u2014 Supabase and many cloud PostgreSQL services use operator-based deployments.\n      \nThe vulnerability class was not disclosed publicly in the initial announcement \u2014 full CVE details expected within 7 days per coordinated disclosure policy.\n      \nOrganizations running CloudNativePG in production should upgrade to 1.29.1 or 1.28.3 immediately without waiting for CVE details.\n    \n    \n\n      \nSupabase Supply Chain Signal\n      \nSupabase's infrastructure team should confirm whether the production Postgres operator stack uses CloudNativePG and which version. A critical operator CVE can affect cluster integrity at the Kubernetes level \u2014 not just database-level vulnerabilities. This is a supply chain security signal, not a Supabase application vulnerability.\n    \n\n    \nHotel Check-In System Exposes 1 Million Passports and Driver's Licenses\n    \n\n      \nA hotel check-in system left approximately one million passport scans and driver's license images accessible without authentication, discovered and reported May 15. [TechCrunch 2026-05-15]\n      \nThe exposure involved document images \u2014 not just metadata \u2014 stored in an unauthenticated cloud storage bucket.\n      \nThe vendor has not been publicly named; the researcher who discovered it notified TechCrunch after the system was taken offline.\n      \nPattern: hospitality SaaS vendors frequently store identity documents for check-in compliance with minimal security controls.\n    \n  \n\n\n    \n\n  \n\n    Space\n    1 ITEM\n  \n  \n\n    \n\n      \nBLUF\n      \nSpaceX launched CRS-34 to the ISS on May 15, maintaining the commercial resupply cadence. No structural space events today.\n    \n\n    \nSpaceX Launches CRS-34 Cargo Mission to International Space Station\n    \n\n      \nSpaceX successfully launched the CRS-34 commercial resupply mission to the ISS on May 15, 2026. [SpaceNews 2026-05-15]\n      \nCRS-34 carries approximately 6,000 lbs of cargo including science experiments, crew supplies, and hardware for ongoing ISS maintenance.\n      \nDragon capsule is scheduled to berth with the ISS within 48 hours of launch.\n      \nCRS-34 is the 34th Commercial Resupply Services mission under NASA's CRS-2 contract with SpaceX.\n    \n  \n\n\n    \n\n  \n\n    Energy\n    LEAD \u00b7 EIA DATA\n  \n  \n\n    \n\n      \nBLUF\n      \nPower prices on the US eastern grid increased 76% over the past year, directly attributed to AI datacenter demand by grid watchdogs. A grid watchdog report confirmed datacenters are the primary driver. This is a structural cost signal for any compute-intensive business with US eastern seaboard infrastructure.\n    \n\n    \nAI Datacenter Demand Drives 76% Power Price Surge on US Eastern Grid\n    \n\n      \nPower prices on PJM Interconnection \u2014 the largest US grid serving 65 million people from Illinois to New Jersey \u2014 increased approximately 76% over the past year. [TechCrunch 2026-05-15]\n      \nA grid watchdog report confirmed AI datacenters as the primary driver of demand growth, with hyperscaler facilities in Northern Virginia (Loudoun County) cited specifically. [TheRegister 2026-05-15]\n      \nNorthern Virginia hosts the largest concentration of datacenter capacity in the world \u2014 estimated 25%+ of all US datacenter square footage.\n      \nPJM grid operators have already notified hyperscalers that new datacenter connections will face multi-year interconnection queues in Virginia.\n      \nA separate report cited Silicon Valley (California) facing similar energy pressure from AI workloads, with a new energy provider search underway. [TechCrunch 2026-05-15]\n      \nCalifornia's grid is partially offset by the state's large battery storage capacity \u2014 a separate HN story noted California's battery array equals the output of 12 nuclear power plants. [HN 2026-05-16]\n    \n    \n\n      \nContext\n      \nA 76% power price increase on PJM is not a temporary spike \u2014 it reflects structural demand that has outpaced grid buildout. The interconnection queue constraint means new datacenter capacity cannot be added quickly, creating a supply ceiling. For hyperscalers already operating in Virginia, this is a margin compression signal. For AI inference providers pricing by token, power cost is a direct input to unit economics. For Supabase, which runs on AWS/GCP infrastructure, this pressure is partially absorbed by cloud providers but will eventually flow through to infrastructure cost increases. The California battery story (12 nuclear plants equivalent) shows the grid adaptation underway, but the pace of renewable/storage buildout is not matching the pace of AI demand growth.\n    \n    \n\n      \nOpen Questions\n      \n\n        \nAt what power price level does US-based AI inference become uncompetitive versus European or Asian facilities, and is that threshold close?\n        \nWill hyperscalers accelerate nuclear power purchase agreements (PPAs) \u2014 Microsoft, Google, and Amazon have all signed nuclear deals \u2014 faster than the interconnection queue resolves?\n      \n    \n\n    \nEIA US Grid Demand \u2014 May 16, 2026\n    \n\n      \n\n        \n          RegionTypePeriodValue (MWh)\n        \n        \n          US Lower 48Day-ahead demand forecast2026-05-164,343 (Arizona TZ)\n          US Lower 48Day-ahead demand forecast2026-05-164,340 (Central TZ)\n        \n      \n    \n    \n\n      \nNote\n      \nEIA regional data retrieved for May 16. Values represent day-ahead demand forecasts for the US lower 48 states. These are hourly forecast values; full daily totals require summing all 24 hourly intervals across all reporting regions. Saturday demand is typically below weekday peaks.\n    \n  \n\n\n    \n\n  \n\n    Analysis\n    SYNTHESIS\n  \n  \n\n    \n\n      \nBLUF\n      \nTwo converging structural shifts dominate today: AI inference efficiency is improving faster than AI infrastructure costs are rising, creating a window where capable agentic systems remain economically viable even as power prices surge. This window is probably 18\u201336 months wide before physical infrastructure constraints reassert pricing power.\n    \n\n    \n\n      \nAnalysis\n      \n\n        \nThe 76% power price surge on PJM and the Orthrus-Qwen3 7.8\u00d7 inference efficiency result are not unrelated. They represent opposite forces in the same system: physical infrastructure costs rising as AI demand outpaces grid buildout, while algorithmic efficiency improvements reduce the compute required per inference operation. The efficiency gains \u2014 Orthrus, speculative decoding, quantization \u2014 are running faster than the energy price increases for now. This creates a window where AI-intensive businesses can absorb energy cost increases through model optimization. That window is probably 18\u201336 months, after which grid expansion (nuclear PPAs, new interconnections) either resolves supply or forces geographic relocation of inference workloads.\n\n        \nOpenAI's ChatGPT personal finance launch with bank account connectivity is best read as a signal about where agentic product-market fit is being found, not as a competitive threat to financial institutions. The pattern \u2014 structured external data source, LLM as reasoning layer, actionable output \u2014 is replicable across every vertical with similar data density. OpenAI is demonstrating the template. Merlin's micro-SaaS factory is building the manufacturing capacity to replicate that template at scale across verticals before OpenAI's platform team can cover them. The probability that OpenAI builds 1,000 domain-specific agentic products in 18 months is approximately zero. The probability that a purpose-built factory can is the Merlin thesis.\n\n        \nThe AI-agents-creating-exploits benchmark is a second-order readiness signal. The first-order reading \u2014 agents can now create working exploits \u2014 matters for security posture. The second-order reading matters more: this capability was demonstrated using standard tool configurations, not adversarial setups. Any agentic system with code execution access is now presumptively capable of generating exploits. Merlin child agents running in OpenHands containers with broad tool access meet that description. The container security audit recommended in the Merlin section is not optional.\n\n        \nThe USS Gerald R. Ford's return after an 11-month deployment, combined with the Navy budget pressure signal on A-schools and reenlistment bonuses, describes a readiness degradation trajectory. The US is likely operating below sustainable carrier deployment tempo for the next 12\u201318 months as crews recover, budgets reset, and the personnel pipeline refills. This reduces available response capacity in the Middle East theater during that window \u2014 a constraint that Iran's reported plans to charge for Strait of Hormuz transit access may be calibrated against.\n\n        \nOn Merlin specifically: the four ArXiv papers this week \u2014 APWA, self-distilled agentic RL, MeMo, and future-based async function calling \u2014 are unusually coherent as a set. Each addresses a different bottleneck in the same architectural pattern (distributed agentic orchestration), and all four are deployable without model retraining. The probability that implementing APWA's dependency graph scheduling and the future-based async harness in the same sprint would double Merlin's Phase 1 factory throughput is assessed as likely (greater than 60%).\n      \n    \n  \n\n\n\n    \n\n      \nGenerated: 2026-05-16 \u00b7 ArXiv Window 6 of 13 \u00b7 Historical: 2026-03-28 to 2026-04-04\n      \nSections: AI Research, Merlin Intelligence, Military/Geo, Economic, Tech, Cybersecurity, Space, Energy, Analysis\n      \nOmitted: US News, Regulatory, Maritime, Podcasts (no fresh content)\n      \nLEADs: 2 \u00b7 INCLUDEs: 10 \u00b7 Merlin findings: 5 \u00b7 Dropped stale: 4 \u00b7 Dropped dedup: 0\n    \n  \n\n\n\n", "creation_timestamp": "2026-05-16T08:20:04.000000Z"}, {"uuid": "339f21b8-b29a-44ee-80cc-46676b2a9436", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/shortinfo.bsky.social/post/3mlydgyginn25", "content": "Microsoft confirmed active exploitation of a zero-day in on-premises Exchange Server. CVE-2026-42897 is an Outlook Web Access spoofing flaw rooted in cross-site scripting. A crafted email opened in OWA runs arbitrary JavaScript in the user session. Exchange Online is not affected.", "creation_timestamp": "2026-05-16T17:08:21.831608Z"}, {"uuid": "2205e8a8-c069-4af4-8d07-af904880329f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/happeningnow.news/post/3mlyljs4txo2p", "content": "CISA Adds One Known Exploited Vulnerability to Catalog\nCISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2026-42897 Microsoft Exchange Server\u2026\n\n\ud83d\udd17 https://hnow.live/a/94a074a2", "creation_timestamp": "2026-05-16T19:31:17.441036Z"}, {"uuid": "fe3484ca-f51b-4b81-bd61-805d3ef8b0a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/hacker.at.thenote.app/post/3mlypqh2ubs2g", "content": "CVE-2026-42897: Microsoft confirms active exploitation of Exchange Server zero-day\n\nMicrosoft warned that attackers are exploiting a new Exchange Server zero-day vulnerability, tracked as CVE-2026-42897, in the wild. Microsoft warned that threat actors are actively expl\u2026\n#hackernews #microsoft #news", "creation_timestamp": "2026-05-16T20:46:36.319039Z"}, {"uuid": "647e51b3-e143-47d9-b9c4-c6bddaeb368f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://t.me/thehackernews/9009", "content": "\ud83d\udea8 On-prem Microsoft Exchange Server CVE-2026-42897 is under active exploitation.\n\nThe CVSS 8.1 spoofing flaw stems from XSS and can allow arbitrary JavaScript execution when crafted emails are opened in Outlook Web Access under certain conditions.\n\nRead: https://thehackernews.com/2026/05/on-prem-microsoft-exchange-server-cve.html", "creation_timestamp": "2026-05-15T07:03:19.000000Z"}, {"uuid": "0b686398-48e8-4e8e-be6c-3d7922495901", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mlzcx6mem62h", "content": "Top 3 CVE for last 7 days:\nCVE-2026-42511: 56 interactions\nCVE-2026-46300: 56 interactions\nCVE-2026-42897: 51 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-45062: 11 interactions\nCVE-2020-17103: 8 interactions\nCVE-2026-46333: 5 interactions\n", "creation_timestamp": "2026-05-17T02:38:51.771618Z"}, {"uuid": "cd2c8739-80f1-4b3a-a923-e127d99226c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "published-proof-of-concept", "source": "Telegram/NIJT6QRadmo1sJAEeCWMHE7rPG3mvpUh79CJ74OVXUNIdhg", "content": "", "creation_timestamp": "2026-05-15T15:00:15.000000Z"}, {"uuid": "fe881ab7-edd9-4de6-8052-715a23edfcfd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "published-proof-of-concept", "source": "Telegram/q3bZ7dzwt6XdRM-jyUWUHYQhep0OmyjD4PHNSw542P5jdgA", "content": "", "creation_timestamp": "2026-05-15T15:00:07.000000Z"}, {"uuid": "2c46d961-0830-4bd2-9fe0-ce99554f1081", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "published-proof-of-concept", "source": "Telegram/bDRsekGT6KsUOKSAQI-KSXDhypQzzgL-gjqbTcCXe2h_h6A", "content": "", "creation_timestamp": "2026-05-15T21:00:05.000000Z"}, {"uuid": "1f06022f-b084-42e9-abae-c5c8cbb2755b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/kitafox.bsky.social/post/3mm3m2r7anq2q", "content": "CISA\u304c\u65e2\u77e5\u306e\u60aa\u7528\u3055\u308c\u305f\u8106\u5f31\u6027\u30921\u4ef6\u30ab\u30bf\u30ed\u30b0\u306b\u8ffd\u52a0 \n\nCISA Adds One Known Exploited Vulnerability to Catalog  #CISA (May 15)\n\nCVE-2026-42897 Microsoft Exchange Server\u306e\u30af\u30ed\u30b9\u30b5\u30a4\u30c8\u30b9\u30af\u30ea\u30d7\u30c6\u30a3\u30f3\u30b0\u306e\u8106\u5f31\u6027 \n\nwww.cisa.gov/news-events/...", "creation_timestamp": "2026-05-18T00:18:45.832977Z"}, {"uuid": "8fe13576-864a-4eba-8cc3-1099df1ecad9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/kitafox.bsky.social/post/3mm3m67bnsz2f", "content": "\u30aa\u30f3\u30d7\u30ec\u30df\u30b9\u306eMicrosoft Exchange Server\u306e\u8106\u5f31\u6027CVE-2026-42897\u304c\u3001\u7d30\u5de5\u3055\u308c\u305f\u30e1\u30fc\u30eb\u3092\u4ecb\u3057\u3066\u60aa\u7528\u3055\u308c\u308b \n\nOn-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email  #HackerNews (May 15)\n\nthehackernews.com/2026/05/on-p...", "creation_timestamp": "2026-05-18T00:20:42.232531Z"}, {"uuid": "ef20e176-766e-4196-be87-f527abf147df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mm3tgsl54a2v", "content": "Top 3 CVE for last 7 days:\nCVE-2026-46300: 56 interactions\nCVE-2026-42897: 54 interactions\nCVE-2026-31431: 43 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2025-55182: 18 interactions\nCVE-2026-31635: 5 interactions\nCVE-2025-53892: 4 interactions\n", "creation_timestamp": "2026-05-18T02:30:46.405920Z"}, {"uuid": "37b0930e-0b16-4c38-8548-dda15b87e845", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/technieuwsvandaag.bsky.social/post/3mm3wmvk53k2a", "content": "Kritiek Exchange-lek actief misbruikt door aanvallers\n\nMicrosoft Exchange Server heeft een ernstig beveiligingslek. Het gaat om CVE-2026-42897, een kwetsbaarheid in Outlook Web Access (OWA).\n\n#ExchangeServer #XSS #OWA", "creation_timestamp": "2026-05-18T03:28:04.743903Z"}, {"uuid": "9c6200f3-fdc8-4a1b-9a7e-269d91a373e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "Telegram/iPSglpAGsfjEfnMpqgxwDepKiB54uRFWCtz84IdptregMA", "content": "", "creation_timestamp": "2026-05-15T11:47:48.000000Z"}, {"uuid": "999d0e86-9244-41ad-b400-5db33cc37d0c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42897", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mly6h35ewn26", "content": "\ud83d\udccc Zero-Day Vulnerability CVE-2026-42897 Actively Exploited in Microsoft Exchange Server https://www.cyberhub.blog/article/26030-zero-day-vulnerability-cve-2026-42897-actively-exploited-in-microsoft-exchange-server", "creation_timestamp": "2026-05-16T15:37:08.607746Z"}, {"uuid": "75f7290a-095e-44d4-84d2-5fd7cd34b799", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/thecybermind.co/post/3mlzwce2shz26", "content": "This week\u2019s intelligence brief covers active exploitation of Cisco SD-WAN (CVE-2026-20182), Microsoft Exchange CVE-2026-42897, PAN-OS RCE, AI-driven vulnerability discovery acceleration, SaaS tenant failures, and the emerging risks of autonomous AI agents inside enterprise environments.", "creation_timestamp": "2026-05-17T08:18:49.188324Z"}, {"uuid": "763c9c6c-c253-410f-82ad-81dfee6a78de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mm2jk2y7g22n", "content": "\ud83d\udfe0 CVE-2026-42897 - High (8.1)\n\nImproper neutralization of input during web page generation ('cross-site scripting') in Microsoft...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-42897/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-17T14:00:59.190300Z"}, {"uuid": "36852772-89e6-4683-babf-877ab37e80c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mm2ovz774y2v", "content": "\ud83d\udccc CVE-2026-42897 - Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to p... https://www.cyberhub.blog/cves/CVE-2026-42897", "creation_timestamp": "2026-05-17T15:37:08.130309Z"}, {"uuid": "71fdf8e9-eb0d-4bd6-8547-f77f62426af0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/cerberusit.bsky.social/post/3mm4bhkbw6r2c", "content": "Microsoft and CISA are practically begging us to fix CVE-2026-42897 before the entire internet moves into our local Exchange 2016 and 2019 servers. This affects every organization still clinging to the dream of hosting their own email infrastructure instead of outsourcing the hea...