Zero Day Initiative

I’m currently in Berlin helping set up for Pwn2Own Berlin, but that doesn’t stop Patch Tuesday from coming, and it’s another big one. At least nothing is listed as being in the wild – for now. Take a break from your regularly scheduled activities and let’s take a look at the latest security patches from Adobe and Microsoft. Due to technical difficulties, there will not be a video companion for this month.

Adobe Patches for May 2026

For May, Adobe released 10 bulletins addressing 52 unique CVEs in Adobe Commerce, After Effects, Adobe Connect, Illustrator, Media Encoder, Premiere Pro, Substance 3D Painter, Substance 3D Sampler, Content Authenticity SDK, and the Adobe Substance 3D Designer. Here’s this month’s overview table:

Bulletin ID Product CVE Count Highest Severity Highest CVSS Exploited Deployment Priority APSB26-49 Adobe Commerce 15 Critical 8.7 No 2 APSB26-48 Adobe After Effects 4 Critical 7.8 No 3 APSB26-50 Adobe Connect 2 Critical 9.6 No 3 APSB26-51 Adobe Illustrator 4 Critical 7.8 No 3 APSB26-47 Adobe Media Encoder 2 Critical 7.8 No 3 APSB26-46 Adobe Premiere Pro 3 Critical 7.8 No 3 APSB26-55 Adobe Substance 3D Painter 2 Critical 7.8 No 3 APSB26-54 Adobe Substance 3D Sampler 1 Critical 7.8 No 3 APSB26-53 Content Authenticity SDK 14 Critical 7.5 No 3 APSB26-52 Adobe Substance 3D Designer 5 Important 6.3 No 3 TOTAL 10 bulletins 52

The obvious priority this month is the patch for Commerce, with its 15 bugs and deployment priority of 2. The Connect fix should also rank up there since both of its CVEs are CVSS 9s. Beyond those, it’s a pretty typical month for Adobe, with most of the bugs either being cross-site scripting (XSS) or open-and-own code executions.

Microsoft Patches for May 2026

This month, Microsoft released a whopping 138 new CVEs in Windows and Windows components, Office and Office Components, Microsoft Edge (Chromium-based), Azure, .NET and Visual Studio, Copilot Chat, Github Copilot, M365 Copilot, SQL Server, TCP/IP, and the Telnet Client – yes, the Telnet client. Two of these bugs were reported through the TrendAI ZDI program. 30 of these bugs are rated Critical, three are rated as Moderate, one is rated Low, and the rest are rated Important in severity.

This large volume of fixes follows the largest monthly release in Microsoft’s history and reflects the trend across the industry of a high number of submissions. While not all of these bugs were found by AI, it’s likely they had an AI-related component – even if it was just AI writing the submission. I should also point out the Pwn2Own Berlin occurs in just a few days, and it’s typical for vendors to patch as much as they can before the event.

None of the bugs patched by Microsoft this month are listed as publicly known or under active attack at the time of release, so we’ve got that going for us. Let’s take a closer look at some of the more interesting updates for this month, starting with a nasty-looking bug in DNS:

-    CVE-2026-41096 - Windows DNS Client Remote Code Execution Vulnerability
This patch fixes a heap-based buffer overflow in the DNS Client triggered by a malicious DNS response. No authentication or user interaction needed, and since the DNS Client runs on virtually every Windows machine, the attack surface is enormous. An attacker with a position to influence DNS responses (MitM, rogue server) could achieve unauthenticated RCE across your enterprise.

-    CVE-2026-41089 - Windows Netlogon Remote Code Execution Vulnerability
This update covers another CVSS 9.8 bug, which is a stack-based buffer overflow that lets an unauthenticated remote attacker execute code on a domain controller by sending a specially crafted network request — no credentials, no user interaction required. Yup – that makes it wormable. This is the highest-impact bug that requires immediate patching: a compromised domain controller is a compromised domain.

-    CVE-2026-42898 - Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability
This bug rates a CVSS 9.9(!) and represents a code injection in Dynamics 365. It allows any authenticated user to execute code with a scope change, meaning exploitation can break out and affect resources beyond the vulnerable component itself. Scope changes are pretty rare, so if you’re running Dynamics 365 On-Prem, definitely test and deploy this patch quickly.

-    CVE-2026-40415 - Windows TCP/IP Remote Code Execution Vulnerability
This bug in the TCP/IP stack results from a use-after-free (UAF) and could allow a remote, unauthenticated threat actor to execute code without user interaction. That makes this another wormable bug. However, this one is much less likely to be exploited. The target needs to be under sustained low-memory (memory pressure) conditions, which is pretty rare. Still, no need to tempt fate here. Test and deploy this one quickly.

