Microsoft May 2026 Patch Tuesday fixes 120 flaws, no zero-days By Lawrence Abrams May 12, 2026 02:08 PM 0 Today is Microsoft's May 2026 Patch Tuesday, with security updates for 120 flaws and no zero-days disclosed. This Patch Tuesday addresses 17 "Critical" vulnerabilities, 14 of which are remote code execution, 2 are elevation of privilege, and 1 is an information disclosure flaw. The number of bugs in each vulnerability category is listed below: 61 Elevation of Privilege Vulnerabilities 6 Security Feature Bypass Vulnerabilities 31 Remote Code Execution Vulnerabilities 14 Information Disclosure Vulnerabilities 8 Denial of Service Vulnerabilities 13 Spoofing Vulnerabilities When BleepingComputer reports on Patch Tuesday security updates, we only count those released by Microsoft today. Therefore, the number of flaws does not include flaws in Mariner, Azure, Copilot, Microsoft Teams, and Microsoft Partner Center that were fixed by Microsoft earlier this month. There were also 131 Microsoft Edge/Chromium flaws that were fixed by Google this month, which were excluded. Noteworthy vulnerabilities Microsoft has not disclosed any zero-day vulnerabilities in this month's Patch Tuesday. However, there are some vulnerabilities fixed today that IT and security admins should be aware of. As part of today's updates, Microsoft has fixed numerous vulnerabilities in Microsoft Office, Word, and Excel that could lead to remote code execution. These flaws are exploited by opening malicious files, which can result in remote code execution. As many of these can be exploited via the preview pane, it is strongly advised to update Microsoft Office as soon as possible, especially if they commonly receive attachments. A list of the Microsoft Office, Word, and Excel flaws can be found in our May 2026 Patch Tuesday report . Other interesting vulnerabilities are: CVE-2026-35421 - Windows GDI Remote Code Execution Vulnerability: This flaw can be exploited by opening a malicious Enhanced Metafile (EMF) file using Microsoft Paint. CVE-2026-40365 - Microsoft SharePoint Server Remote Code Execution Vulnerability: An authenticated attacker can perform a network-based attack that remotely executes code on a SharePoint server. CVE-2026-41096 - Windows DNS Client Remote Code Execution Vulnerability: An attacker-controlled DNS server could send a specially crafted DNS response to a vulnerable Windows system, causing the DNS Client to incorrectly process the response and corrupt memory. This would allow the attacker to run code on the vulnerable system remotely. Recent updates from other companies Other vendors who released updates or advisories in May 2026 include: Adobe has released security updates for After Effects, Premiere Pro, Media Encoder, Commerce, Illustrator, and more. AMD disclosed updates for an elevation of privileges vulnerability in the CPU operation (op/µop) cache on Zen 2‑based. Apple released security updates for macOS, iOS, watchOS, iPadOS, visionOS, and tvOS. Cisco released security updates for numerous products, including a DoS flaw that requires manual rebooting of affected systems for recovery. Fortinet released security updates for two critical flaws in FortiSandbox and FortiAuthenticator . Google released Android's May security bulletin , which fixes 10 vulnerabilities. Ivanti released security updates for a high-severity Endpoint Manager Mobile (EPMM) remote code execution vulnerability, which was exploited in zero-day attacks. Mozilla released security updates for five Firefox vulnerabilities. Palo Alto Networks warned of a critical PAN-OS User-ID Authentication Portal flaw that was exploited in attacks as a zero-day . Patches have still not been released, but mitigations are available. SAP released the May security updates , which include fixes for one high-severity and two Critical flaws. vm2 released security updates for a critical vulnerability in the popular Node.js sandboxing library. The May 2026 Patch Tuesday Security Updates Below is the complete list of resolved vulnerabilities in the May 2026 Patch Tuesday updates. To access the full description of each vulnerability and the systems it affects, you can view the full report here . Tag CVE ID CVE Title Severity .NET CVE-2026-35433 .NET Elevation of Privilege Vulnerability Important .NET CVE-2026-32177 .NET Elevation of Privilege Vulnerability Important .NET CVE-2026-32175 .NET Core Tampering Vulnerability Important AMD CPU Branch CVE-2025-54518 AMD: CVE-2025-54518 CPU OP Cache Corruption Important ASP.NET Core CVE-2026-42899 ASP.NET Core Denial of Service Vulnerability Important Azure Connected Machine Agent CVE-2026-40381 Azure Connected Machine Agent Elevation of Privilege Vulnerability Important Azure Logic Apps CVE-2026-42823 Azure Logic Apps Elevation of Privilege Vulnerability Important Azure Machine Learning CVE-2026-33833 Azure Machine Learning Notebook Spoofing Vulnerability Important Azure Monitor Agent CVE-2026-32204 Azure