\n\nRead full story", "creation_timestamp": "2026-05-18T06:41:43.331404Z"}, {"uuid": "d04d1512-cf25-457b-b4b3-deb5c511e362", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://gist.github.com/stone776/05f580110d53f6162cb97ec0e6362231", "content": "\n\n\n    \n    \n    TARDIS Intelligence Briefing -- 2026-05-18\n    \n    \n        *, *::before, *::after { margin: 0; padding: 0; box-sizing: border-box; }\n\n        :root {\n            --tardis-deep: #020b18;\n            --tardis-dark: #061627;\n            --tardis-mid: #0c2240;\n            --tardis-surface: #0f2a4a;\n            --tardis-panel: #132f52;\n            --tardis-edge: #1a3d66;\n            --tardis-blue: #1e6fba;\n            --tardis-blue-bright: #3498db;\n            --tardis-blue-glow: rgba(52, 152, 219, 0.15);\n            --tardis-gold: #f4c430;\n            --tardis-gold-dim: rgba(244, 196, 48, 0.12);\n            --tardis-amber: #e89e2d;\n            --tardis-green: #50c878;\n            --tardis-green-soft: rgba(80, 200, 120, 0.12);\n            --tardis-red: #e74c3c;\n            --tardis-text: #c8dce8;\n            --tardis-text-dim: #7a9ab8;\n            --tardis-text-muted: #4a6a85;\n        }\n\n        body {\n            background: var(--tardis-deep);\n            color: var(--tardis-text);\n            font-family: 'Rajdhani', sans-serif;\n            font-weight: 400;\n            min-height: 100vh;\n            line-height: 1.55;\n        }\n\n        ::-webkit-scrollbar { width: 5px; }\n        ::-webkit-scrollbar-track { background: var(--tardis-deep); }\n        ::-webkit-scrollbar-thumb { background: var(--tardis-edge); border-radius: 3px; }\n\n        .console-header {\n            background: var(--tardis-dark);\n            border-bottom: 2px solid var(--tardis-blue);\n            padding: 16px 36px;\n            display: flex;\n            align-items: center;\n            justify-content: space-between;\n            position: relative;\n            overflow: hidden;\n        }\n\n        .console-header::before {\n            content: '';\n            position: absolute;\n            top: 0; left: 0; right: 0;\n            height: 2px;\n            background: linear-gradient(90deg, transparent 0%, var(--tardis-blue-bright) 30%, var(--tardis-gold) 50%, var(--tardis-blue-bright) 70%, transparent 100%);\n        }\n\n        .console-brand { display: flex; align-items: center; gap: 14px; }\n\n        .tardis-icon {\n            width: 38px; height: 38px;\n            border: 2px solid var(--tardis-blue);\n            border-radius: 4px;\n            display: flex; align-items: center; justify-content: center;\n            background: var(--tardis-mid);\n            flex-shrink: 0;\n        }\n\n        .tardis-icon::before {\n            content: '';\n            width: 10px; height: 10px;\n            background: var(--tardis-gold);\n            border-radius: 50%;\n        }\n\n        .console-title-block { display: flex; flex-direction: column; gap: 2px; }\n\n        .console-title {\n            font-family: 'Orbitron', sans-serif;\n            font-size: 1.05em; font-weight: 700;\n            text-transform: uppercase; letter-spacing: 0.14em;\n            color: var(--tardis-gold);\n        }\n\n        .console-subtitle {\n            font-family: 'Share Tech Mono', monospace;\n            font-size: 0.7em; color: var(--tardis-text-dim);\n            text-transform: uppercase; letter-spacing: 0.18em;\n        }\n\n        .console-readout { display: flex; align-items: center; gap: 24px; }\n\n        .readout-date {\n            font-family: 'Share Tech Mono', monospace;\n            font-size: 1.1em; color: var(--tardis-gold); letter-spacing: 0.06em;\n        }\n\n        .readout-classification {\n            font-family: 'Orbitron', sans-serif;\n            font-size: 0.62em; font-weight: 700;\n            text-transform: uppercase; letter-spacing: 0.12em;\n            color: var(--tardis-text-dim);\n            background: var(--tardis-mid);\n            border: 1px solid var(--tardis-edge);\n            padding: 5px 14px; border-radius: 3px;\n        }\n\n        .weather-readout {\n            font-family: 'Share Tech Mono', monospace;\n            color: var(--tardis-text-dim); font-size: 0.85rem; letter-spacing: 0.5px;\n        }\n\n        .page-layout {\n            display: grid;\n            grid-template-columns: 200px 1fr;\n            min-height: calc(100vh - 74px);\n        }\n\n        .nav-sidebar {\n            background: var(--tardis-dark);\n            border-right: 1px solid var(--tardis-edge);\n            padding: 28px 0;\n            position: sticky; top: 0;\n            height: calc(100vh - 74px);\n            overflow-y: auto;\n        }\n\n        .nav-sidebar::-webkit-scrollbar { width: 3px; }\n        .nav-sidebar::-webkit-scrollbar-thumb { background: var(--tardis-edge); }\n\n        .nav-label {\n            font-family: 'Orbitron', sans-serif;\n            font-size: 0.58em; font-weight: 700;\n            text-transform: uppercase; letter-spacing: 0.2em;\n            color: var(--tardis-text-muted);\n            padding: 0 20px 12px;\n        }\n\n        .nav-item {\n            display: flex; align-items: center; gap: 10px;\n            padding: 9px 20px; cursor: pointer;\n            border-left: 3px solid transparent;\n            text-decoration: none;\n            color: var(--tardis-text-dim);\n            font-family: 'Rajdhani', sans-serif;\n            font-size: 0.85em; font-weight: 500; line-height: 1.2;\n        }\n\n        .nav-item:hover {\n            color: var(--tardis-text);\n            background: var(--tardis-mid);\n            border-left-color: var(--tardis-blue-bright);\n        }\n\n        .nav-num {\n            font-family: 'Share Tech Mono', monospace;\n            font-size: 0.78em; color: var(--tardis-text-muted);\n            width: 18px; text-align: right; flex-shrink: 0;\n        }\n\n        .nav-divider { height: 1px; background: var(--tardis-edge); margin: 12px 20px; }\n\n        .main-content { padding: 32px 40px 60px; max-width: 900px; }\n\n        .section-chrome {\n            border: 1px solid var(--tardis-edge);\n            border-radius: 6px; overflow: hidden;\n            background: var(--tardis-dark);\n            margin-bottom: 28px;\n        }\n\n        .section-chrome-header {\n            background: var(--tardis-mid);\n            padding: 11px 18px;\n            display: flex; align-items: center; justify-content: space-between;\n            border-bottom: 1px solid var(--tardis-edge);\n        }\n\n        .section-chrome-label {\n            font-family: 'Orbitron', sans-serif;\n            font-size: 0.68em; font-weight: 700;\n            text-transform: uppercase; letter-spacing: 0.16em;\n            color: var(--tardis-text);\n            display: flex; align-items: center; gap: 9px;\n        }\n\n        .label-indicator {\n            width: 7px; height: 7px; border-radius: 50%;\n            background: var(--tardis-green); flex-shrink: 0;\n        }\n\n        .label-indicator.gold { background: var(--tardis-gold); }\n        .label-indicator.blue { background: var(--tardis-blue-bright); }\n        .label-indicator.red { background: var(--tardis-red); }\n        .label-indicator.amber { background: var(--tardis-amber); }\n\n        .section-chrome-badge {\n            font-family: 'Share Tech Mono', monospace;\n            font-size: 0.72em; color: var(--tardis-text-dim);\n            background: var(--tardis-dark);\n            padding: 2px 9px; border-radius: 3px;\n            border: 1px solid var(--tardis-edge);\n        }\n\n        .section-chrome-body { padding: 22px 24px; }\n\n        .bluf-block {\n            border-left: 3px solid var(--tardis-gold);\n            background: var(--tardis-gold-dim);\n            padding: 12px 16px; margin-bottom: 18px;\n            border-radius: 0 4px 4px 0;\n        }\n\n        .bluf-label {\n            font-family: 'Orbitron', sans-serif;\n            font-size: 0.58em; font-weight: 700;\n            text-transform: uppercase; letter-spacing: 0.2em;\n            color: var(--tardis-gold); margin-bottom: 5px;\n        }\n\n        .bluf-text {\n            font-family: 'Rajdhani', sans-serif;\n            font-size: 1.05em; font-weight: 600;\n            color: var(--tardis-text); line-height: 1.4;\n        }\n\n        .fact-list { list-style: none; margin-bottom: 16px; }\n\n        .fact-list li {\n            font-size: 0.97em; font-weight: 500;\n            color: var(--tardis-text);\n            padding: 5px 0 5px 18px; position: relative;\n            line-height: 1.45;\n            border-bottom: 1px solid rgba(26, 61, 102, 0.35);\n        }\n\n        .fact-list li:last-child { border-bottom: none; }\n\n        .fact-list li::before {\n            content: ''; position: absolute;\n            left: 0; top: 13px;\n            width: 6px; height: 6px;\n            border: 1px solid var(--tardis-blue-bright);\n            border-radius: 1px; transform: rotate(45deg);\n        }\n\n        .fact-list .source-tag {\n            font-family: 'Share Tech Mono', monospace;\n            font-size: 0.78em; color: var(--tardis-text-muted); font-weight: 400;\n        }\n\n        .context-block {\n            background: var(--tardis-surface);\n            border: 1px solid var(--tardis-edge);\n            border-radius: 4px; padding: 12px 16px; margin-bottom: 14px;\n        }\n\n        .context-label {\n            font-family: 'Orbitron', sans-serif;\n            font-size: 0.58em; font-weight: 700;\n            text-transform: uppercase; letter-spacing: 0.18em;\n            color: var(--tardis-text-muted); margin-bottom: 6px;\n        }\n\n        .context-text {\n            font-family: 'Rajdhani', sans-serif;\n            font-size: 0.93em; color: var(--tardis-text-dim); line-height: 1.5;\n        }\n\n        .open-questions { margin-top: 12px; }\n\n        .open-questions-label {\n            font-family: 'Orbitron', sans-serif;\n            font-size: 0.58em; font-weight: 700;\n            text-transform: uppercase; letter-spacing: 0.18em;\n            color: var(--tardis-text-muted); margin-bottom: 7px;\n        }\n\n        .open-questions ul { list-style: none; }\n\n        .open-questions li {\n            font-family: 'Rajdhani', sans-serif;\n            font-size: 0.9em; color: var(--tardis-text-dim);\n            font-style: italic;\n            padding: 3px 0 3px 14px; position: relative;\n        }\n\n        .open-questions li::before {\n            content: '?'; position: absolute; left: 0;\n            font-family: 'Share Tech Mono', monospace;\n            font-size: 0.85em; color: var(--tardis-amber); font-style: normal;\n        }\n\n        .data-table-wrap { overflow-x: auto; margin-bottom: 16px; }\n\n        table { width: 100%; border-collapse: collapse; font-size: 0.9em; }\n        thead { background: var(--tardis-surface); }\n\n        th {\n            font-family: 'Orbitron', sans-serif;\n            font-size: 0.62em; font-weight: 700;\n            text-transform: uppercase; letter-spacing: 0.12em;\n            color: var(--tardis-text-dim);\n            padding: 9px 14px; text-align: left;\n            border-bottom: 1px solid var(--tardis-edge); white-space: nowrap;\n        }\n\n        td {\n            font-family: 'Share Tech Mono', monospace;\n            font-size: 0.88em; color: var(--tardis-text);\n            padding: 8px 14px;\n            border-bottom: 1px solid rgba(26, 61, 102, 0.4); line-height: 1.35;\n        }\n\n        td.label-cell {\n            font-family: 'Rajdhani', sans-serif;\n            font-size: 0.93em; font-weight: 600; color: var(--tardis-text-dim);\n        }\n\n        td.positive { color: var(--tardis-green); }\n        td.negative { color: var(--tardis-red); }\n        td.neutral { color: var(--tardis-text-muted); }\n        tr:hover td { background: rgba(12, 34, 64, 0.5); }\n\n        .kev-block {\n            background: rgba(231, 76, 60, 0.07);\n            border: 1px solid rgba(231, 76, 60, 0.25);\n            border-radius: 4px; padding: 12px 16px; margin-bottom: 14px;\n        }\n\n        .kev-label {\n            font-family: 'Orbitron', sans-serif;\n            font-size: 0.6em; font-weight: 700;\n            text-transform: uppercase; letter-spacing: 0.18em;\n            color: var(--tardis-red); margin-bottom: 8px;\n        }\n\n        .kev-entry {\n            font-family: 'Rajdhani', sans-serif;\n            font-size: 0.93em; color: var(--tardis-text);\n            padding: 4px 0;\n            border-bottom: 1px solid rgba(231, 76, 60, 0.15); line-height: 1.4;\n        }\n\n        .kev-entry:last-child { border-bottom: none; }\n\n        .kev-cve {\n            font-family: 'Share Tech Mono', monospace;\n            font-size: 0.88em; color: var(--tardis-red); font-weight: 400;\n        }\n\n        .kev-none {\n            font-family: 'Rajdhani', sans-serif;\n            font-size: 0.93em; color: var(--tardis-text-muted); font-style: italic;\n        }\n\n        .story-headline {\n            font-family: 'Rajdhani', sans-serif;\n            font-size: 1.08em; font-weight: 700;\n            color: var(--tardis-blue-bright);\n            margin: 16px 0 8px 0; line-height: 1.3;\n        }\n\n        .priority-high { color: var(--tardis-red); font-weight: 700; }\n        .priority-medium { color: var(--tardis-amber); font-weight: 700; }\n        .priority-explore { color: var(--tardis-green); font-weight: 700; }\n\n        .finding { margin-bottom: 20px; }\n        .finding-title { font-family: 'Rajdhani', sans-serif; font-size: 1.08em; font-weight: 700; color: var(--tardis-blue-bright); margin: 16px 0 8px 0; line-height: 1.3; }\n        .finding-body p { font-size: 0.95em; color: var(--tardis-text); line-height: 1.5; margin-bottom: 8px; }\n        .finding-body code { font-family: 'Share Tech Mono', monospace; font-size: 0.88em; color: var(--tardis-amber); background: rgba(232,158,45,0.1); padding: 1px 5px; border-radius: 3px; }\n\n        #s13 .section-chrome-header { background: var(--tardis-gold-dim); border-bottom-color: rgba(244,196,48,0.25); }\n        #s13 { border-color: var(--tardis-gold); }\n        #s13 .section-chrome-body p { font-size: 0.97em; color: var(--tardis-text); line-height: 1.6; margin-bottom: 1.1em; }\n\n        .metadata-footer {\n            background: var(--tardis-dark);\n            border-top: 1px solid var(--tardis-edge);\n            padding: 18px 40px; margin-top: 8px;\n        }\n\n        .metadata-grid { display: flex; flex-wrap: wrap; gap: 20px 36px; }\n\n        .metadata-item { display: flex; flex-direction: column; gap: 2px; }\n\n        .metadata-key {\n            font-family: 'Orbitron', sans-serif;\n            font-size: 0.55em; font-weight: 700;\n            text-transform: uppercase; letter-spacing: 0.18em;\n            color: var(--tardis-text-muted);\n        }\n\n        .metadata-value {\n            font-family: 'Share Tech Mono', monospace;\n            font-size: 0.82em; color: var(--tardis-text-dim);\n        }\n    \n\n\n\n\n\n    \n\n        \n\n        \n\n            \nIntelligence Briefing\n            \nOSINT-First / IC Editorial Standards / CLAUDE Synthesis\n        \n    \n    \n\n        \n2026-05-18 / MONDAY\n        \nOSINT Only\n        \nOvercast | 56–68°F · La Jolla\n    \n\n\n\n\n\n    \n\n        \nSections\n        01 AI Research\n        02 Merlin Intel\n        03 Military / Geo\n        04 Economic\n        05 Tech Industry\n        06 Cybersecurity\n        07 Regulatory\n        08 Space\n        \n\n        AI Analysis\n        // Metadata\n    \n\n    \n\n\n\n\n  \n\n    \n\n      \n      01 / AI Research\n    \n    \nAI-RESEARCH\n  \n  \n\n    \n\n      \nBLUF\n      \nFour papers this window address agent memory and decision quality: FORGE enables self-improving memory without weight updates; Look Before You Leap documents premature exploitation as the dominant agent failure mode; and arXiv's enforcement of a 1-year author ban signals that AI-generated research flooding will be institutionally suppressed before it degrades signal quality in these feeds.\n    \n\n    \nFORGE: Self-Evolving Agent Memory Without Weight Updates via Population Broadcast\n    \n\n      \nLLM agents improve decision-making quality through self-generated memory shared via Population Broadcast, requiring no gradient updates or fine-tuning. [ArXiv cs.AI, 2026-05-15]\n      \nSuccessful decision patterns are broadcast to a shared population memory store; subsequent agent instances retrieve and apply relevant patterns before acting.\n      \nThe mechanism operates entirely at the prompt and retrieval layer \u2014 compatible with any inference API including ChatGPT Pro OAuth.\n      \nEvaluated across sequential decision tasks; agents with Population Broadcast access consistently outperform agents with no memory or standard in-context memory on novel task variants.\n    \n\n    \nLook Before You Leap: Premature Exploitation Is the Primary LLM Agent Failure Mode\n    \n\n      \nLLM agents fail in unfamiliar environments primarily due to premature exploitation of limited initial context \u2014 acting on insufficient state rather than first exploring environment structure. [ArXiv cs.AI, 2026-05-15]\n      \nThe paper proposes an autonomous exploration phase before commitment: agents survey available actions, tools, and resources before generating an execution plan.\n      \nThe failure mode is distinct from hallucination \u2014 agents are using accurate context but incomplete context, leading to locally-optimal but globally-suboptimal plans.\n      \nExploration-first agents show improved success rates across unfamiliar tool-use environments; the cost is additional tokens upfront.\n    \n\n    \nRecMem: Recurrence-Based Memory Consolidation for Long-Running LLM Agents\n    \n\n      \nExternal memory systems for long-running user-agent interactions benefit from recurrence-based consolidation rather than flat retrieval \u2014 periodic summarization of interaction history improves retrieval precision at scale. [ArXiv cs.AI, 2026-05-15]\n      \nThe paper addresses memory degradation in agents that accumulate hundreds of interaction records \u2014 flat retrieval over a large memory corpus degrades precision over time.\n      \nRecurrent consolidation produces hierarchical memory summaries; retrieval operates against summary layers rather than raw interaction records for distant history.\n    \n\n    \narXiv Institutes 1-Year Author Ban for AI-Generated Papers \u2014 Integrity Enforcement Escalates\n    \n\n      \narXiv has announced a 1-year submission ban for authors who submit papers where AI systems performed all substantive research and writing work. [TechCrunch, 2026-05-16]\n      \nThe policy targets papers where the human contribution is limited to prompt engineering or light editing \u2014 not papers that use AI as a writing tool with substantial human intellectual contribution.\n      \nPCMag reports arXiv framed the enforcement as a response to submission volume growth straining reviewer capacity and degrading signal quality across the repository.\n      \nThe policy does not prevent AI-assisted research; it targets fully AI-generated submissions. Enforcement relies on human reviewer flagging and author attestation.\n    \n\n    \n\n      \nContext\n      \nThree of the four LEAD and INCLUDE papers this window address the same fundamental problem: agents operating on incomplete or degrading context. FORGE addresses it with shared memory accumulation. Look Before You Leap addresses it with mandatory exploration. RecMem addresses it with hierarchical consolidation for long-running sessions. The convergence suggests an emerging consensus that context completeness \u2014 not model capability \u2014 is the primary lever for agent reliability. The arXiv enforcement decision is a signal that the research pipeline itself is under institutional pressure; the volume of AI-generated submissions had become sufficient to require policy intervention.