Here’s the full list of CVEs released by Microsoft for May 2026:

CVE Title Severity CVSS Public Exploited Type CVE-2026-35435 Azure AI Foundry Elevation of Privilege Vulnerability Critical 8.6 No No EoP CVE-2026-35428 Azure Cloud Shell Spoofing Vulnerability Critical 9.6 No No Spoofing CVE-2026-42826 Azure DevOps Information Disclosure Vulnerability Critical 10 No No Info CVE-2026-32207 Azure Machine Learning Notebook Spoofing Vulnerability Critical 8.8 No No Spoofing CVE-2026-33109 Azure Managed Instance for Apache Cassandra Remote Code Execution Vulnerability Critical 9.9 No No RCE CVE-2026-33844 Azure Managed Instance for Apache Cassandra Remote Code Execution Vulnerability Critical 9 No No RCE CVE-2026-41105 Azure Monitor Action Group Notification System Elevation of Privilege Vulnerability Critical 8.1 No No EoP CVE-2026-33111 Copilot Chat (Microsoft Edge) Information Disclosure Vulnerability Critical 7.5 No No Info CVE-2026-26129 M365 Copilot Information Disclosure Vulnerability Critical 7.5 No No Info CVE-2026-26164 M365 Copilot Information Disclosure Vulnerability Critical 7.5 No No Info CVE-2026-33821 Microsoft Dynamics 365 Customer Insights Elevation of Privilege Vulnerability Critical 7.7 No No EoP CVE-2026-42898 Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability Critical 9.9 No No RCE CVE-2026-40379 Microsoft Enterprise Security Token Service (ESTS) Spoofing Vulnerability Critical 9.3 No No Spoofing CVE-2026-40363 Microsoft Office Remote Code Execution Vulnerability Critical 8.4 No No RCE CVE-2026-40358 Microsoft Office Remote Code Execution Vulnerability Critical 8.4 No No RCE CVE-2026-34327 Microsoft Partner Center Spoofing Vulnerability Critical 8.2 No No Spoofing CVE-2026-40365 Microsoft SharePoint Server Remote Code Execution Vulnerability Critical 8.8 No No RCE CVE-2026-41103 Microsoft SSO Plugin for Jira & Confluence Elevation of Privilege Vulnerability Critical 9.1 No No EoP CVE-2026-33823 Microsoft Team Events Portal Information Disclosure Vulnerability Critical 9.6 No No Info CVE-2026-40364 Microsoft Word Remote Code Execution Vulnerability Critical 8.4 No No RCE CVE-2026-40366 Microsoft Word Remote Code Execution Vulnerability Critical 8.4 No No RCE CVE-2026-40361 Microsoft Word Remote Code Execution Vulnerability Critical 8.4 No No RCE CVE-2026-40367 Microsoft Word Remote Code Execution Vulnerability Critical 8.4 No No RCE CVE-2026-42831 Office for Android Remote Code Execution Vulnerability Critical 7.8 No No RCE CVE-2026-41096 Windows DNS Client Remote Code Execution Vulnerability Critical 9.8 No No RCE CVE-2026-35421 Windows GDI Remote Code Execution Vulnerability Critical 7.8 No No RCE CVE-2026-40403 Windows Graphics Component Remote Code Execution Vulnerability Critical 8.8 No No RCE CVE-2026-40402 Windows Hyper-V Elevation of Privilege Vulnerability Critical 9.3 No No EoP CVE-2026-32161 Windows Native WiFi Miniport Driver Remote Code Execution Vulnerability Critical 7.5 No No RCE CVE-2026-41089 Windows Netlogon Remote Code Execution Vulnerability Critical 9.8 No No RCE CVE-2026-32175 .NET Core Tampering Vulnerability Important 4.3 No No Tampering CVE-2026-32177 .NET Elevation of Privilege Vulnerability Important 7.3 No No EoP CVE-2026-35433 .NET Elevation of Privilege Vulnerability Important 7.3 No No EoP CVE-2025-54518 * AMD: CVE-2025-54518 CPU OP Cache Corruption Important No No RCE CVE-2026-42899 ASP.NET Core Denial of Service Vulnerability Important 7.5 No No DoS CVE-2026-40381 Azure Connected Machine Agent Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-42823 † Azure Logic Apps Elevation of Privilege Vulnerability Important 9.9 No No EoP CVE-2026-33833 Azure Machine Learning Notebook Spoofing Vulnerability Important 8.2 No No Spoofing CVE-2026-32204 Azure Monitor Agent Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-42830 Azure Monitor Agent Metrics Extension Elevation of Privilege Vulnerability Important 6.5 No No EoP CVE-2026-33117 Azure SDK for Java Security Feature Bypass Vulnerability Important 9.1 No No SFB CVE-2026-41109 GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability Important 8.8 No No SFB CVE-2026-35424 Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability Important 7.5 No No DoS CVE-2026-41614 M365 Copilot for Desktop Spoofing Vulnerability Important 6.2 No No Spoofing CVE-2026-41100 Microsoft 365 Copilot for Android Spoofing Vulnerability Important 4.4 No No Spoofing CVE-2026-40377 Microsoft Cryptographic Services Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-41094 Microsoft Data Formulator Remote Code Execution Vulnerability Important 8.8 No No RCE CVE-2026-40417 Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-42833 Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability Important 9.1 No No RCE CVE-2026-42838 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Important 5.4 No No EoP CVE-2026-40360 Microsoft Excel Information Disclosure Vulnerability Important 7.8 No No Info CVE-2026-40359 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2026-40362 