Monitor Agent Elevation of Privilege Vulnerability Important Azure Monitor Agent CVE-2026-42830 Azure Monitor Agent Metrics Extension Elevation of Privilege Vulnerability Important Azure SDK CVE-2026-33117 Azure SDK for Java Security Feature Bypass Vulnerability Important Data Deduplication CVE-2026-41095 Data Deduplication Elevation of Privilege Vulnerability Important Dynamics Business Central CVE-2026-40417 Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability Important GitHub Copilot and Visual Studio CVE-2026-41109 GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability Important M365 Copilot CVE-2026-41100 Microsoft 365 Copilot for Android Spoofing Vulnerability Important M365 Copilot CVE-2026-42893 Microsoft Outlook for iOS Tampering Vulnerability Important M365 Copilot CVE-2026-26164 M365 Copilot Information Disclosure Vulnerability Critical M365 Copilot for Desktop CVE-2026-41614 M365 Copilot for Desktop Spoofing Vulnerability Important Microsoft Data Formulator CVE-2026-41094 Microsoft Data Formulator Remote Code Execution Vulnerability Important Microsoft Dynamics 365 (on-premises) CVE-2026-42898 Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability Critical Microsoft Dynamics 365 (on-premises) CVE-2026-42833 Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability Important Microsoft Office CVE-2026-42832 Microsoft Office Spoofing Vulnerability Important Microsoft Office CVE-2026-42831 Microsoft Office Remote Code Execution Vulnerability Critical Microsoft Office CVE-2026-40363 Microsoft Office Remote Code Execution Vulnerability Critical Microsoft Office CVE-2026-40419 Microsoft Office Click-To-Run Elevation of Privilege Vulnerability Important Microsoft Office CVE-2026-40358 Microsoft Office Remote Code Execution Vulnerability Critical Microsoft Office Click-To-Run CVE-2026-35436 Microsoft Office Click-To-Run Elevation of Privilege Vulnerability Important Microsoft Office Click-To-Run CVE-2026-40420 Microsoft Office Click-To-Run Elevation of Privilege Vulnerability Important Microsoft Office Click-To-Run CVE-2026-40418 Microsoft Office Click-To-Run Elevation of Privilege Vulnerability Important Microsoft Office Excel CVE-2026-40360 Microsoft Excel Information Disclosure Vulnerability Important Microsoft Office Excel CVE-2026-40362 Microsoft Excel Remote Code Execution Vulnerability Important Microsoft Office Excel CVE-2026-40359 Microsoft Excel Remote Code Execution Vulnerability Important Microsoft Office PowerPoint CVE-2026-41102 Microsoft PowerPoint for Android Spoofing Vulnerability Important Microsoft Office SharePoint CVE-2026-40368 Microsoft SharePoint Server Remote Code Execution Vulnerability Important Microsoft Office SharePoint CVE-2026-35439 Microsoft SharePoint Server Remote Code Execution Vulnerability Important Microsoft Office SharePoint CVE-2026-33112 Microsoft SharePoint Server Remote Code Execution Vulnerability Important Microsoft Office SharePoint CVE-2026-40365 Microsoft SharePoint Server Remote Code Execution Vulnerability Critical Microsoft Office SharePoint CVE-2026-40357 Microsoft SharePoint Server Remote Code Execution Vulnerability Important Microsoft Office SharePoint CVE-2026-33110 Microsoft SharePoint Server Remote Code Execution Vulnerability Important Microsoft Office Word CVE-2026-40361 Microsoft Word Remote Code Execution Vulnerability Critical Microsoft Office Word CVE-2026-40367 Microsoft Word Remote Code Execution Vulnerability Critical Microsoft Office Word CVE-2026-35440 Microsoft Word Information Disclosure Vulnerability Important Microsoft Office Word CVE-2026-40421 Microsoft Word Information Disclosure Vulnerability Important Microsoft Office Word CVE-2026-41101 Microsoft Word for Android Spoofing Vulnerability Important Microsoft Office Word CVE-2026-40366 Microsoft Word Remote Code Execution Vulnerability Critical Microsoft Office Word CVE-2026-40364 Microsoft Word Remote Code Execution Vulnerability Critical Microsoft SSO Plugin for Jira & Confluence CVE-2026-41103 Microsoft SSO Plugin for Jira & Confluence Elevation of Privilege Vulnerability Critical Microsoft Teams CVE-2026-32185 Microsoft Teams Spoofing Vulnerability Important Microsoft Windows DNS CVE-2026-41096 Windows DNS Client Remote Code Execution Vulnerability Critical Power Automate CVE-2026-40374 Microsoft Power Automate Desktop Information Disclosure Vulnerability Important SQL Server CVE-2026-40370 SQL Server Remote Code Execution Vulnerability Important Telnet Client CVE-2026-35423 Windows 11 Telnet Client Information Disclosure Vulnerability Important Visual Studio Code CVE-2026-41613 Visual Studio Code Elevation of Privilege Vulnerability Important Visual Studio Code CVE-2026-41612 Visual Studio Code Information Disclosure Vulnerability Important Visual Studio Code CVE-2026-41610 Visual Studio Code Security Feature Bypass Vulnerability Important Visual Studio Code CVE-2026-41611 Visual Studio Code Remote Code Execution Vulnerabilit