\n    \n\n    \n\n      \nOpen Questions\n      \n\n        \nFORGE's Population Broadcast requires a shared memory store accessible across agent instances. For multi-tenant agent deployments, what isolation model prevents cross-customer pattern leakage?\n        \nDoes the arXiv ban apply retroactively to already-submitted papers, or only prospectively? If retroactive, what happens to citations of flagged papers?\n      \n    \n  \n\n\n\n\n\n  \n\n    \n\n      \n      02 / Merlin Intelligence\n    \n    \nMERLIN\n  \n  \n\n\n    \n\n      \nBLUF\n      \nFORGE's Population Broadcast mechanism resolves a core Phase 1 gap: the orchestrator now has a zero-infrastructure path to accumulate and query learned decision patterns across cycles \u2014 implement as a decision_trace artifact type before Phase 2.\n    \n\n    \n[HIGH] FORGE Population Broadcast \u2014 Close the Blackboard Self-Learning Loop\n    \n\n      \nFORGE (ArXiv 2026-05-15, cs.AI) demonstrates LLM agents improving decision-making through self-generated memory without gradient updates or fine-tuning. [ArXiv cs.AI 2026-05-15]\n      \nAgents broadcast successful decision patterns to a shared population memory store; future instances query this store before acting. The mechanism is entirely prompt and retrieval \u2014 no model changes required.\n      \nMerlin's orchestrator currently starts cold on every cycle: no feedback from successful prior runs flows back into dispatch decisions. Each orchestrator invocation re-derives strategy from blackboard state alone.\n      \nFORGE maps directly to Merlin's architecture: each completed orchestrator cycle with Judge confidence \u2265 92 writes a decision_trace artifact (action_taken, why, outcome, confidence) to blackboard_artifacts. Orchestrator skill queries top-5 similar traces via pgvector before dispatching child agents.\n    \n    \n\n      \nImplementation\n      \nTarget: blackboard_artifacts schema + merlin_orchestrator skill. Action: Add decision_trace artifact type; modify orchestrator SKILL.md to query similar traces as first step. Zero new infrastructure \u2014 pgvector similarity search already exists. Priority: [HIGH] \u2014 this sprint. Implements a Phase 3 (Evolver) capability at Phase 1 schema cost.\n    \n\n    \n[HIGH] OpenClaw agent-reflect \u2014 Port Conversation-Analysis Self-Improvement to Merlin Evolver\n    \n\n      \nOpenClaw (formerly Warelay, VoltAgent umbrella) has shipped an agent-reflect skill that performs self-improvement through systematic conversation analysis. [The Register / Simon Willison, 2026-05-17]\n      \nThe skill reviews prior agent conversations, identifies recurring failure modes and successful patterns, and proposes targeted skill prompt updates. The awesome-openclaw-skills repository (VoltAgent/awesome-openclaw-skills) is publicly inspectable.\n      \nMerlin's Evolver is designed to run weekly but currently requires human-triggered review. OpenClaw's pattern automates this loop at the skill layer.\n      \nThe decision_trace artifacts from FORGE implementation above provide the input corpus. Evolver reads the last N traces, identifies low-confidence patterns, and proposes SKILL.md patches as blackboard artifacts for human review before application.\n    \n    \n\n      \nImplementation\n      \nTarget: skills/build/merlin_evolver/SKILL.md (create). Action: Inspect VoltAgent/awesome-openclaw-skills for agent-reflect structure. Port the analysis loop \u2014 input: decision_trace artifacts; output: proposed SKILL.md diff artifact for human review. Priority: [HIGH] \u2014 closes the Phase 1 factory self-improvement loop before Phase 2.\n    \n\n    \n[MEDIUM] Look Before You Leap \u2014 Mandate Blackboard Survey Before Child Agent Dispatch\n    \n\n      \nArXiv 2026-05-15 (cs.AI) documents that LLM agents fail in unfamiliar environments due to premature exploitation of limited initial context. An explicit exploration phase before commitment improves outcomes measurably. [ArXiv cs.AI 2026-05-15]\n      \nMerlin's orchestrator reads the blackboard and dispatches specialists based on current artifact state. After multi-day pauses or when entering a new product domain, it may act on incomplete context.\n      \nFix: add an orientation query as the mandatory first step in each orchestrator cycle \u2014 retrieve the 20 most recent artifacts by timestamp before generating the dispatch plan. Existing pgvector infrastructure handles this; it requires a SKILL.md edit, not a code change.\n    \n    \n\n      \nImplementation\n      \nTarget: merlin_orchestrator SKILL.md. Action: Prepend orientation step \u2014 SELECT artifact_name, version, timestamp FROM blackboard_artifacts WHERE product_id = ? ORDER BY timestamp DESC LIMIT 20 \u2014 summarize state before dispatching. Priority: [MEDIUM] \u2014 low cost, reduces cold-start failures in multi-day lifecycle runs.\n    \n\n    \n[EXPLORE] Argus Evidence Assembly \u2014 Research Pipeline Parallelization Pattern\n    \n\n      \nArgus (ArXiv 2026-05-15, cs.AI) introduces evidence assembly for deep research agents: spawn N evidence gatherers in parallel, write fragments to shared memory, then a synthesis agent assembles the final output. Even low-context agents achieve significant research progress when evidence is pre-assembled. [ArXiv cs.AI 2026-05-15]\n      \nMerlin's research pipeline currently runs serially \u2014 one research agent executes a full research task. Argus suggests replacing this with parallel gatherers writing fragment artifacts to the blackboard, then a single synthesis pass.\n      \nPrototype the pattern in one research skill before committing to pipeline refactor. Measure quality delta.\n    \n    \n\n      \nImplementation\n      \nTarget: skills/research/ pipeline. Action: Spike the Argus pattern on one research skill \u2014 Planner decomposes into 3-5 evidence subtasks, parallel Gatherer agents write fragment artifacts, Synthesis agent assembles. Priority: [EXPLORE] \u2014 improvement, not a blocker. Existing research pipeline is functional.\n    \n\n    \n\n      \nOpen Questions\n      \n\n        \nFORGE's population broadcast queries happen before every dispatch decision. Merlin's $0 LLM constraint (ChatGPT Pro OAuth) limits concurrent calls. How many similarity lookups per cycle are sustainable before hitting ChatGPT rate limits at scale?\n        \nOpenClaw's agent-reflect analyzes conversation transcripts. Merlin logs to otel_spans, not conversation logs. Is span content sufficient signal for the Evolver, or does a separate conversation_log table need to be added to the blackboard schema?\n      \n    \n\n  \n\n\n\n\n\n  \n\n    \n\n      \n      03 / Military & Geopolitical\n    \n    \nGEO\n  \n  \n\n    \n\n      \nBLUF\n      \nRussian forces are assessed with moderate confidence to be regrouping along the Ukraine front line ahead of a significant push, per Ukraine military reporting from today \u2014 a trajectory signal, not a routine update.\n    \n\n    \nRussian Forces Regrouping Along Ukraine Front Line Ahead of Potential Offensive\n    \n\n      \nUkraine's military reported today that Russian forces are regrouping along the front line, described as preparation ahead of a potential significant offensive push. [Reuters, 2026-05-18]\n      \nReuters reporting describes the front line as a \"kill-zone\" where new weapons \u2014 including first-person-view drones and precision artillery \u2014 have transformed the tactical engagement pattern on both sides.\n      \nRussia's regrouping follows a period of attritional advances across multiple sectors; a regrouping phase before a concentrated push is consistent with prior Russian operational patterns in this conflict.\n      \nNo specific sector or timeline has been confirmed. The report is based on Ukraine military characterization; independent verification of regrouping disposition is not available from open sources as of this briefing.\n    \n\n    \n\n      \nContext\n      \nThe structural significance is the phase transition signal: attritional grinding to consolidation-and-push represents a change in Russian operational tempo. If accurate, the implication is an elevated-intensity period on the front within weeks, not months. Prior briefings covered the CENTCOM three-carrier posture and Iran blockade; the Ukraine theater has been stable-to-deteriorating for Marc's interests primarily as a macro risk factor (European energy, semiconductor supply chains, US defense spending trajectory).\n    \n\n    \n\n      \nOpen Questions\n      \n\n        \nWhich specific front sectors are showing regrouping indicators \u2014 Zaporizhzhia, Kherson, or Donetsk axis? The answer changes the strategic read on Russia's operational objective.\n        \nHas NATO changed any force readiness posture in response to the regrouping assessment, or is this currently a Ukraine-reported signal without allied corroboration?\n      \n    \n  \n\n\n\n\n\n  \n\n    \n\n      \n      05 / Economic\n    \n    \nECON\n  \n  \n\n    \n\n      \nBLUF\n      \nMacro indicators remain benign: yield curve positive, VIX calm, jobless claims stable, credit spreads low. No recession signal. Baltic Dry at a five-month high suggests trade demand is recovering.\n    \n\n    \nFRED Indicators \u2014 Week of May 18, 2026\n    \n\n      \nT10Y2Y (10Y\u20132Y Treasury Spread): +0.50 as of May 15. Plain English: the yield curve is positively sloped \u2014 longer-term rates exceed short-term rates. A positive spread means bond markets are not pricing a near-term recession. Baseline range: +50 to +200bp is normal; inversion below 0 signals recession risk. Current reading is at the low end of normal \u2014 healthy but not exuberant. YoY comparison: +0.52 (Apr 30) \u2014 essentially flat, no trend change. [FRED T10Y2Y, 2026-05-15]\n      \nVIXCLS (VIX Volatility Index): 17.26 as of May 14. Plain English: market participants are pricing moderate uncertainty, not fear. VIX below 20 is considered calm. Current reading is within the normal range (15\u201325). YoY: 18.81 (Apr 29) \u2014 slightly declined, markets marginally calmer. [FRED VIXCLS, 2026-05-14]\n      \nWM2NS (M2 Money Supply): $23.12 trillion as of Apr 6. Plain English: total money in circulation including bank deposits. Growth signals potential inflationary pressure; contraction signals tightening. Baseline: ~$20\u201322T was the pre-excess range. Current $23.1T is above baseline, reflecting continued monetary expansion. YoY: $22.45T (Jan 19, 2026) \u2014 M2 increased ~$670B over roughly 4 months, moderate growth. [FRED WM2NS, 2026-04-06]\n      \nICSA (Initial Jobless Claims): 211,000 for week ending May 9. Plain English: weekly new unemployment filings. Below 250k is considered healthy labor market conditions. 211k is well within normal range. YoY: 211,000 (Feb 21) \u2014 labor market stability unchanged over three months. [FRED ICSA, 2026-05-09]\n      \nGS10 (10-Year Treasury Yield): 4.32% as of Apr 1. Plain English: the benchmark borrowing rate for mortgages, corporate bonds, and government debt. Above 4% reflects Fed restraint \u2014 not yet cutting rates aggressively. YoY: 4.42% (May 2025) \u2014 yield slightly lower year-over-year; mild easing trend. [FRED GS10, 2026-04-01]\n      \nSOFR (Secured Overnight Financing Rate): 3.56% as of May 14. Plain English: the overnight interbank lending rate, Fed funds proxy. Current 3.56% reflects the prevailing Fed funds target range. YoY: 3.63% (Apr 29) \u2014 modest drift lower, consistent with expectations for limited rate cuts. [FRED SOFR, 2026-05-14]\n      \nBAMLH0A0HYM2 (High Yield OAS): 2.76% as of May 14. Plain English: the extra yield investors demand to hold junk bonds vs. Treasuries. Higher spreads signal credit stress; lower spreads signal confidence. 2.76% is low \u2014 below the 3\u20135% normal range \u2014 indicating credit markets are not pricing distress. YoY: 2.82% (Apr 29) \u2014 essentially flat. [FRED BAMLH0A0HYM2, 2026-05-14]\n      \nBAMLH0A3HYC (CCC High Yield OAS): 9.22% as of May 14. Plain English: spreads for the most speculative-grade debt. Distress threshold is above 10%. 9.22% is approaching but below the distress threshold. YoY: 9.09% (Apr 29) \u2014 slight widening, worth monitoring. [FRED BAMLH0A3HYC, 2026-05-14]\n      \nICSA / M2 / GS10 combined read: Labor stable, money supply growing moderately, rates elevated but easing slowly, spreads tight. The macro configuration is a soft-landing continuation \u2014 no acceleration signal in either direction. [FRED composite, 2026-05]\n    \n\n    \nBaltic Dry Index at Five-Month High\n    \n\n      \nThe Baltic Exchange dry bulk freight index reached a five-month high this week, with broad gains across Handysize, Supramax, and Panamax vessel types. [Baltic Exchange via Brave Search, 2026-05-14]\n      \nCapesize rates declined despite the headline gain \u2014 the five-month high is driven by smaller vessel segments, which track general cargo and grain trade rather than iron ore and coal.\n      \nA Baltic Dry recovery after the early-2026 weakness is consistent with restocking demand in European and Asian markets; not a signal of a broad commodity super-cycle.\n    \n\n    \n\n      \nContext\n      \nThe macro picture this week is a continuation of the soft-landing scenario that has held since late 2025: labor stable, credit untroubled, yield curve positive, inflation expectations anchored near 3.5%. The CCC spread drift (9.22% vs. 9.09% a month ago) is the one indicator worth watching \u2014 if it crosses 10%, it signals speculative credit deterioration. For Supabase planning purposes, the current environment supports continued developer spending; no macro-driven customer contraction signal.\n    \n  \n\n\n\n\n\n  \n\n    \n\n      \n      06 / Tech\n    \n    \nTECH\n  \n  \n\n    \n\n      \nBLUF\n      \nSupabase-js holds 16.1M weekly downloads \u2014 2.1\u00d7 Firebase, 1.27\u00d7 Prisma \u2014 with all growth rates healthy. Drizzle-orm continues accelerating. No competitive threat signal in this week's data.\n    \n\n    \nDeveloper Ecosystem: npm Download Trends \u2014 Week of May 18, 2026\n    \n\n      \n@supabase/supabase-js: 16.05M weekly / 78.9M monthly. Weekly growth rate: 16.05M \u00f7 (78.9M \u00f7 4.33) = 0.88\u00d7 \u2014 slightly below the 1.0 threshold. Monthly trend stable. [npm, 2026-05-18]\n      \nprisma: 12.67M weekly / 46.6M monthly. Weekly growth rate: 12.67M \u00f7 (46.6M \u00f7 4.33) = 1.18\u00d7 \u2014 above 1.0, healthy weekly momentum. [npm, 2026-05-18]\n      \ndrizzle-orm: 9.52M weekly / 35.3M monthly. Weekly growth rate: 9.52M \u00f7 (35.3M \u00f7 4.33) = 1.17\u00d7 \u2014 above 1.0, consistent strong momentum. Drizzle continues to close the gap on Prisma. [npm, 2026-05-18]\n      \nfirebase: 7.59M weekly / 29.5M monthly. Rate: 1.11\u00d7 \u2014 moderate positive. Supabase-js weekly absolute remains 2.1\u00d7 Firebase. [npm, 2026-05-18]\n      \naws-sdk: 9.99M weekly / 38.6M monthly. Rate: 1.12\u00d7 \u2014 steady. [npm, 2026-05-18]\n      \n@neondatabase/serverless: 1.97M weekly / 7.54M monthly. Rate: 1.13\u00d7 \u2014 Neon maintaining healthy growth trajectory. [npm, 2026-05-18]\n      \nconvex: 727K weekly / 2.62M monthly. Rate: 1.20\u00d7 \u2014 above the 1.2 flag threshold. Convex is growing faster than its monthly baseline this week; remains small in absolute terms. [npm, 2026-05-18]\n      \n@planetscale/database: 195K weekly / 822K monthly. Rate: 1.03\u00d7 \u2014 essentially flat, consistent with PlanetScale's contraction narrative post-serverless-pivot. [npm, 2026-05-18]\n    \n\n    \n\n      \nContext\n      \nSupabase-js at 0.88\u00d7 this week means weekly downloads were slightly below the monthly average weekly pace \u2014 not a contraction signal, likely a weekend-effect artifact in the reporting window. The absolute lead (16.1M vs. Firebase at 7.6M and Prisma at 12.7M) remains decisive. Convex at 1.20\u00d7 weekly rate is worth flagging \u2014 it is growing from a small base but consistently outpacing its monthly trend. Drizzle-orm's 1.17\u00d7 sustained rate confirms its ongoing encroachment on Prisma's ORM dominance; this is not new but has not reversed.\n    \n  \n\n\n\n\n\n  \n\n    \n\n      \n      07 / Cybersecurity\n    \n    \nCYBER\n  \n  \n\n    \n\n      \nBLUF\n      \nGrafana Labs confirmed a full GitHub account compromise today \u2014 all codebase repositories exposed; Grafana is embedded in the monitoring stack of most cloud-native infrastructure deployments including Kubernetes clusters and Supabase's own observability layer.\n    \n\n    \nGrafana Labs GitHub Account Compromised \u2014 Full Codebase Access Confirmed\n    \n\n      \nGrafana Labs confirmed today that an attacker gained access to its GitHub account and obtained access to all codebase repositories. [The Register, 2026-05-18]\n      \nThe Register headline characterizes the disclosure as Grafana \"admitting all its codebase are belong to someone\" \u2014 consistent with full repository read access, not just a single-repo breach.\n      \nGrafana is the dominant open-source dashboard and observability platform, widely deployed in Kubernetes environments, cloud-native stacks, and DevOps pipelines. Estimated user base exceeds 10 million instances.\n      \nAt time of briefing, Grafana Labs has not published an incident report detailing the attack vector, duration of access, or whether any code modifications were made. Supply chain integrity is unverified.\n      \nCISA KEV has not added a Grafana-related CVE as of this briefing. No new KEV additions today; most recent was CVE-2026-42897 (Microsoft Exchange Server XSS, added 2026-05-15). [CISA KEV, 2026-05-15]\n    \n\n    \n\n      \nContext\n      \nThe supply chain risk is the primary concern, not the data exposure. Grafana is a dependency in countless CI/CD pipelines and monitoring stacks. If the attacker inserted malicious code into any Grafana repository, the blast radius is infrastructure-wide across the cloud-native ecosystem. The LiteLLM supply chain compromise (CVE-2026-42208, CISA KEV 2026-05-08) established that production AI infrastructure is actively targeted via open-source package vectors. Grafana's footprint is broader. Operators running self-hosted Grafana should verify their instance version was built from a pre-compromise commit before any update this week.\n    \n\n    \n\n      \nOpen Questions\n      \n\n        \nDid the attacker have write access to any repositories, or read-only? The answer determines whether a supply chain code injection is possible or only information exposure.\n        \nGrafana Cloud (hosted) vs. self-hosted: are the repositories for both products the same GitHub account, or separate? If unified, cloud customers are also potentially affected.\n      \n    \n  \n\n\n\n\n\n  \n\n    \n\n      \n      08 / Regulatory\n    \n    \nREG\n  \n  \n\n    \n\n      \nBLUF\n      \nFTC begins enforcing the TAKE IT DOWN Act this month \u2014 the first new federal content-removal mandate in years, creating compliance obligations for any platform hosting user-generated content.\n    \n\n    \nFTC Begins Enforcing TAKE IT DOWN Act \u2014 Platform Obligations for Non-Consensual Intimate Images\n    \n\n      \nThe FTC announced this month it will begin enforcing the TAKE IT DOWN Act, which requires online platforms to remove non-consensual intimate images (NCII) \u2014 including AI-generated synthetic imagery \u2014 within 48 hours of a verified request. [FTC, 2026-05-18]\n      \nThe Act covers both real and AI-generated intimate images; the synthetic imagery provision is the novel element extending prior NCII law to deepfake content.\n      \nPlatforms face FTC enforcement action for non-compliance; the Act does not specify per-violation fines but FTC can pursue civil penalties under its standard enforcement authority.\n      \nThe FTC simultaneously ordered Rollins, Inc. (pest control company) in a separate consumer protection action \u2014 the agency is active on multiple enforcement fronts under the current administration. [FTC, 2026-05-13]\n    \n\n    \n\n      \nContext\n      \nThe synthetic imagery provision is the structural precedent. This is the first federal statute in the US that explicitly creates a removal obligation for AI-generated content, establishing the regulatory pattern: AI-generated harmful content is treated equivalently to real content for platform liability purposes. The 48-hour removal window is aggressive relative to current content moderation capacity at most platforms. Any Supabase-hosted application with user-generated content or image storage has a new compliance surface to assess.\n    \n\n    \n\n      \nOpen Questions\n      \n\n        \nDoes the Act's platform definition include storage infrastructure providers (object storage, CDN) or only end-user-facing content platforms? The answer determines whether Supabase Storage has direct compliance obligations.\n        \nWhat verification standard satisfies a \"verified request\" under the Act? If the standard is low, the 48-hour window is more operationally demanding than it appears.\n      \n    \n  \n\n\n\n\n\n  \n\n    \n\n      \n      10 / Space\n    \n    \nSPACE\n  \n  \n\n    \n\n      \nBLUF\n      \nSpace Force awarded Northrop Grumman a $398M satellite contract on Saturday; Zenk Space closes $26M today targeting a June debut \u2014 the commercial launch cadence and government procurement pipeline are both accelerating.\n    \n\n    \nSpace Force Awards Northrop Grumman $398 Million Satellite Contract\n    \n\n      \nThe US Space Force awarded Northrop Grumman a $398 million contract for satellite development on May 16. [SpaceNews, 2026-05-16]\n      \nContract details regarding the satellite mission type and orbit were not disclosed in open reporting \u2014 consistent with Space Force practice for classified or sensitive capability contracts.\n      \nThe award continues a pattern of large Space Force procurement actions in 2026; prior briefings covered the SpaceX NRO satellite launch (May 11) and the Google-SpaceX orbital data center talks.\n    \n\n    \nZenk Space Raises $26 Million, Targets June 2026 Debut Launch\n    \n\n      \nZenk Space closed a $26 million funding round and announced a target date of June 2026 for its first commercial launch. [SpaceNews, 2026-05-18]\n      \nZenk Space is a new commercial launch entrant. Details on vehicle type, payload capacity, and launch site were not specified in the SpaceNews report.\n      \nA June target from a company announcing funding today implies either vehicle development is near-complete or the company is manifesting on a rideshare mission rather than launching its own vehicle.\n    \n\n    \n\n      \nContext\n      \nSpaceX's Starship Version 3 is targeted for May 19 (tomorrow) per the prior briefing. The commercial launch market is entering a period of simultaneous new entrant activity and government procurement expansion \u2014 structurally bullish for the sector. The Northrop contract reinforces continued Space Force investment in satellite capability despite broader defense budget pressure from the missile program spending covered last week.\n    \n  \n\n\n\n\n\n  \n\n    \n\n      \n      13 / Analysis\n    \n    \nANALYSIS\n  \n  \n\n\n    \nThree patterns converge in today's signal set that are worth reading as a system rather than isolated events.\n\n    \nSupply chain security is now targeting DevOps infrastructure directly. The Grafana Labs GitHub compromise follows the LiteLLM SQL injection KEV (May 8) and the TanStack npm supply chain incident (May 12). The pattern is not random: attackers are moving up the dependency stack toward tools that sit inside CI/CD pipelines and agent runtimes \u2014 not end-user applications. Grafana, LiteLLM, and TanStack are all components that agents, observability stacks, and developer pipelines consume as trusted infrastructure. The assessed probability that at least one additional DevOps-tier open-source tool is compromised but undisclosed is moderate-to-high given the pace of incidents. Organizations should treat any Grafana binary built or updated this week as potentially tainted until a clean-build attestation is published.\n\n    \nThe arXiv enforcement action and Grafana breach are structurally related. Both represent institutions with high trust and high surface area discovering that the volume of untrusted inputs \u2014 AI-generated papers, unauthorized GitHub sessions \u2014 has exceeded their capacity to verify manually. arXiv's response is a policy gate (author ban). Grafana's is a breach disclosure. The underlying dynamic is the same: trust architectures designed for lower-volume, higher-friction inputs are failing under load. This is the macro risk to open-source research and tooling ecosystems as AI lowers the cost of both generating content and executing intrusions at scale.\n\n    \nFor Merlin, today's ArXiv batch resolves a specific architectural ambiguity. FORGE's Population Broadcast and OpenClaw's agent-reflect together answer the question of how a Phase 1 factory accumulates intelligence without a dedicated fine-tuning pipeline. The answer is: write decision traces to the blackboard, query them before each dispatch, and run a reflection skill that proposes SKILL.md patches. This is achievable inside Phase 1 constraints \u2014 no new infrastructure, no model changes, no API costs beyond what ChatGPT Pro OAuth already covers. The convergence of two independent papers and one production system arriving at the same architectural pattern in the same week raises the assessed probability that this approach works at Merlin's scale from speculative to probable. The implementation window is this sprint, not Phase 3.\n\n    \nUkraine regrouping adds to a risk cluster that has been building since May 12. The Iran blockade (three CSGs active), Putin's nuclear missile test, and now Russian front-line regrouping represent three separate theaters of elevated military activity within a six-day window. None individually crosses a threshold requiring strategic repositioning. In combination, assessed probability of at least one additional significant escalation event in the next 10 days is moderate. The primary downstream risk for Supabase is European enterprise procurement freeze if any of these escalate into a broader conflict signal \u2014 that is a low-probability, high-impact scenario, not a base case.\n\n    \nMacro backdrop remains benign. Yield curve positive, VIX calm, spreads tight, labor stable. The soft-landing configuration has held through a period of elevated geopolitical noise \u2014 that persistence increases confidence in the base case. Brief complete.\n\n  \n\n\n\n    \n\n\n\n\n    \n\n        \n\n            \nGenerated\n            \n2026-05-18 01:17 PT\n        \n        \n\n            \nBrave Search Calls\n            \n44\n        \n        \n\n            \nFRED API Calls\n            \n14\n        \n        \n\n            \nCISA KEV Fetch\n            \nok (1.4MB)\n        \n        \n\n            \nEIA API Calls\n            \n1\n        \n        \n\n            \nArXiv Papers\n            \n114 fresh / 0 historical (rate-limited)\n        \n        \n\n            \nArXiv Window\n            \nIndex 8 / Historical: 2026-03-16 to 2026-03-23\n        \n        \n\n            \nRSS Feeds\n            \n23 fetched / 17 fresh items\n        \n        \n\n            \nSections\n            \n8 included / 5 omitted\n        \n        \n\n            \nLeads\n            \n3\n        \n        \n\n            \nModel\n            \nclaude-sonnet-4-6\n        \n    \n\n\n\n", "creation_timestamp": "2026-05-18T08:25:17.000000Z"}, {"uuid": "f6d65d1e-b80b-4924-8805-bc8dcb5493ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://www.acn.gov.it/portale/w/microsoft-rilevato-sfruttamento-attivo-della-cve-2026-42897", "content": "Microsoft ha rilasciato aggiornamenti di sicurezza per risolvere due nuove vulnerabilit\u00e0, una con gravit\u00e0 \u201dcritica\u201d e una con gravit\u00e0 \u201calta\u201d, che riguardano i prodotti Microsoft Authenticator e Microsoft Exchange Server. Tra queste si evidenzia la CVE-2026-42897, di tipo \u201cCross-site Scripting (XSS)\u201d, che risulta essere sfruttata attivamente in rete.", "creation_timestamp": "2026-05-15T09:54:10.000000Z"}, {"uuid": "ceec749b-fe82-4723-a621-ad3eca67bda1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42899", "type": "seen", "source": "https://gist.github.com/alon710/858f4c780c5ed9bd0f94d013b01935b8", "content": "# CVE-2026-42899: CVE-2026-42899: Denial of Service via Infinite Loops in ASP.NET Core Subsystems\n\n> **CVSS Score:** 7.5\n> **Published:** 2026-05-18\n> **Full Report:** https://cvereports.com/reports/CVE-2026-42899\n\n## Summary\nCVE-2026-42899 is a high-severity Denial of Service (DoS) vulnerability in the Microsoft ASP.NET Core framework, characterized by multiple instances of a 'Loop with Unreachable Exit Condition' (CWE-835). An unauthenticated remote attacker can trigger 100% CPU utilization by supplying specially crafted requests that exploit logic errors in request parsing, data protection, minimal APIs, and caching subsystems.\n\n## TL;DR\nUnauthenticated remote Denial of Service in ASP.NET Core due to infinite loops in core subsystems, remediated in .NET 8.0.27, 9.0.16, and 10.0.8.\n\n## Technical Details\n\n- **CWE ID**: CWE-835\n- **Attack Vector**: Network\n- **CVSS v3.1**: 7.5 (High)\n- **EPSS**: 0.00047 (0.05%)\n- **Impact**: High Availability (Denial of Service)\n- **Exploit Status**: None Public\n- **CISA KEV**: Not Listed\n\n## Affected Systems\n\n- ASP.NET Core on .NET 8.0\n- ASP.NET Core on .NET 9.0\n- ASP.NET Core on .NET 10.0\n- **.NET 8.0**: 8.0.0 <= version < 8.0.27 (Fixed in: `8.0.27`)\n- **.NET 9.0**: 9.0.0 <= version < 9.0.16 (Fixed in: `9.0.16`)\n- **.NET 10.0**: 10.0.0 <= version < 10.0.8 (Fixed in: `10.0.8`)\n\n## Mitigation\n\n- Update .NET runtime and SDK to patched versions\n- Update JavaScript dependencies (lodash, serialize-javascript) for Blazor/SPA applications\n- Implement WAF rules to pre-validate and drop malformed API parameters\n- Enforce connection rate limits and strict request timeouts\n\n**Remediation Steps:**\n1. Identify all systems running .NET 8.0, 9.0, or 10.0\n2. Download and install .NET updates 8.0.27, 9.0.16, or 10.0.8\n3. Rebuild self-contained applications with the updated .NET SDK\n4. Update package.json dependencies to lodash >=4.18.0 and serialize-javascript >=7.0.5\n5. Deploy updated application artifacts to production environments\n6. Monitor application worker process CPU utilization to verify vulnerability resolution\n\n## References\n\n- [Microsoft Security Response Center (MSRC) Advisory](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42899)\n- [CVE Org Record for CVE-2026-42899](https://www.cve.org/CVERecord?id=CVE-2026-42899)\n- [GitHub Patch (DataProtection)](https://github.com/dotnet/aspnetcore/commit/c5fa707d1dd8a67dc1392fa9c3561d8d353577e3)\n- [GitHub Patch (RequestDelegateFactory)](https://github.com/dotnet/aspnetcore/commit/31515a42d423dcfe2c646801f8b4a35350705c25)\n- [GitHub Patch (HybridCache)](https://github.com/dotnet/aspnetcore/commit/3ec3980cc353d6b9fff9fb6fef1f655f8d9f2158)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-42899) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-05-18T20:40:49.000000Z"}, {"uuid": "ce89c2bd-8607-4866-a2bf-552fe81a73e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://t.me/xakep_ru/19390", "content": "Microsoft \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0430\u0435\u0442 \u043e\u0431 \u0430\u0442\u0430\u043a\u0430\u0445 \u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f \u0432 Exchange Server\n\n\u0421\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u044b Microsoft \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0434\u0438\u043b\u0438 \u043e\u0431 \u0430\u0442\u0430\u043a\u0430\u0445 \u043d\u0430 \u043d\u043e\u0432\u0443\u044e zero-day \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 Exchange Server, \u043f\u043e\u043b\u0443\u0447\u0438\u0432\u0448\u0443\u044e \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440 CVE-2026-42897. \u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 Exchange Server 2016, 2019 \u0438 Subscription Edition (SE). \u041f\u043e\u043a\u0430 \u043f\u043e\u043b\u043d\u043e\u0446\u0435\u043d\u043d\u043e\u0433\u043e \u043f\u0430\u0442\u0447\u0430 \u043d\u0435\u0442, \u0432 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 \u043f\u0440\u0435\u0434\u043b\u0430\u0433\u0430\u044e\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0432\u0440\u0435\u043c\u0435\u043d\u043d\u044b\u0435 \u0437\u0430\u0449\u0438\u0442\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u0438 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u044e\u0442 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430\u043c \u0441\u0440\u043e\u0447\u043d\u043e \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u044c Exchange Emergency Mitigation Service (EEMS).\n\nhttps://xakep.ru/2026/05/18/exchange-0day/", "creation_timestamp": "2026-05-18T17:37:01.000000Z"}, {"uuid": "1ddd3fd0-aada-4726-b566-3e64b5398ebf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://www.darkreading.com/vulnerabilities-threats/microsoft-exchange-zero-day-no-patch", "content": "CVE-2026-42897 stems from a cross-site scripting (XSS) vulnerability and can allow an attacker to compromise Outlook Web Access (OWA) mailboxes.", "creation_timestamp": "2026-05-18T19:43:51.000000Z"}, {"uuid": "68a354c3-1940-47e4-8b0b-46d1ac8de68b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/nuke86.rfeed.it/post/3mm6zriwczj2x", "content": "New Post: CVE-2026-42897: vulnerabilit\u00e0 critica XSS in Exchange Server OWA \u2014 mitigazione di emergenza disponibile spcnet.it/cve-2026-428...", "creation_timestamp": "2026-05-19T09:02:07.291750Z"}, {"uuid": "f561a235-abe4-4150-97d1-ca2226b904ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/newstecnicas.com/post/3mmakdg7cak2g", "content": "\ud83d\udee1\ufe0f CVE-2026-42897: #CISA advierte #hackeo masivo activo en #MicrosoftExchangeServer (OWA) (+MITIGACI\u00d3N) www.newstecnicas.com/2026/05/cve-...", "creation_timestamp": "2026-05-19T23:31:12.800755Z"}, {"uuid": "24d2b828-281e-429b-a1a5-c524aaee0567", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/shortinfo.bsky.social/post/3mm4q4ziiw325", "content": "Every on-prem Microsoft Exchange Server (2016, 2019, SE) is exposed to active zero-day exploitation. CVE-2026-42897 runs attacker JavaScript in the victim's browser via a crafted email opened in Outlook Web Access. Microsoft released an out-of-band patch May 14.", "creation_timestamp": "2026-05-18T11:04:41.145707Z"}, {"uuid": "bfdf7f98-5b80-4e88-86ce-3c41947ce0c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mm55bnnwnk23", "content": "5/ \ud83d\udce7 Microsoft Exchange CVE-2026-42897 is being exploited in the wild. Critical XSS. No permanent fix yet. Only mitigations. Federal agencies under CISA deadline. Check your Exchange logs.", "creation_timestamp": "2026-05-18T15:01:50.391888Z"}, {"uuid": "ef025988-05b3-4fc7-9c0e-164750ad917a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://t.me/bdufstecru/3174", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0447\u0442\u043e\u0432\u043e\u0433\u043e \u0441\u0435\u0440\u0432\u0435\u0440\u0430 Microsoft Exchange Server \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435\u043c \u043c\u0435\u0440 \u043f\u043e \u0437\u0430\u0449\u0438\u0442\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u0442\u044c \u0441\u043f\u0443\u0444\u0438\u043d\u0433-\u0430\u0442\u0430\u043a\u0438\n\nBDU:2026-06919\nCVE-2026-42897\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42897\n\n\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u043c\u0435\u0436\u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u044d\u043a\u0440\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0434\u043b\u044f \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u043f\u043e\u0447\u0442\u043e\u0432\u043e\u043c\u0443 \u0441\u0435\u0440\u0432\u0435\u0440\u0443;\n- \u0441\u0435\u0433\u043c\u0435\u043d\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0435\u0442\u0438 \u0441 \u0446\u0435\u043b\u044c\u044e \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u043f\u043e\u0447\u0442\u043e\u0432\u043e\u043c\u0443 \u0441\u0435\u0440\u0432\u0435\u0440\u0443 \u0438\u0437 \u0434\u0440\u0443\u0433\u0438\u0445 \u043f\u043e\u0434\u0441\u0435\u0442\u0435\u0439;\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f \u0438 \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0449\u0435\u043d\u0438\u044f \u0432\u0442\u043e\u0440\u0436\u0435\u043d\u0438\u0439 \u0434\u043b\u044f \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f (\u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f, \u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0430\u0446\u0438\u0438) \u0438 \u0440\u0435\u0430\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u043d\u0430 \u043f\u043e\u043f\u044b\u0442\u043a\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438;\n- \u043c\u0438\u043d\u0438\u043c\u0438\u0437\u0430\u0446\u0438\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u0445 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439;\n- \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435/\u0443\u0434\u0430\u043b\u0435\u043d\u0438\u0435 \u043d\u0435\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u0443\u0447\u0451\u0442\u043d\u044b\u0445 \u0437\u0430\u043f\u0438\u0441\u0435\u0439 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439;\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0445 \u0447\u0430\u0441\u0442\u043d\u044b\u0445 \u0441\u0435\u0442\u0435\u0439 \u0434\u043b\u044f \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 (VPN).", "creation_timestamp": "2026-05-18T14:18:21.000000Z"}, {"uuid": "b67ad2f6-a1e9-462d-a2c6-30599576f5a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mm55bnoag223", "content": "5/ \ud83d\udce7 Microsoft Exchange CVE-2026-42897 is being exploited in the wild. Critical XSS. No permanent fix yet. Only mitigations. Federal agencies under CISA deadline. Check your Exchange logs.", "creation_timestamp": "2026-05-18T15:06:32.691728Z"}, {"uuid": "ea0bf2d5-0c98-4b6c-8150-f72c3e358921", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mm55bnobfc23", "content": "5/ \ud83d\udce7 Microsoft Exchange CVE-2026-42897 is being exploited in the wild. Critical XSS. No permanent fix yet. Only mitigations. Federal agencies under CISA deadline. Check your Exchange logs.", "creation_timestamp": "2026-05-18T15:10:39.665782Z"}, {"uuid": "098a285e-66ab-483e-88a6-73d4c47c7bf2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mm55bnodds23", "content": "5/ \ud83d\udce7 Microsoft Exchange CVE-2026-42897 is being exploited in the wild. Critical XSS. No permanent fix yet. Only mitigations. Federal agencies under CISA deadline. Check your Exchange logs.", "creation_timestamp": "2026-05-18T15:19:49.737061Z"}, {"uuid": "ee7fd3aa-4de8-4a6b-91e9-a5a6b478e385", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mm55bnoddt23", "content": "5/ \ud83d\udce7 Microsoft Exchange CVE-2026-42897 is being exploited in the wild. Critical XSS. No permanent fix yet. Only mitigations. Federal agencies under CISA deadline. Check your Exchange logs.", "creation_timestamp": "2026-05-18T15:22:00.521058Z"}, {"uuid": "481473b9-dff5-42a1-8f31-e93eb79c35cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://t.me/poxek/6119", "content": "Microsoft \u0441\u043d\u043e\u0432\u0430 \u043d\u0430\u043f\u043e\u043c\u043d\u0438\u043b, \u0447\u0442\u043e \u043d\u0430\u0448\u0430 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430 \u0441\u0430\u043c\u0430 \u043f\u043e \u0441\u0435\u0431\u0435 \u043e\u0441\u0442\u0430\u0435\u0442\u0441\u044f \u043e\u0434\u043d\u043e\u0439 \u0438\u0437 \u0441\u0430\u043c\u044b\u0445 \u0432\u043a\u0443\u0441\u043d\u044b\u0445 \u0446\u0435\u043b\u0435\u0439. CVE-2026-42897 \u0432 on-prem Exchange Server \u0443\u0436\u0435 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u0442\u0441\u044f: \u043f\u043e \u0434\u0430\u043d\u043d\u044b\u043c The Hacker News \u0441\u043e \u0441\u0441\u044b\u043b\u043a\u043e\u0439 \u043d\u0430 Microsoft, \u044d\u0442\u043e XSS/spoofing-\u0431\u0430\u0433 \u0441 CVSS 8.1, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043c\u043e\u0436\u043d\u043e \u0442\u0440\u0438\u0433\u0433\u0435\u0440\u0438\u0442\u044c \u0447\u0435\u0440\u0435\u0437 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u043f\u043e\u0434\u0433\u043e\u0442\u043e\u0432\u043b\u0435\u043d\u043d\u043e\u0435 \u043f\u0438\u0441\u044c\u043c\u043e, \u0435\u0441\u043b\u0438 \u0436\u0435\u0440\u0442\u0432\u0430 \u043e\u0442\u043a\u0440\u043e\u0435\u0442 \u0435\u0433\u043e \u0432 Outlook Web Access. \u041f\u043e\u0434 \u0443\u0434\u0430\u0440\u043e\u043c Exchange 2016, 2019 \u0438 Subscription Edition, \u0430 CISA \u0443\u0436\u0435 \u0434\u043e\u0431\u0430\u0432\u0438\u043b\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 KEV.\n\n\u041d\u0430 \u0434\u0440\u0443\u0433\u043e\u043c \u043a\u043e\u043d\u0446\u0435 \u0441\u043f\u0435\u043a\u0442\u0440\u0430 - CVE-2026-25765 \u0432 Ruby Faraday. \u0415\u0441\u043b\u0438 \u0432 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0435 \u0438\u043b\u0438 \u0432\u043e \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0438\u0439 \u0441\u0435\u0440\u0432\u0438\u0441 \u043d\u0430 Faraday \u043f\u0440\u043e\u0445\u043e\u0434\u0438\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u0439 URL, build_exclusive_url \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2.14.1 \u043c\u043e\u0436\u043d\u043e \u043e\u0431\u043e\u0439\u0442\u0438 \u0447\u0435\u0440\u0435\u0437 protocol-relative \u043f\u0443\u0442\u044c \u0432\u0438\u0434\u0430 //evil.com/path \u0438 \u0443\u0432\u0435\u0441\u0442\u0438 \u0437\u0430\u043f\u0440\u043e\u0441 \u043d\u0430 \u0447\u0443\u0436\u043e\u0439 \u0445\u043e\u0441\u0442. \u042d\u0442\u043e \u0443\u0436\u0435 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0431\u0438\u0442\u044c \u043f\u043e \u0447\u0443\u0436\u0438\u043c \u0442\u0443\u043b\u0437\u0430\u043c, \u0438\u043d\u0442\u0435\u0433\u0440\u0430\u0446\u0438\u044f\u043c, \u0441\u043a\u0430\u043d\u0435\u0440\u0430\u043c, webhook-\u043e\u0431\u0432\u044f\u0437\u043a\u0435 \u0438 \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0438\u043c \u0441\u0435\u0440\u0432\u0438\u0441\u0430\u043c, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0441\u0430\u043c\u0438 \u0445\u043e\u0434\u044f\u0442 \u043d\u0430\u0440\u0443\u0436\u0443. \u041f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 \u0435\u0441\u0442\u044c \u0432 DailyCVE, \u0430 \u043e\u0444\u0438\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0439 advisory \u0438 \u0444\u0438\u043a\u0441 - \u0432 GitHub advisory \u0438 \u0440\u0435\u043b\u0438\u0437\u0435 2.14.1. \u0422\u043e\u043a \u0441\u0442\u0440\u0430\u043d\u043d\u044b\u0439 \u043c\u043e\u043c\u0435\u043d\u0442, \u0447\u0442\u043e DailyCVE \u0443\u043a\u0430\u0437\u0430\u043d\u043e High, \u043d\u043e \u0432 NVD/CNA \u0443 \u043d\u0435\u0433\u043e \u0441\u0435\u0439\u0447\u0430\u0441 CVSS 5.8 MEDIUM.\n\n\u0410 \u0435\u0441\u043b\u0438 \u043d\u0443\u0436\u0435\u043d \u0441\u043e\u0432\u0441\u0435\u043c \u043f\u0440\u044f\u043c\u043e\u0439 \u043f\u0440\u0438\u043c\u0435\u0440 \"\u0430\u0442\u0430\u043a\u0438 \u043d\u0430 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0445\", \u0442\u043e \u0432\u043e\u0442 \u043e\u043d: CVE-2026-45087 \u0432 dalfox. \u041f\u043e advisory GitHub, \u0443\u044f\u0437\u0432\u0438\u043c\u044b \u0432\u0435\u0440\u0441\u0438\u0438 <= 2.12.0, \u0430 \u0444\u0438\u043a\u0441 \u0432\u044b\u0448\u0435\u043b \u0432 2.13.0. \u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u043a\u0440\u0438\u0442\u0438\u0447\u043d\u0430\u044f: \u0432 server mode Dalfox \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e \u0441\u043b\u0443\u0448\u0430\u0435\u0442 0.0.0.0:6664, \u043d\u0435 \u0442\u0440\u0435\u0431\u0443\u0435\u0442 API key \u0431\u0435\u0437 \u044f\u0432\u043d\u043e\u0433\u043e --api-key, \u0430 \u0447\u0435\u0440\u0435\u0437 POST /scan \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0439 \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u043e\u043a\u0438\u043d\u0443\u0442\u044c found-action \u0438 \u0434\u043e\u0431\u0438\u0442\u044c\u0441\u044f unauthenticated RCE \u043d\u0430 \u0445\u043e\u0441\u0442\u0435, \u0433\u0434\u0435 \u043a\u0440\u0443\u0442\u0438\u0442\u0441\u044f \u0441\u043a\u0430\u043d\u0435\u0440. \u0422\u043e \u0435\u0441\u0442\u044c \u043b\u043e\u043c\u0430\u044e\u0442 \u0443\u0436\u0435 \u043d\u0435 \u0446\u0435\u043b\u044c \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f, \u0430 \u0441\u0430\u043c \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044f.\n\n\u041e\u0442\u0441\u044e\u0434\u0430 \u0438 \u043e\u0447\u0435\u043d\u044c \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u044b\u0439 \u0441\u0434\u0432\u0438\u0433: \u0430\u0442\u0430\u043a\u043e\u0432\u0430\u0442\u044c \u043c\u043e\u0436\u043d\u043e \u0438 \u0437\u0430\u0449\u0438\u0442\u043d\u0438\u043a\u043e\u0432, \u0438 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0445. \u0415\u0441\u043b\u0438 \u0443 blue team \u0433\u043e\u0440\u0438\u0442 Exchange, \u0442\u043e \u0443 red team, \u0431\u0430\u0433\u0445\u0430\u043d\u0442\u0435\u0440\u043e\u0432 \u0438 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0435\u043d\u043d\u043e\u0439 \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0437\u0430\u0446\u0438\u0438 \u0433\u043e\u0440\u044f\u0442 \u0441\u043e\u0431\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0435 HTTP-\u043a\u043b\u0438\u0435\u043d\u0442\u044b, \u043f\u0430\u0440\u0441\u0435\u0440\u044b, \u0441\u043a\u0430\u043d\u0435\u0440\u044b \u0438 \u0441\u0435\u0440\u0432\u0438\u0441\u044b, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043f\u0440\u0438\u0432\u044b\u043a\u043b\u0438 \u0434\u043e\u0432\u0435\u0440\u044f\u0442\u044c \"\u043f\u043e\u0447\u0442\u0438 URL\" \u0438\u043b\u0438 \u043f\u043e\u0434\u043d\u0438\u043c\u0430\u0442\u044c \u043e\u043f\u0430\u0441\u043d\u044b\u0439 \u0440\u0435\u0436\u0438\u043c \"\u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e\". \u0412 2026 \u0433\u043e\u0434\u0443 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u0441\u0435 \u0447\u0430\u0449\u0435 \u0431\u044c\u0435\u0442 \u0441\u0440\u0430\u0437\u0443 \u043f\u043e \u0432\u0441\u0435\u0439 \u0446\u0435\u043f\u043e\u0447\u043a\u0435 \u0432\u043e\u043a\u0440\u0443\u0433 \u0446\u0435\u043b\u0438: \u043f\u043e \u043f\u043e\u0447\u0442\u0435, \u0430\u0433\u0435\u043d\u0442\u0430\u043c, \u0438\u043d\u0442\u0435\u0433\u0440\u0430\u0446\u0438\u044f\u043c, \u0441\u043a\u0430\u043d\u0438\u0440\u0443\u044e\u0449\u0435\u0439 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0435 \u0438 \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0438\u043c \u0441\u0435\u0440\u0432\u0438\u0441\u0430\u043c.\n\n\u0421 \u043d\u0430\u0447\u0430\u043b\u0430 \u0433\u043e\u0434\u0430 \u0440\u0430\u0431\u043e\u0442\u044b \u0443 \u043a\u043e\u043c\u0430\u043d\u0434 \u0437\u0430\u0449\u0438\u0442\u044b \u0437\u0430\u043c\u0435\u0442\u043d\u043e \u043f\u0440\u0438\u0431\u0430\u0432\u0438\u043b\u043e\u0441\u044c: \u0442\u0435\u043c\u043f \u043f\u043e\u0438\u0441\u043a\u0430 \u0438 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438 0day \u0441\u0435\u0439\u0447\u0430\u0441 \u0432\u044b\u0433\u043b\u044f\u0434\u0438\u0442 \u043f\u043e\u0447\u0442\u0438 \u0431\u0435\u0437\u0443\u043c\u043d\u044b\u043c, \u0438 \u0435\u0449\u0435 \u043f\u0430\u0440\u0443 \u043b\u0435\u0442 \u043d\u0430\u0437\u0430\u0434 \u0442\u0430\u043a\u043e\u0439 \u043f\u043b\u043e\u0442\u043d\u043e\u0441\u0442\u0438 \u0442\u0440\u0443\u0434\u043d\u043e \u0431\u044b\u043b\u043e \u043e\u0436\u0438\u0434\u0430\u0442\u044c. \u0414\u043b\u044f \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0445 \u0433\u043e\u043d\u043a\u0430 \u0442\u043e\u0436\u0435 \u0442\u043e\u043b\u044c\u043a\u043e \u043e\u0431\u043e\u0441\u0442\u0440\u044f\u0435\u0442\u0441\u044f: \u043a\u0442\u043e \u043f\u0435\u0440\u0432\u044b\u043c \u043d\u0430\u0439\u0434\u0435\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0440\u043e\u0432\u043d\u044f CVSS 9.8, \u0443\u0441\u043f\u0435\u0435\u0442 \u0441\u0434\u0430\u0442\u044c \u0435\u0435 \u0432 bug bounty \u0438\u043b\u0438 \u043f\u0440\u0435\u0432\u0440\u0430\u0442\u0438\u0442 \u0432 \u0440\u0430\u0431\u043e\u0447\u0438\u0439 \u0441\u0446\u0435\u043d\u0430\u0440\u0438\u0439 \u0434\u043b\u044f \u043f\u0435\u043d\u0442\u0435\u0441\u0442\u0430, \u0442\u043e\u0442 \u0438 \u0441\u043d\u0438\u043c\u0430\u0435\u0442 \u0441\u043b\u0438\u0432\u043a\u0438.", "creation_timestamp": "2026-05-18T15:58:50.000000Z"}, {"uuid": "c73ff4f2-242d-44b4-a3ef-3226c7d9cadd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42897", "type": "seen", "source": "https://bsky.app/profile/kubonai.bsky.social/post/3mma2ux6xuf2s", "content": "CVE-2026-42897: Microsoft Exchange OWA XSS Vulnerability\n\nCVE-2026-42897 is a high-severity cross-site scripting vulnerability in Microsoft Exchange Server Outlook Web Access (OWA). Learn what's affected,...\n\n\ud83d\udd17 https://ipsec.live/blog/cve-2026-42897-exchange-owa-xss\n\n#infosec #cybersecurity", "creation_timestamp": "2026-05-19T18:54:36.010969Z"}, {"uuid": "65cb434d-ff06-4629-a434-269cb137fd98", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42897", "type": "seen", "source": "https://bsky.app/profile/kubonai.bsky.social/post/3mma2v2k3yg2s", "content": "CVE-2026-42897: Microsoft Exchange OWA Zero-Day Actively Exploited\n\nCVE-2026-42897 is an actively exploited XSS/spoofing flaw in Microsoft Exchange Server OWA. CVSS 8.1, affects Exchange 2016/2019/SE...\n\n\ud83d\udd17 https://ipsec.live/blog/cve-2026-42897-exchange-owa-zero-day\n\n#infosec #cybersecurity", "creation_timestamp": "2026-05-19T18:54:39.350546Z"}, {"uuid": "3c0ac39f-10bc-40be-b059-fb75673fe994", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/kubonai.bsky.social/post/3mma2v45xqv2s", "content": "Microsoft Exchange Zero-Day Under Attack, No Patch Available\n\nCVE-2026-42897 stems from a cross-site scripting (XSS) vulnerability and can allow an attacker to compro...\n\n\ud83d\udd17 https://ipsec.live/blog/2026-05-19-microsoft-exchange-zeroday-under-attack-no-patch-available\n\n#infosec #cybersecurity", "creation_timestamp": "2026-05-19T18:54:40.931053Z"}, {"uuid": "b29293cc-bb6e-4290-8eea-c24fa7bb092b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42898", "type": "seen", "source": "https://www.thezdi.com/blog/2026/5/12/the-may-2026-security-update-review", "content": "I\u2019m currently in Berlin helping set up for Pwn2Own Berlin, but that doesn\u2019t stop Patch Tuesday from coming, and it\u2019s another big one. At least nothing is listed as being in the wild \u2013 for now. Take a break from your regularly scheduled activities and let\u2019s take a look at the latest security patches from Adobe and Microsoft. Due to technical difficulties, there will not be a video companion for this month.\nAdobe Patches for May 2026\nFor May, Adobe released 10 bulletins addressing 52 unique CVEs in Adobe Commerce, After Effects, Adobe Connect, Illustrator, Media Encoder, Premiere Pro, Substance 3D Painter, Substance 3D Sampler, Content Authenticity SDK, and the Adobe Substance 3D Designer. Here\u2019s this month\u2019s overview table:\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n  \n  \n\n\n\n\n  \n    \n\n\n\n<colgroup>\n  <col />\n  <col />\n  <col />\n  <col />\n  <col />\n  <col />\n  <col />\n</colgroup>\n\n<tfoot>\n  \n</tfoot>\n\n\n  \n    Bulletin ID\n    Product\n    CVE Count\n    Highest Severity\n    Highest CVSS\n    Exploited\n    Deployment Priority\n  \n\n\n  \n    APSB26-49\n    Adobe Commerce\n    15\n    Critical\n    8.7\n    No\n    2\n  \n  \n    APSB26-48\n    Adobe After Effects\n    4\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-50\n    Adobe Connect\n    2\n    Critical\n    9.6\n    No\n    3\n  \n  \n    APSB26-51\n    Adobe Illustrator\n    4\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-47\n    Adobe Media Encoder\n    2\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-46\n    Adobe Premiere Pro\n    3\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-55\n    Adobe Substance 3D Painter\n    2\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-54\n    Adobe Substance 3D Sampler\n    1\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-53\n    Content Authenticity SDK\n    14\n    Critical\n    7.5\n    No\n    3\n  \n  \n    APSB26-52\n    Adobe Substance 3D Designer\n    5\n    Important\n    6.3\n    No\n    3\n  \n\n    TOTAL\n    10 bulletins\n    52\n    \n    \n    \n    \n  \n\n\n\n  \n\n\n\n\n  \nThe obvious priority this month is the patch for Commerce, with its 15 bugs and deployment priority of 2. The Connect fix should also rank up there since both of its CVEs are CVSS 9s. Beyond those, it\u2019s a pretty typical month for Adobe, with most of the bugs either being cross-site scripting (XSS) or open-and-own code executions.\nMicrosoft Patches for May 2026\nThis month, Microsoft released a whopping 138 new CVEs in Windows and Windows components, Office and Office Components, Microsoft Edge (Chromium-based), Azure, .NET and Visual Studio, Copilot Chat, Github Copilot, M365 Copilot, SQL Server, TCP/IP, and the Telnet Client \u2013 yes, the Telnet client. Two of these bugs were reported through the TrendAI ZDI program. 30 of these bugs are rated Critical, three are rated as Moderate, one is rated Low, and the rest are rated Important in severity.\nThis large volume of fixes follows the largest monthly release in Microsoft\u2019s history and reflects the trend across the industry of a high number of submissions. While not all of these bugs were found by AI, it\u2019s likely they had an AI-related component \u2013 even if it was just AI writing the submission. I should also point out the Pwn2Own Berlin occurs in just a few days, and it\u2019s typical for vendors to patch as much as they can before the event.\nNone of the bugs patched by Microsoft this month are listed as publicly known or under active attack at the time of release, so we\u2019ve got that going for us. Let\u2019s take a closer look at some of the more interesting updates for this month, starting with a nasty-looking bug in DNS:\n-    CVE-2026-41096 - Windows DNS Client Remote Code Execution VulnerabilityThis patch fixes a heap-based buffer overflow in the DNS Client triggered by a malicious DNS response. No authentication or user interaction needed, and since the DNS Client runs on virtually every Windows machine, the attack surface is enormous. An attacker with a position to influence DNS responses (MitM, rogue server) could achieve unauthenticated RCE across your enterprise.\n-    CVE-2026-41089 - Windows Netlogon Remote Code Execution VulnerabilityThis update covers another CVSS 9.8 bug, which is a stack-based buffer overflow that lets an unauthenticated remote attacker execute code on a domain controller by sending a specially crafted network request \u2014 no credentials, no user interaction required. Yup \u2013 that makes it wormable. This is the highest-impact bug that requires immediate patching: a compromised domain controller is a compromised domain.\n-    CVE-2026-42898 - Microsoft Dynamics 365 On-Premises Remote Code Execution VulnerabilityThis bug rates a CVSS 9.9(!) and represents a code injection in Dynamics 365. It allows any authenticated user to execute code with a scope change, meaning exploitation can break out and affect resources beyond the vulnerable component itself. Scope changes are pretty rare, so if you\u2019re running Dynamics 365 On-Prem, definitely test and deploy this patch quickly.\n-    CVE-2026-40415 - Windows TCP/IP Remote Code Execution VulnerabilityThis bug in the TCP/IP stack results from a use-after-free (UAF) and could allow a remote, unauthenticated threat actor to execute code without user interaction. That makes this another wormable bug. However, this one is much less likely to be exploited. The target needs to be under sustained low-memory (memory pressure) conditions, which is pretty rare. Still, no need to tempt fate here. Test and deploy this one quickly.\nHere\u2019s the full list of CVEs released by Microsoft for May 2026:\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n  \n  \n\n\n\n\n  \n    \n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n <col width=\"144\" />\n <col width=\"256\" />\n <col span=\"5\" width=\"104\" />\n \n\n  CVE\n  Title\n  Severity\n  CVSS\n  Public\n  Exploited\n  Type\n \n \n  <span>CVE-2026-35435</span>\n  Azure AI Foundry\n  Elevation of Privilege Vulnerability\n  Critical\n  8.6\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35428</span>\n  Azure Cloud Shell\n  Spoofing Vulnerability\n  Critical\n  9.6\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-42826</span>\n  Azure DevOps\n  Information Disclosure Vulnerability\n  Critical\n  10\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-32207</span>\n  Azure Machine Learning\n  Notebook Spoofing Vulnerability\n  Critical\n  8.8\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-33109</span>\n  Azure Managed Instance\n  for Apache Cassandra Remote Code Execution Vulnerability\n  Critical\n  9.9\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-33844</span>\n  Azure Managed Instance\n  for Apache Cassandra Remote Code Execution Vulnerability\n  Critical\n  9\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-41105</span>\n  Azure Monitor Action\n  Group Notification System Elevation of Privilege Vulnerability\n  Critical\n  8.1\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33111</span>\n  Copilot Chat\n  (Microsoft Edge) Information Disclosure Vulnerability\n  Critical\n  7.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-26129</span>\n  M365 Copilot\n  Information Disclosure Vulnerability\n  Critical\n  7.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-26164</span>\n  M365 Copilot\n  Information Disclosure Vulnerability\n  Critical\n  7.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-33821</span>\n  Microsoft Dynamics 365\n  Customer Insights Elevation of Privilege Vulnerability\n  Critical\n  7.7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42898</span>\n  Microsoft Dynamics 365\n  On-Premises Remote Code Execution Vulnerability\n  Critical\n  9.9\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40379</span>\n  Microsoft Enterprise\n  Security Token Service (ESTS) Spoofing Vulnerability\n  Critical\n  9.3\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-40363</span>\n  Microsoft Office\n  Remote Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40358</span>\n  Microsoft Office\n  Remote Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-34327</span>\n  Microsoft Partner\n  Center Spoofing Vulnerability\n  Critical\n  8.2\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-40365</span>\n  Microsoft SharePoint\n  Server Remote Code Execution Vulnerability\n  Critical\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-41103</span>\n  Microsoft SSO Plugin\n  for Jira & Confluence Elevation of Privilege Vulnerability\n  Critical\n  9.1\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33823</span>\n  Microsoft Team Events\n  Portal Information Disclosure Vulnerability\n  Critical\n  9.6\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-40364</span>\n  Microsoft Word Remote\n  Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40366</span>\n  Microsoft Word Remote\n  Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40361</span>\n  Microsoft Word Remote\n  Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40367</span>\n  Microsoft Word Remote\n  Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-42831</span>\n  Office for Android\n  Remote Code Execution Vulnerability\n  Critical\n  7.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-41096</span>\n  Windows DNS Client\n  Remote Code Execution Vulnerability\n  Critical\n  9.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-35421</span>\n  Windows GDI Remote\n  Code Execution Vulnerability\n  Critical\n  7.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40403</span>\n  Windows Graphics\n  Component Remote Code Execution Vulnerability\n  Critical\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40402</span>\n  Windows Hyper-V\n  Elevation of Privilege Vulnerability\n  Critical\n  9.3\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-32161</span>\n  Windows Native WiFi\n  Miniport Driver Remote Code Execution Vulnerability\n  Critical\n  7.5\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-41089</span>\n  Windows Netlogon\n  Remote Code Execution Vulnerability\n  Critical\n  9.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-32175</span>\n  .NET Core Tampering\n  Vulnerability\n  Important\n  4.3\n  No\n  No\n  Tampering\n \n \n  <span>CVE-2026-32177</span>\n  .NET Elevation of\n  Privilege Vulnerability\n  Important\n  7.3\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35433</span>\n  .NET Elevation of\n  Privilege Vulnerability\n  Important\n  7.3\n  No\n  No\n  EoP\n \n \n  <span>CVE-2025-54518 *</span>\n  AMD: CVE-2025-54518\n  CPU OP Cache Corruption\n  Important\n  \n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-42899</span>\n  ASP.NET Core Denial of\n  Service Vulnerability\n  Important\n  7.5\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-40381</span>\n  Azure Connected\n  Machine Agent Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42823 \u2020</span>\n  Azure Logic Apps\n  Elevation of Privilege Vulnerability\n  Important\n  9.9\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33833</span>\n  Azure Machine Learning\n  Notebook Spoofing Vulnerability\n  Important\n  8.2\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-32204</span>\n  Azure Monitor Agent\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42830</span>\n  Azure Monitor Agent\n  Metrics Extension Elevation of Privilege Vulnerability\n  Important\n  6.5\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33117</span>\n  Azure SDK for Java\n  Security Feature Bypass Vulnerability\n  Important\n  9.1\n  No\n  No\n  SFB\n \n \n  <span>CVE-2026-41109</span>\n  GitHub Copilot and\n  Visual Studio Code Security Feature Bypass Vulnerability\n  Important\n  8.8\n  No\n  No\n  SFB\n \n \n  <span>CVE-2026-35424</span>\n  Internet Key Exchange\n  (IKE) Protocol Denial of Service Vulnerability\n  Important\n  7.5\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-41614</span>\n  M365 Copilot for\n  Desktop Spoofing Vulnerability\n  Important\n  6.2\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-41100</span>\n  Microsoft 365 Copilot\n  for Android Spoofing Vulnerability\n  Important\n  4.4\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-40377</span>\n  Microsoft\n  Cryptographic Services Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-41094</span>\n  Microsoft Data\n  Formulator Remote Code Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40417</span>\n  Microsoft Dynamics 365\n  Business Central Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42833</span>\n  Microsoft Dynamics 365\n  On-Premises Remote Code Execution Vulnerability\n  Important\n  9.1\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-42838</span>\n  Microsoft Edge\n  (Chromium-based) Elevation of Privilege Vulnerability\n  Important\n  5.4\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40360</span>\n  Microsoft Excel\n  Information Disclosure Vulnerability\n  Important\n  7.8\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-40359</span>\n  Microsoft Excel Remote\n  Code Execution Vulnerability\n  Important\n  7.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40362</span>\n  Microsoft Excel Remote\n  Code Execution Vulnerability\n  Important\n  7.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-42832</span>\n  Microsoft Excel\n  Spoofing Vulnerability\n  Important\n  7.7\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-34329</span>\n  Microsoft Message\n  Queuing (MSMQ) Remote Code Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40419</span>\n  Microsoft Office\n  Click-To-Run Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40418</span>\n  Microsoft Office\n  Click-To-Run Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35436</span>\n  Microsoft Office\n  Click-To-Run Elevation of Privilege Vulnerability\n  Important\n  8.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40420</span>\n  Microsoft Office\n  Click-To-Run Elevation of Privilege Vulnerability\n  Important\n  8.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42893</span>\n  Microsoft Outlook for\n  iOS Tampering Vulnerability\n  Important\n  7.4\n  No\n  No\n  Tampering\n \n \n  <span>CVE-2026-40374</span>\n  Microsoft Power\n  Automate Desktop Information Disclosure Vulnerability\n  Important\n  6.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-41102</span>\n  Microsoft PowerPoint\n  for Android Spoofing Vulnerability\n  Important\n  7.1\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-35439</span>\n  Microsoft SharePoint\n  Server Remote Code Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40368</span>\n  Microsoft SharePoint\n  Server Remote Code Execution Vulnerability\n  Important\n  8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-33110</span>\n  Microsoft SharePoint\n  Server Remote Code Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-33112</span>\n  Microsoft SharePoint\n  Server Remote Code Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40357</span>\n  Microsoft SharePoint\n  Server Remote Code Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-32185</span>\n  Microsoft Teams\n  Spoofing Vulnerability\n  Important\n  5.5\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-41101</span>\n  Microsoft Word for\n  Android Spoofing Vulnerability\n  Important\n  7.1\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-35440</span>\n  Microsoft Word\n  Information Disclosure Vulnerability\n  Important\n  5.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-40421</span>\n  Microsoft Word\n  Information Disclosure Vulnerability\n  Important\n  4.3\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-41097</span>\n  Secure Boot Security\n  Feature Bypass Vulnerability\n  Important\n  6.7\n  No\n  No\n  SFB\n \n \n  <span>CVE-2026-40370 \u2020</span>\n  SQL Server Remote Code\n  Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-41613</span>\n  Visual Studio Code\n  Elevation of Privilege Vulnerability\n  Important\n  8.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-41612</span>\n  Visual Studio Code\n  Information Disclosure Vulnerability\n  Important\n  5.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-41611</span>\n  Visual Studio Code\n  Remote Code Execution Vulnerability\n  Important\n  7.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-41610</span>\n  Visual Studio Code\n  Security Feature Bypass Vulnerability\n  Important\n  6.3\n  No\n  No\n  SFB\n \n \n  <span>CVE-2026-33839</span>\n  Win32k Elevation of\n  Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33840</span>\n  Win32k Elevation of\n  Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34330</span>\n  Win32k Elevation of\n  Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34331</span>\n  Win32k Elevation of\n  Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35423</span>\n  Windows 11 Telnet\n  Client Information Disclosure Vulnerability\n  Important\n  5.4\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-35438</span>\n  Windows Admin Center\n  Elevation of Privilege Vulnerability\n  Important\n  8.3\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-41086</span>\n  Windows Admin Center\n  in Azure Portal Elevation of Privilege Vulnerability\n  Important\n  8.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34344</span>\n  Windows Ancillary\n  Function Driver for WinSock Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34345</span>\n  Windows Ancillary\n  Function Driver for WinSock Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35416</span>\n  Windows Ancillary\n  Function Driver for WinSock Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-41088</span>\n  Windows Ancillary\n  Function Driver for WinSock Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34343</span>\n  Windows Application\n  Identity (AppID) Subsystem Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35418</span>\n  Windows Cloud Files\n  Mini Filter Driver Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33835</span>\n  Windows Cloud Files\n  Mini Filter Driver Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34337</span>\n  Windows Cloud Files\n  Mini Filter Driver Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40407</span>\n  Windows Common Log\n  File System Driver Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40397</span>\n  Windows Common Log\n  File System Driver Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42896</span>\n  Windows DWM Core\n  Library Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35419</span>\n  Windows DWM Core\n  Library Information Disclosure<span> \n  </span>Vulnerability\n  Important\n  5.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-34336</span>\n  Windows DWM Core\n  Library Information Disclosure<span> \n  </span>Vulnerability\n  Important\n  7.8\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-33834</span>\n  Windows Event Logging\n  Service Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-32209</span>\n  Windows Filtering\n  Platform (WFP) Security Feature Bypass Vulnerability\n  Important\n  4.4\n  No\n  No\n  SFB\n \n \n  <span>CVE-2026-33841</span>\n  Windows Kernel\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35420</span>\n  Windows Kernel\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40369</span>\n  Windows Kernel\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34332</span>\n  Windows Kernel-Mode\n  Driver Remote Code Execution Vulnerability\n  Important\n  8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-34339</span>\n  Windows Lightweight\n  Directory Access Protocol (LDAP) Denial of Service Vulnerability\n  Important\n  5.5\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-34341</span>\n  Windows Link-Layer\n  Discovery Protocol (LLDP) Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33838</span>\n  Windows Message\n  Queuing (MSMQ) Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34342</span>\n  Windows Print Spooler\n  Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-41095</span>\n  Windows Projected File\n  System Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34340</span>\n  Windows Projected File\n  System Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40398</span>\n  Windows Remote Desktop\n  Services Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-21530</span>\n  Windows Rich Text Edit\n  Elevation of Privilege Vulnerability\n  Important\n  6.7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-32170</span>\n  Windows Rich Text Edit\n  Elevation of Privilege Vulnerability\n  Important\n  6.7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40410</span>\n  Windows SMB Client\n  Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35415</span>\n  Windows Storage Spaces\n  Controller Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34350</span>\n  Windows Storport\n  Miniport Driver Denial of Service Vulnerability\n  Important\n  6.5\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-40405</span>\n  Windows TCP/IP Denial\n  of Service Vulnerability\n  Important\n  7.5\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-40414</span>\n  Windows TCP/IP Denial\n  of Service Vulnerability\n  Important\n  7.4\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-40401</span>\n  Windows TCP/IP Denial\n  of Service Vulnerability\n  Important\n  6.2\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-40413</span>\n  Windows TCP/IP Denial\n  of Service Vulnerability\n  Important\n  7.4\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-35422</span>\n  Windows TCP/IP Driver\n  Security Feature Bypass Vulnerability\n  Important\n  6.5\n  No\n  No\n  SFB\n \n \n  <span>CVE-2026-34351</span>\n  Windows TCP/IP\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40399</span>\n  Windows TCP/IP\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34334</span>\n  Windows TCP/IP\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40406</span>\n  Windows TCP/IP\n  Information Disclosure Vulnerability\n  Important\n  7.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-33837</span>\n  Windows TCP/IP Local\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40415</span>\n  Windows TCP/IP Remote\n  Code Execution Vulnerability\n  Important\n  8.1\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-42825</span>\n  Windows Telephony\n  Service Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34338</span>\n  Windows Telephony\n  Service Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40382</span>\n  Windows Telephony\n  Service Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40380</span>\n  Windows Volume Manager\n  Extension Driver Remote Code Execution Vulnerability\n  Important\n  6.2\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40408</span>\n  Windows WAN ARP Driver\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34333</span>\n  Windows Win32k\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34347</span>\n  Windows Win32k\n  Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35417</span>\n  Windows Win32k\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42891</span>\n  Microsoft Edge\n  (Chromium-based) for Android Spoofing Vulnerability\n  Moderate\n  6.5\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-35429</span>\n  Microsoft Edge\n  (Chromium-based) for Android Spoofing Vulnerability\n  Moderate\n  4.3\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-41107</span>\n  Microsoft Edge\n  (Chromium-based) Information Disclosure Vulnerability\n  Moderate\n  7.4\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-40416</span>\n  Microsoft\n  Edge (Chromium-based) for Android Spoofing Vulnerability\n  Low\n  4.3\n  No\n  No\n  Spoofing\n \n \n \n  \n  \n  \n  \n  \n  \n  \n \n \n\n\n\n\n\n\n\n\n\n\n\n\n  \n\n\n\n\n  \n* Indicates this CVE had been released by a third party and is now being included in Microsoft releases.\n\u2020 Indicates further administrative actions are required to fully address the vulnerability.\n \nLooking at the other Critical-rated bugs in this month\u2019s release, there are quite a few scary-looking bugs (including a CVSS 10!), but there\u2019s no action for the end user as Microsoft has already mitigated these bugs and is just now documenting them. There\u2019s also this month\u2019s crop of Office bugs where the Preview Pane is an attack vector. However, the bug in Office for Android does not have the Preview Pane vector; it\u2019s simple open and own. The bug in the WiFi driver needs a network adjacent attacker. The SharePoint bug requires authentication, but anyone with site privileges has the authentication needed. The bug in SSO Plugin for Jira & Confluence should really be called an authentication bypass, since it allows an unauthenticated attacker to gain access to a system.\nLooking at the other code execution bugs, most are of the open and own variety as expected. The bug in Dynamic 365 (On Prem) requires high privileges. The Message Queueing bug requires an adjacent attacker. The bug in SQL Server requires authentication, but as usual, patching won\u2019t be straightforward. Finally, there\u2019s a bug in the kernel that leads to code execution. Most kernel bugs are privilege escalations, but this one could allow code execution if an attacker sends specially crafted NVMe over Fabrics (NVMe\u2011oF) response messages during the connection handshake process that contains an invalid header length value. Neat.\nAs usual, the vast majority of the Microsoft release fixes Elevation of Privilege (EoP) bugs. Also as usual, most simply lead to local attackers executing their code at SYSTEM-level privileges or administrative privileges, so there\u2019s not much to add without further technical details about the bugs themselves. There are also a few bugs that just state the attacker could \u201cgain ELEVATED privileges.\u201d How obtuse. The bugs in Azure allow an attacker to access data otherwise hidden from them. The Edge bug allows threat actors to elevate to the privileges of the running application. The bug in Visual Studio allows attackers to get permissions associated with the MCP Server\u2019s managed identity. Finally, there are a couple of sandbox escapes, too, which are always useful.\nThis month's update includes six Security Feature Bypass vulnerabilities. The most severe is in the Azure SDK for Java (CVSS 9.1). An attacker over the network can bypass the integrity protection provided by authentication tags on encrypted data, effectively manipulating encrypted input in a way that slips past integrity checks during decryption.  Close behind is the bypass affecting the GitHub Copilot integration in Visual Studio Code (CWE-74). This one requires a user interaction, but it allows an attacker to circumvent the path validation safeguards that normally control which files Copilot is permitted to modify. The other Visual Studio Code bypass involves cross-site scripting, improper link resolution, and information exposure triggered when a user opens or views a maliciously crafted notebook.  On the Windows networking side there are two bypasses. The first hits the Windows TCP/IP driver via an authentication bypass using an alternate channel. The other impacts the Windows Filtering Platform through improper access control, allowing a local, low-privileged attacker to bypass FQDN-based network security rules. Finally, there\u2019s a Secure Boot bypass that, you guessed it, bypasses secure boot features.\nMoving on to the Information Disclosure bugs fixed this month, we have 15 different CVEs. As usual, the majority of these simply result in info leaks consisting of unspecified memory contents or memory addresses. The bug in Power Automate could expose data marked \u201cSensitive\u201d within Power Automate Desktop flows. One of the Word bugs could disclose NLTM hashes. The bug in Edge could disclose your cookies, which seems rude. The bug in Visual Studio could expose file path information. Finally, there\u2019s a bug in Telnet for Windows 11 that leaks information being used by Telnet at the time. I didn\u2019t even realize Windows 11 still had a telnet client.\nThe May release contains 10 spoofing bugs (plus the ones already addressed by Microsoft). The bug in Azure Machine Learning Notebooks vulnerability requires user interaction, but it could expose info through the Azure ML web interface to the attacker. There\u2019s a cluster of fixes for Microsoft's mobile Office suite on Android. Excel, Word, and PowerPoint for Android all carry spoofing flaws rooted in improper access control. Two Copilot products are also affected by spoofing vulns. The M365 Copilot for Desktop has no details provided. The M365 Copilot for Android variant requires low privileges and producing only limited impact on confidentiality and integrity. Microsoft Teams for Android rounds out the mobile app spoofing bugs. Three Edge bugs close things out, all involving misrepresentation of information in the browser UI. \nThere are two Tampering bugs in this month\u2019s release. The one in .NET Core allows threat actors to write files to an affected system. The other is in Outlook for iOS and manifests as a command injection bug.\nThere are eight DoS bugs in the May release, but as always, Microsoft provides little to no actionable information about the vulnerabilities. The most interesting from a practical standpoint are two TCP/IP bugs that allow a low-privilege Hyper-V guest to crash the host. Both are triggered from the adjacent network. On the broader network-exposure side, the ASP.NET Core bug is a straightforward infinite loop condition \u2014 an unauthenticated attacker sends a crafted request over the network and the server stops responding.\nNo new advisories are being released this month.\nLooking Ahead\nAssuming I survive Pwn2Own Berlin (which is looking iffy at the moment), I\u2019ll return on June 9th on what will hopefully be a smaller release than this one. Until then, stay safe, happy patching, and may all your reboots be smooth and clean!", "creation_timestamp": "2026-05-12T16:38:43.000000Z"}, {"uuid": "011bdc17-2273-4080-a9e5-e8c21cbe1a00", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mmaueesnqq2x", "content": "Top 3 CVE for last 7 days:\nCVE-2026-42897: 56 interactions\nCVE-2026-46300: 56 interactions\nCVE-2026-42945: 50 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-31635: 9 interactions\nCVE-2026-42945: 8 interactions\nCVE-2026-41054: 4 interactions\n", "creation_timestamp": "2026-05-20T02:30:37.098191Z"}, {"uuid": "de004bb9-72a6-40f8-97d6-e36ca069f8de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mmfvchcwo22h", "content": "Top 3 CVE for last 7 days:\nCVE-2026-45584: 64 interactions\nCVE-2026-45250: 63 interactions\nCVE-2026-42897: 43 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-45250: 63 interactions\nCVE-2026-41091: 8 interactions\nCVE-2026-45498: 8 interactions\n", "creation_timestamp": "2026-05-22T02:30:45.985453Z"}, {"uuid": "3c07dc97-b1ef-4f1e-be72-df14108638ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/newstecnicas.com/post/3mmdakbn7kc2i", "content": "\ud83d\udee1\ufe0f CVE-2026-42897: CISA advierte hackeo masivo activo en Microsoft Exchange Server (OWA) (+MITIGACI\u00d3N) www.newstecnicas.com/2026/05/cve-...", "creation_timestamp": "2026-05-21T01:14:04.608102Z"}, {"uuid": "5e1aaf29-a12e-4709-8635-f164242fd160", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mmdetqhuk22x", "content": "Top 3 CVE for last 7 days:\nCVE-2026-45584: 64 interactions\nCVE-2026-42897: 56 interactions\nCVE-2026-46300: 46 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-45584: 64 interactions\nCVE-2026-46727: 21 interactions\nCVE-2026-42462: 11 interactions\n", "creation_timestamp": "2026-05-21T02:33:02.183201Z"}, {"uuid": "53a08b3f-0dad-4e0c-870a-3e8b30ab2f1d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mmrcokbdx22e", "content": "4/ \u26a0\ufe0f THREE active exploits right now: SharePoint CVE-2026-32201 (RCE, actively hit). Exchange CVE-2026-42897 (CISA deadline May 29). Fortinet FortiAuth CVE-2026-44277 (CVSS 9.1). Patch. All. Three.", "creation_timestamp": "2026-05-26T15:29:27.277969Z"}, {"uuid": "1d6215fd-76e9-49c0-b29f-a606be131184", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://t.me/kasperskyb2b/2193", "content": "\u27a1\ufe0f \u0418\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u044b\u0435 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f APT \u0438 \u043d\u043e\u0432\u043e\u0441\u0442\u0438 \u0418\u0411 \u0437\u0430 \u043d\u0435\u0434\u0435\u043b\u044e\n\n\ud83d\udfe2\u0410\u043d\u0430\u043b\u0438\u0437 \u043d\u043e\u0432\u044b\u0445 \u0430\u0442\u0430\u043a APT Cloud Atlas, \u043f\u0440\u043e\u0432\u0435\u0434\u0435\u043d\u043d\u044b\u0445 \u0432 2026 \u0433\u043e\u0434\u0443. \u0426\u0435\u043b\u0438 \u2014 \u0433\u043e\u0441\u0443\u0434\u0430\u0440\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0435 \u0438 \u0434\u0438\u043f\u043b\u043e\u043c\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u0432 \u0420\u043e\u0441\u0441\u0438\u0438 \u0438 \u0411\u0435\u043b\u043e\u0440\u0443\u0441\u0441\u0438\u0438. \u0426\u0435\u043b\u0435\u0432\u043e\u0439 \u0444\u0438\u0448\u0438\u043d\u0433 \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u043b \u043a \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0435 \u0431\u044d\u043a\u0434\u043e\u0440\u0430 VBCloud \u0438 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0430 \u0440\u0430\u0437\u0432\u0435\u0434\u043a\u0438 PowerShower, \u0430 \u0442\u0430\u043a\u0436\u0435 \u043c\u043d\u043e\u0433\u043e\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u044b\u0445 \u043e\u0431\u0449\u0435\u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0445 \u0443\u0442\u0438\u043b\u0438\u0442. \u0412 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0430\u0441\u044c \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430, \u0443\u0441\u0442\u043e\u0439\u0447\u0438\u0432\u0430\u044f \u043a \u0443\u0434\u0430\u043b\u0435\u043d\u0438\u044e \u043e\u0442\u0434\u0435\u043b\u044c\u043d\u044b\u0445 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u043e\u0432 \u0430\u0442\u0430\u043a\u0438. \n\n\ud83d\udfe2APT Calypso/Red Lamassu \u043c\u0438\u043d\u0438\u043c\u0443\u043c \u0441 2022 \u0433\u043e\u0434\u0430 \u0430\u0442\u0430\u043a\u0443\u0435\u0442 \u0442\u0435\u043b\u0435\u043a\u043e\u043c-\u043e\u043f\u0435\u0440\u0430\u0442\u043e\u0440\u043e\u0432 \u0432 \u0410\u0422\u0420 \u0438 \u043d\u0430 \u0411\u043b\u0438\u0436\u043d\u0435\u043c \u0412\u043e\u0441\u0442\u043e\u043a\u0435 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0440\u0430\u043d\u0435\u0435 \u043d\u0435\u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e\u0433\u043e \u0412\u041f\u041e \u0434\u043b\u044f Linux \u0438 Windows. \u0418\u043c\u043f\u043b\u0430\u043d\u0442 Showboat \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u043e\u0439 \u043c\u043e\u0434\u0443\u043b\u044c\u043d\u044b\u0439 \u0444\u0440\u0435\u0439\u043c\u0432\u043e\u0440\u043a \u043f\u043e\u0441\u0442\u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0441\u043a\u0440\u044b\u0432\u0430\u0435\u0442 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u044b, \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u0442 \u0444\u0430\u0439\u043b\u043e\u0432\u044b\u0435 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0438 \u043e\u0434\u043d\u043e\u0432\u0440\u0435\u043c\u0435\u043d\u043d\u043e \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u043a\u0430\u043a SOCKS5-\u043f\u0440\u043e\u043a\u0441\u0438  \n\n\ud83d\udfe2\u0423\u0433\u0440\u043e\u0437\u044b \u0434\u043b\u044f \u041f\u041a \u0437\u0430 1 \u043a\u0432\u0430\u0440\u0442\u0430\u043b 2026 \u0433\u043e\u0434\u0430: \u0431\u044b\u043b\u043e \u0437\u0430\u0444\u0438\u043a\u0441\u0438\u0440\u043e\u0432\u0430\u043d\u043e \u043f\u043e\u0447\u0442\u0438 3000 \u043d\u043e\u0432\u044b\u0445 \u043c\u043e\u0434\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0439 \u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u043e\u0433\u043e \u041f\u041e, \u0430 \u043e\u0442 \u0430\u0442\u0430\u043a \u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u0435\u0439 \u043f\u043e\u0441\u0442\u0440\u0430\u0434\u0430\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 77 \u0442\u044b\u0441\u044f\u0447 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439. \u041d\u0430 Clop \u043f\u0440\u0438\u0448\u043b\u043e\u0441\u044c 14% \u0432\u0441\u0435\u0445 \u0436\u0435\u0440\u0442\u0432, \u0447\u044c\u0438 \u0434\u0430\u043d\u043d\u044b\u0435 \u0431\u044b\u043b\u0438 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u044b \u043d\u0430 \u0441\u0430\u0439\u0442\u0430\u0445 \u0443\u0442\u0435\u0447\u0435\u043a \u0433\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043e\u043a \u0437\u0430 \u044d\u0442\u043e\u0442 \u043f\u0435\u0440\u0438\u043e\u0434.\n\n\ud83d\udd35APT Webworm \u0437\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0439 \u0433\u043e\u0434 \u0440\u0430\u0441\u0448\u0438\u0440\u0438\u043b\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0438\u0437 \u0410\u0437\u0438\u0438 \u0432 \u0415\u0432\u0440\u043e\u043f\u0443. \u0412 \u0440\u044f\u0434\u0435 \u0432\u0442\u043e\u0440\u0436\u0435\u043d\u0438\u0439 \u0433\u0440\u0443\u043f\u043f\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430 Discord \u0438 API MS Graph \u043a\u0430\u043a C2-\u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0443.\n\n\ud83d\udd35\u0420\u0430\u0437\u0431\u043e\u0440 \u0430\u0442\u0430\u043a\u0438 \u043d\u0430 \u0433\u043b\u043e\u0431\u0430\u043b\u044c\u043d\u043e\u0435 \u043f\u0440\u043e\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u043e\u0435 \u043f\u0440\u0435\u0434\u043f\u0440\u0438\u044f\u0442\u0438\u0435 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 TencShell, \u0440\u0430\u043d\u0435\u0435 \u043d\u0435 \u043e\u043f\u0438\u0441\u0430\u043d\u043d\u043e\u0433\u043e \u0438\u043c\u043f\u043b\u0430\u043d\u0442\u0430 \u043d\u0430 Go, \u0438\u0437\u0433\u043e\u0442\u043e\u0432\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u043d\u0430 \u0431\u0430\u0437\u0435 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u0433\u043e C2-\u0444\u0440\u0435\u0439\u043c\u0432\u043e\u0440\u043a\u0430 Rshell.   \u0418\u043c\u043f\u043b\u0430\u043d\u0442 \u043c\u043e\u0434\u0443\u043b\u044c\u043d\u044b\u0439 \u0438 \u0438\u0441\u043f\u043e\u043b\u043d\u044f\u0435\u0442\u0441\u044f \u0442\u043e\u043b\u044c\u043a\u043e \u0432 \u043f\u0430\u043c\u044f\u0442\u0438, \u0446\u0435\u043b\u0438 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0445 \u043d\u0435 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b. \n\n\ud83d\udfe3\u0420\u0430\u0437\u0431\u043e\u0440 TTPs APT44 \u043d\u0430 \u043f\u0440\u0438\u043c\u0435\u0440\u0435 10 \u043f\u0440\u043e\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u044b\u0445 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0439, \u0433\u0434\u0435 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u044c \u0431\u044b\u043b\u0430 \u0437\u0430\u0434\u0435\u0442\u0435\u043a\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0430 \u0432 \u043f\u0435\u0440\u0438\u043e\u0434 \u0441 \u0438\u044e\u043b\u044f 2025 \u0433\u043e\u0434\u0430 \u043f\u043e \u044f\u043d\u0432\u0430\u0440\u044c 2026. \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043e\u0442\u043c\u0435\u0447\u0430\u044e\u0442 \u043f\u0440\u0438\u0432\u0435\u0440\u0436\u0435\u043d\u043d\u043e\u0441\u0442\u044c \u0433\u0440\u0443\u043f\u043f\u044b \u0434\u0430\u0432\u043d\u043e \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e\u043c\u0443 \u0412\u041f\u041e, \u0430 \u0442\u0430\u043a\u0436\u0435 \u043f\u043e\u043f\u044b\u0442\u043a\u0438  \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u044f \u0432 \u0441\u0435\u0442\u044f\u0445 \u0418\u0422 \u0438 \u041e\u0422 \u043f\u0440\u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u0438 \u0432\u0442\u043e\u0440\u0436\u0435\u043d\u0438\u044f.\n \n\ud83d\udfe3\u0420\u0430\u0437\u0431\u043e\u0440 \u0412\u041f\u041e ZionSiphon, \u043a\u043e\u0442\u043e\u0440\u043e\u0435 \u0434\u043e\u043b\u0436\u043d\u043e \u043d\u0430\u0440\u0443\u0448\u0430\u0442\u044c \u0440\u0430\u0431\u043e\u0442\u0443 \u0441\u0438\u0441\u0442\u0435\u043c \u0432\u043e\u0434\u043e\u043e\u0447\u0438\u0441\u0442\u043a\u0438 \u0438 \u0432\u0435\u0440\u043e\u044f\u0442\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043e \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0418\u0418-\u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u0432. \u041d\u0430 \u043f\u0440\u0430\u043a\u0442\u0438\u043a\u0435 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0433\u0435\u043e\u0442\u0430\u0440\u0433\u0435\u0442\u0438\u043d\u0433\u0430 \u043d\u0438\u043a\u043e\u0433\u0434\u0430 \u043d\u0435 \u0434\u0430\u044e\u0442 \u0412\u041f\u041e \u0441\u0440\u0430\u0431\u043e\u0442\u0430\u0442\u044c, \u0430 \u0440\u0430\u0431\u043e\u0442\u0430 \u0441 \u0410\u0421\u0423 \u0422\u041f \u0440\u0435\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u0430 \u043f\u043e\u0432\u0435\u0440\u0445\u043d\u043e\u0441\u0442\u043d\u043e \u0438 \u043d\u0435 \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442 \u043a \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u043c \u044d\u0444\u0444\u0435\u043a\u0442\u0430\u043c, \u0434\u0430\u0436\u0435 \u0435\u0441\u043b\u0438 \u0412\u041f\u041e \u0437\u0430\u043f\u0443\u0441\u0442\u0438\u0442\u0441\u044f.\n\n\ud83d\udfe3Microsoft \u043f\u0440\u0435\u0441\u0435\u043a\u043b\u0430 \u0434\u0435\u044f\u0442\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u044c SignSpaceCloud, \u0441\u0435\u0440\u0432\u0438\u0441\u0430 signing-as-a-service, \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u043c\u043e\u0433\u043e \u043a\u0430\u043a Fox Tempest, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0441 \u043c\u0430\u044f 2025 \u0433\u043e\u0434\u0430 \u043f\u0440\u043e\u0434\u0430\u0432\u0430\u043b \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u044b \u0434\u043b\u044f \u043f\u043e\u0434\u043f\u0438\u0441\u0438 \u043a\u043e\u0434\u0430 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0430\u043c \u0412\u041f\u041e. \u0421\u0440\u0435\u0434\u0438 \u00ab\u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432\u00bb \u2014 \u043e\u043f\u0435\u0440\u0430\u0442\u043e\u0440\u044b \u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u0435\u0439 Rhysida, INC, Qilin \u0438 Akira, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0433\u0440\u0443\u043f\u043f\u044b, \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u044f\u044e\u0449\u0438\u0435 \u0438\u043d\u0444\u043e\u0441\u0442\u0438\u043b\u0435\u0440\u044b.\n\n\ud83d\udd35\u042d\u043f\u0438\u0434\u0435\u043c\u0438\u044e \u0430\u0442\u0430\u043a \u043d\u0430 \u0446\u0435\u043f\u043e\u0447\u043a\u0438 \u043f\u043e\u0441\u0442\u0430\u0432\u043e\u043a \u0443\u0436\u0435 \u0432\u043f\u043e\u0440\u0443 \u043d\u0430\u0437\u044b\u0432\u0430\u0442\u044c \u0447\u0443\u043c\u043e\u0439. \u0421\u0440\u0435\u0434\u0438 \u0440\u0435\u0437\u043e\u043d\u0430\u043d\u0441\u043d\u044b\u0445 \u0436\u0435\u0440\u0442\u0432 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0445 \u043d\u0435\u0434\u0435\u043b\u044c: AntV (Alibaba), DurableTask (Microsoft), Nx Console, Grafana, TanStack, \u0438 \u043d\u0430 \u0437\u0430\u043a\u0443\u0441\u043a\u0443 \u0441\u0430\u043c GitHub.\n\n\ud83d\udd35\u041f\u043e\u0434\u0440\u043e\u0431\u043d\u044b\u0439 \u0430\u043d\u0430\u043b\u0438\u0437 \u0430\u0442\u0430\u043a APT Storm-2949, \u0432 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0435 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0438\u0437\u0432\u043b\u0435\u043a\u0430\u044e\u0442 \u0446\u0435\u043d\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u0438\u0437 \u043e\u0431\u043b\u0430\u0447\u043d\u044b\u0445 \u0441\u0440\u0435\u0434 Microsoft, \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u044f \u0438\u0441\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u043b\u0435\u0433\u0438\u0442\u0438\u043c\u043d\u044b\u0435 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f SaaS \u0438 PaaS. \n\n\ud83d\udfe3\u0412\u044b\u0448\u043b\u0438 \u044d\u043a\u0441\u0442\u0440\u0435\u043d\u043d\u044b\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u0432\u0443\u0445 \u0437\u0438\u0440\u043e\u0434\u0435\u0435\u0432 \u0432 Defender, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0437\u0430\u043c\u0435\u0447\u0435\u043d\u044b \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u0430\u0442\u0430\u043a\u0430\u0445: \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u0435 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 (CVE-2026-41091) \u0438 DoS (CVE-2026-45498).\n\n\ud83d\udfe3\u0422\u0430\u043a\u0436\u0435 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u044e\u0442 \u0437\u0438\u0440\u043e\u0434\u0435\u0439 \u0432 Microsoft Exchange Outlook Web Access (CVE-2026-42897), \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u0440\u0438 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0451\u043d\u043d\u044b\u0445 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 JavaScript \u0432 \u043f\u043e\u0447\u0442\u043e\u0432\u044b\u0445 \u044f\u0449\u0438\u043a\u0430\u0445 OWA. Microsoft \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0432\u0440\u0435\u043c\u0435\u043d\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u0437\u0430\u0449\u0438\u0442\u044b, \u043f\u043e\u0441\u0442\u043e\u044f\u043d\u043d\u044b\u0439 \u043f\u0430\u0442\u0447  \u043d\u0435 \u0433\u043e\u0442\u043e\u0432.\n\n\ud83d\udd34\u0417\u0430\u043d\u0438\u043c\u0430\u0442\u0435\u043b\u044c\u043d\u0430\u044f \u043f\u0430\u043b\u0435\u043e\u043d\u0442\u043e\u043b\u043e\u0433\u0438\u044f: \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0439 \u0430\u043d\u0430\u043b\u0438\u0437 \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u043e\u0432 \u0440\u0430\u0431\u043e\u0442\u044b Fast16, \u0434\u0432\u043e\u044e\u0440\u043e\u0434\u043d\u043e\u0433\u043e \u0431\u0440\u0430\u0442\u0430 Stuxnet. \u042d\u0442\u043e \u0412\u041f\u041e \u0431\u044b\u043b\u043e \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u043e \u043d\u0430 \u041f\u041e LS-DYNA \u0438 Autodyn, \u0438 \u0441\u0440\u0430\u0431\u0430\u0442\u044b\u0432\u0430\u043b\u043e \u0442\u043e\u043b\u044c\u043a\u043e \u043f\u0440\u0438 \u043c\u043e\u0434\u0435\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0438 \u044f\u0434\u0435\u0440\u043d\u044b\u0445 \u0432\u0437\u0440\u044b\u0432\u043e\u0432. \u0420\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u044b \u043f\u043e\u0434\u0441\u0447\u0451\u0442\u043e\u0432 \u043f\u043e\u0434\u043c\u0435\u043d\u044f\u043b\u0438\u0441\u044c \u043d\u0430 \u043b\u0435\u0442\u0443, \u043f\u043e\u043a\u0430\u0437\u044b\u0432\u0430\u044f, \u0447\u0442\u043e \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u043f\u043b\u043e\u0442\u043d\u043e\u0441\u0442\u044c \u044f\u0434\u0435\u0440\u043d\u043e\u0433\u043e \u043c\u0430\u0442\u0435\u0440\u0438\u0430\u043b\u0430 \u043d\u0435 \u0434\u043e\u0441\u0442\u0438\u0433\u043d\u0443\u0442\u0430.  \u042d\u043a\u0441\u043f\u0435\u0440\u0442\u044b \u0443\u0432\u0435\u0440\u0435\u043d\u044b, \u0447\u0442\u043e fast16 \u0431\u044b\u043b \u043f\u0440\u0435\u0434\u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d \u0434\u043b\u044f \u0441\u0430\u0431\u043e\u0442\u0430\u0436\u0430 \u044f\u0434\u0435\u0440\u043d\u043e\u0439 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u044b \u0418\u0440\u0430\u043d\u0430.\n\n\ud83d\udfe0\u041d\u0435\u043c\u043d\u043e\u0433\u043e \u0437\u0430 \u0440\u0430\u043c\u043a\u0430\u043c\u0438 \u043d\u0430\u0448\u0438\u0445 \u043e\u0431\u044b\u0447\u043d\u044b\u0445 \u0442\u0435\u043c, \u043d\u043e \u043d\u0435 \u043c\u043e\u0436\u0435\u043c \u043c\u043e\u043b\u0447\u0430\u0442\u044c. \u0414\u043e 30% \u043a\u0440\u0443\u043f\u043d\u044b\u0445 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0439 \u043f\u043e-\u043f\u0440\u0435\u0436\u043d\u0435\u043c\u0443 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u0437\u0430\u0440\u0443\u0431\u0435\u0436\u043d\u043e\u0435 \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u0435 \u041f\u041e, \u0437\u0430\u043a\u0443\u043f\u043b\u0435\u043d\u043d\u043e\u0435 \u0434\u043e 2022 \u0433\u043e\u0434\u0430, \u043d\u043e \u0443\u0436\u0435 \u0431\u0435\u0437 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u0431\u0435\u0437 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0438.  \u00af\\_(\u30c4)_/\u00af\n\n#\u0434\u0430\u0439\u0434\u0436\u0435\u0441\u0442 #APT @\u041f2\u0422", "creation_timestamp": "2026-05-25T09:12:01.000000Z"}, {"uuid": "2f3c871b-e244-4b6f-bbb8-0ee5c0700b3d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/iberianm.bsky.social/post/3mmrrsxr72j2w", "content": "Microsoft Exchange (CVE-2026-42897) has a zero-day XSS that can let attackers compromise OWA mailboxes. For defenders: review OWA exposure and watch for odd mailbox actions.\n\nhttps://www.darkreading.com/vulnerabilities-threats/microsoft-exchange-zero-day-no-patch", "creation_timestamp": "2026-05-26T20:00:21.186644Z"}, {"uuid": "035fa1a8-b0ff-429b-a46a-1602ed085e9a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/aegisbot.bsky.social/post/3mmhlcgr2r42v", "content": "\ud83d\udd0d Top signals this week:\n\nCVEs: CVE-2026-20182, CVE-2026-42897, CVE-2026-45585, CVE-2026-42945, CVE-2026-9082\nActors: Ransomware, Apt, Play\n\nFull intel: https://matlock.ca/cybersecnews", "creation_timestamp": "2026-05-22T18:37:06.602611Z"}, {"uuid": "8a4c11af-57f5-4786-abdc-b19b4bf4d18d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/newstecnicas.com/post/3mmhvibg62c2h", "content": "\ud83d\udee1\ufe0f CVE-2026-42897: #CISA advierte #hackeo masivo activo en Microsoft Exchange Server (OWA) (+MITIGACI\u00d3N) www.newstecnicas.com/2026/05/cve-...", "creation_timestamp": "2026-05-22T21:39:23.020520Z"}, {"uuid": "deee4d1c-6f03-4ba1-a2e9-50b6ddde27e3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/iberianm.bsky.social/post/3mmp3useyyb27", "content": "Dark Reading reports attackers exploiting a Microsoft Exchange zero-day (CVE-2026-42897), an XSS issue that could let them compromise Outlook Web Access mailboxes. For defenders, prioritize OWA exposure monito\u2026\n\nhttps://www.darkreading.com/vulnerabilities-threats/microsoft-exchange-zero-day-no-patch", "creation_timestamp": "2026-05-25T18:22:20.864541Z"}, {"uuid": "16235bbb-f879-43f4-90da-612a28eee4a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/iberianm.bsky.social/post/3mmp46f6tox2z", "content": "Dark Reading reports attackers exploiting a Microsoft Exchange zero-day (CVE-2026-42897), an XSS issue that could let them compromise Outlook Web Access mailboxes. For defenders, prioritize OWA exposure monitoring and mitigation until patched.", "creation_timestamp": "2026-05-25T18:27:42.377769Z"}, {"uuid": "99c649f4-98bd-4fc6-bbbb-46ac2f218ce8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/iberianm.bsky.social/post/3mmp4b5zbjd2c", "content": "Dark Reading reports attackers exploiting a Microsoft Exchange zero-day (CVE-2026-42897), an XSS issue that could let them compromise Outlook Web Access mailboxes. For defenders, prioritize OWA exposure monitoring and mitigation until patched.", "creation_timestamp": "2026-05-25T18:29:15.728805Z"}, {"uuid": "847276a6-2054-45d8-be6d-23ec80218751", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/iberianm.bsky.social/post/3mmp4jm4ujj2w", "content": "Dark Reading reports attackers exploiting a Microsoft Exchange zero-day (CVE-2026-42897), an XSS issue that could let them compromise Outlook Web Access mailboxes. For defenders, prioritize OWA exposure monitoring and mitigation until patched.", "creation_timestamp": "2026-05-25T18:33:58.755136Z"}, {"uuid": "dc9d1694-5444-4a49-a444-972310e85fcb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/iberianm.bsky.social/post/3mmp4liup772e", "content": "Dark Reading reports attackers exploiting a Microsoft Exchange zero-day (CVE-2026-42897), an XSS issue that could let them compromise Outlook Web Access mailboxes. For defenders, prioritize OWA exposure monitoring and mitigation until patched.", "creation_timestamp": "2026-05-25T18:35:02.605677Z"}, {"uuid": "b0fe8c64-3202-46ee-a6d8-1c9463db55e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/iberianm.bsky.social/post/3mmp4ogivon27", "content": "Dark Reading reports attackers exploiting a Microsoft Exchange zero-day (CVE-2026-42897), an XSS issue that could let them compromise Outlook Web Access mailboxes. For defenders, prioritize OWA exposure monitoring and mitigation until patched.", "creation_timestamp": "2026-05-25T18:36:40.600153Z"}, {"uuid": "d43d4024-b085-4839-906c-94dc9f8c71ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/iberianm.bsky.social/post/3mmp4ryjoix2z", "content": "Dark Reading reports attackers exploiting a Microsoft Exchange zero-day (CVE-2026-42897), an XSS issue that could let them compromise Outlook Web Access mailboxes. For defenders, prioritize OWA exposure monitoring and mitigation until patched.", "creation_timestamp": "2026-05-25T18:38:40.317987Z"}, {"uuid": "c9463d9f-5b78-4541-b5f7-6aa0b4609872", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/iberianm.bsky.social/post/3mmp4zdtpex22", "content": "Dark Reading reports attackers exploiting a Microsoft Exchange zero-day (CVE-2026-42897), an XSS issue that could let them compromise Outlook Web Access mailboxes. For defenders, prioritize OWA exposure monitoring and mitigation until patched.", "creation_timestamp": "2026-05-25T18:42:47.342323Z"}, {"uuid": "8a167c81-45d5-45ff-98a2-5b9996e14325", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/iberianm.bsky.social/post/3mmp5c2e5ch2h", "content": "Dark Reading reports attackers exploiting a Microsoft Exchange zero-day (CVE-2026-42897), an XSS issue that could let them compromise Outlook Web Access mailboxes. For defenders, prioritize OWA exposure monitoring and mitigation until patched.", "creation_timestamp": "2026-05-25T18:47:39.805450Z"}, {"uuid": "add52b24-0505-486f-b718-4dc72aa90ae1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/iberianm.bsky.social/post/3mmp5yehzay2a", "content": "Microsoft Exchange CVE-2026-42897 is being exploited via an XSS flaw that can let attackers compromise Outlook Web Access (OWA) mailboxes. For defenders, the lack of a patch means prioritizing exposure checks and compensating controls now.", "creation_timestamp": "2026-05-25T19:00:07.887275Z"}, {"uuid": "8717b654-f9b7-433f-ac77-023c05560c04", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/iberianm.bsky.social/post/3mmp6c4p3td2c", "content": "Microsoft reports a zero-day XSS in Exchange (CVE-2026-42897) that could let attackers compromise OWA mailboxes. For defenders: review OWA exposure, monitor for suspicious mailbox actions, and watch vendor guidance\u2014no patch yet.", "creation_timestamp": "2026-05-25T19:05:35.227027Z"}, {"uuid": "a4e707bd-8758-4935-9e2b-d0df25f1f7bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/iberianm.bsky.social/post/3mmp6uqk37y2e", "content": "Microsoft Exchange: CVE-2026-42897 is a zero-day XSS that could let attackers compromise OWA mailboxes; no patch is available. For defenders: review OWA exposure and watch for abnormal\u2026\n\nhttps://www.darkreading.com/vulnerabilities-threats/microsoft-exchange-zero-day-no-patch", "creation_timestamp": "2026-05-25T19:16:00.006609Z"}, {"uuid": "dbee77ba-7590-454c-a413-c7e9e3b7057a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/iberianm.bsky.social/post/3mmp77maavu27", "content": "Microsoft Exchange OWA: Dark Reading says CVE-2026-42897 is a zero-day XSS that could let attackers compromise OWA mailboxes. For defenders: audit OWA and watch for odd mailbox actions.\n\nhttps://www.darkreading.com/vulnerabilities-threats/microsoft-exchange-zero-day-no-patch", "creation_timestamp": "2026-05-25T19:22:04.801006Z"}, {"uuid": "d6d3e008-f504-4cb1-af15-af70d7e985a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/iberianm.bsky.social/post/3mmpbdzuaef2h", "content": "Microsoft Exchange (CVE-2026-42897): a cross-site scripting flaw can let attackers compromise Outlook Web Access mailboxes. For defenders: review OWA exposure and monitor suspicious ma\u2026\n\nhttps://www.darkreading.com/vulnerabilities-threats/microsoft-exchange-zero-day-no-patch", "creation_timestamp": "2026-05-25T20:00:20.710625Z"}, {"uuid": "850fefae-3dc9-4a02-8cec-cbfe5e8afa59", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/infotransec.bsky.social/post/3mmpj5svnyi25", "content": "Zero-day disclosure now outpaces mitigation capacity. CVE-2026-42897 hits Exchange servers with no patch - only temp fixes available.\n\ninfotransec.com/news/zero-da...\n\n#InfoSec #ZeroDay #Exchange #ThreatIntel", "creation_timestamp": "2026-05-25T22:20:01.820528Z"}, {"uuid": "af87c460-900a-4d54-9dce-b3fd129af083", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/iberianm.bsky.social/post/3mmq46g5a3o2z", "content": "Microsoft Exchange (CVE-2026-42897) zero-day XSS is being exploited to compromise OWA mailboxes. For defenders: review OWA exposure and block suspicious mailbox actions.\n\nhttps://www.darkreading.com/vulnerabilities-threats/microsoft-exchange-zero-day-no-patch", "creation_timestamp": "2026-05-26T04:00:23.675712Z"}, {"uuid": "251a5951-dfd6-4c50-809b-16bd86ec199c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/iberianm.bsky.social/post/3mmqwynvpuj2z", "content": "Dark Reading reports Microsoft Exchange CVE-2026-42897: a zero-day XSS affecting Outlook Web Access that could let attackers compromise OWA mailboxes. For defenders: review OWA exposur\u2026\n\nhttps://www.darkreading.com/vulnerabilities-threats/microsoft-exchange-zero-day-no-patch", "creation_timestamp": "2026-05-26T12:00:20.958597Z"}, {"uuid": "034d63a1-e5ea-4d4a-be59-358f611cc9a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mmrcokbmqc2e", "content": "4/ \u26a0\ufe0f THREE active exploits right now: SharePoint CVE-2026-32201 (RCE, actively hit). Exchange CVE-2026-42897 (CISA deadline May 29). Fortinet FortiAuth CVE-2026-44277 (CVSS 9.1). Patch. All. Three.", "creation_timestamp": "2026-05-26T15:29:28.293010Z"}, {"uuid": "b7ade50f-e16b-462f-aba5-732295c22955", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mmrcokbmqd2e", "content": "4/ \u26a0\ufe0f THREE active exploits right now: SharePoint CVE-2026-32201 (RCE, actively hit). Exchange CVE-2026-42897 (CISA deadline May 29). Fortinet FortiAuth CVE-2026-44277 (CVSS 9.1). Patch. All. Three.", "creation_timestamp": "2026-05-26T15:29:29.141246Z"}, {"uuid": "433513e7-424c-45e9-9b02-31c84a1826d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mmrcokbnpl2e", "content": "4/ \u26a0\ufe0f THREE active exploits right now: SharePoint CVE-2026-32201 (RCE, actively hit). Exchange CVE-2026-42897 (CISA deadline May 29). Fortinet FortiAuth CVE-2026-44277 (CVSS 9.1). Patch. All. Three.", "creation_timestamp": "2026-05-26T15:30:23.969626Z"}, {"uuid": "9503db0b-569a-42f2-85e0-5736963b4899", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mmrcokbnpm2e", "content": "4/ \u26a0\ufe0f THREE active exploits right now: SharePoint CVE-2026-32201 (RCE, actively hit). Exchange CVE-2026-42897 (CISA deadline May 29). Fortinet FortiAuth CVE-2026-44277 (CVSS 9.1). Patch. All. Three.", "creation_timestamp": "2026-05-26T15:30:25.104443Z"}, {"uuid": "77a955cd-3818-4fc0-9684-57cd76416476", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mmrcokboou2e", "content": "4/ \u26a0\ufe0f THREE active exploits right now: SharePoint CVE-2026-32201 (RCE, actively hit). Exchange CVE-2026-42897 (CISA deadline May 29). Fortinet FortiAuth CVE-2026-44277 (CVSS 9.1). Patch. All. Three.", "creation_timestamp": "2026-05-26T15:30:25.986170Z"}, {"uuid": "50121423-eb30-4dff-acd4-2b99b45ee18e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mmrcokboov2e", "content": "4/ \u26a0\ufe0f THREE active exploits right now: SharePoint CVE-2026-32201 (RCE, actively hit). Exchange CVE-2026-42897 (CISA deadline May 29). Fortinet FortiAuth CVE-2026-44277 (CVSS 9.1). Patch. All. Three.", "creation_timestamp": "2026-05-26T15:30:26.882698Z"}, {"uuid": "68e16e2b-8093-4d3a-ba3e-fb383f530102", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mmrcokbpo52e", "content": "4/ \u26a0\ufe0f THREE active exploits right now: SharePoint CVE-2026-32201 (RCE, actively hit). Exchange CVE-2026-42897 (CISA deadline May 29). Fortinet FortiAuth CVE-2026-44277 (CVSS 9.1). Patch. All. Three.", "creation_timestamp": "2026-05-26T15:30:27.859573Z"}, {"uuid": "8158bc8b-5426-4940-bddb-c284fcbb153c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mmrcokbpo62e", "content": "4/ \u26a0\ufe0f THREE active exploits right now: SharePoint CVE-2026-32201 (RCE, actively hit). Exchange CVE-2026-42897 (CISA deadline May 29). Fortinet FortiAuth CVE-2026-44277 (CVSS 9.1). Patch. All. Three.", "creation_timestamp": "2026-05-26T15:30:28.733951Z"}, {"uuid": "05dba9ec-9b54-42ec-8783-d40cee4b16bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/pvynckier.bsky.social/post/3mmssvy5szc23", "content": "CVE-2026-42897, Microsoft publie une att\u00e9nuation d'urgence pour la faille XSS d'Exchange - IT SOCIAL itsocial.fr/cybersecurit...", "creation_timestamp": "2026-05-27T05:52:39.490764Z"}, {"uuid": "ced1de12-d2a4-447c-8270-34fc0907b8b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/diesec.bsky.social/post/3mmte3szsrg2d", "content": "Exchange Server zero-day (CVE-2026-42897): crafted email \u2192 OWA XSS \u2192 session token stolen.\u00a0\nActive exploitation confirmed.\nNo permanent patch.\n CISA deadline May 29.\nIf EM Service is disabled, you're unprotected right now.\n\nCheck EM Service status before Friday.\n\n#CyberSecurity", "creation_timestamp": "2026-05-27T11:00:05.860500Z"}, {"uuid": "411ed968-4922-4c49-ab5b-6e85cfcaaf7a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/hakksaww.bsky.social/post/3mmuwmpbe5w2k", "content": "CISA Exchange CVE-2026-42897 federal deadline tomorrow. Three more crews hit this week: Marquis (400K), Brightspeed via Crimson Collective (1M+), Silent Ransom Group on law firms. All four in our STIX feed: https://analytics.dugganusa.com/stix/register", "creation_timestamp": "2026-05-28T02:04:22.648044Z"}, {"uuid": "88db9cb5-bedb-4a3a-a5af-405997b58d9e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/shortinfo.bsky.social/post/3mmvct7g2d426", "content": "Microsoft has confirmed attackers are actively exploiting CVE-2026-42897, a XSS flaw in on-premises Exchange Server's Outlook Web Access. A crafted email can run arbitrary JavaScript when opened in OWA. No permanent patch; CISA added the bug to KEV with a May 29 deadline for federal agencies.", "creation_timestamp": "2026-05-28T05:42:43.216373Z"}]}