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2026-42832 Microsoft Excel Spoofing Vulnerability Important 7.7 No No Spoofing CVE-2026-34329 Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability Important 8.8 No No RCE CVE-2026-40419 Microsoft Office Click-To-Run Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-40418 Microsoft Office Click-To-Run Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-35436 Microsoft Office Click-To-Run Elevation of Privilege Vulnerability Important 8.8 No No EoP CVE-2026-40420 Microsoft Office Click-To-Run Elevation of Privilege Vulnerability Important 8.8 No No EoP CVE-2026-42893 Microsoft Outlook for iOS Tampering Vulnerability Important 7.4 No No Tampering CVE-2026-40374 Microsoft Power Automate Desktop Information Disclosure Vulnerability Important 6.5 No No Info CVE-2026-41102 Microsoft PowerPoint for Android Spoofing Vulnerability Important 7.1 No No Spoofing CVE-2026-35439 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 8.8 No No RCE CVE-2026-40368 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 8 No No RCE CVE-2026-33110 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 8.8 No No RCE CVE-2026-33112 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 8.8 No No RCE CVE-2026-40357 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 8.8 No No RCE CVE-2026-32185 Microsoft Teams Spoofing Vulnerability Important 5.5 No No Spoofing CVE-2026-41101 Microsoft Word for Android Spoofing Vulnerability Important 7.1 No No Spoofing CVE-2026-35440 Microsoft Word Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-40421 Microsoft Word Information Disclosure Vulnerability Important 4.3 No No Info CVE-2026-41097 Secure Boot Security Feature Bypass Vulnerability Important 6.7 No No SFB CVE-2026-40370 † SQL Server Remote Code Execution Vulnerability Important 8.8 No No RCE CVE-2026-41613 Visual Studio Code Elevation of Privilege Vulnerability Important 8.8 No No EoP CVE-2026-41612 Visual Studio Code Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-41611 Visual Studio Code Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2026-41610 Visual Studio Code Security Feature Bypass Vulnerability Important 6.3 No No SFB CVE-2026-33839 Win32k Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-33840 Win32k Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-34330 Win32k Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-34331 Win32k Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-35423 Windows 11 Telnet Client Information Disclosure Vulnerability Important 5.4 No No Info CVE-2026-35438 Windows Admin Center Elevation of Privilege Vulnerability Important 8.3 No No EoP CVE-2026-41086 Windows Admin Center in Azure Portal Elevation of Privilege Vulnerability Important 8.8 No No EoP CVE-2026-34344 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-34345 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-35416 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-41088 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-34343 Windows Application Identity (AppID) Subsystem Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-35418 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-33835 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-34337 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-40407 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-40397 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-42896 Windows DWM Core Library Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-35419 Windows DWM Core Library Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-34336 Windows DWM Core Library Information Disclosure Vulnerability Important 7.8 No No Info CVE-2026-33834 Windows Event Logging Service Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-32209 Windows Filtering Platform (WFP) Security Feature Bypass Vulnerability Important 4.4 No No SFB CVE-2026-33841 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-35420 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-40369 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-34332 Windows Kernel-Mode Driver Remote Code Execution Vulnerability Important 8 No No RCE CVE-2026-34339 Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability Important 5.5 No No DoS CVE-2026-34341 Windows Link-Layer Discovery Protocol (LLDP) Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-33838 Windows Message Queuing (MSMQ) Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-34342 Windows Print Spooler Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-41095 Windows Projected File System Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-34340 Windows Projected File System Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-40398 Windows Remote Desktop Services Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-21530 Windows Rich Text Edit Elevation of Privilege Vulnerability Important 6.7 No No EoP CVE-2026-32170 Windows Rich Text Edit Elevation of Privilege Vulnerability Important 6.7 No No EoP CVE-2026-40410 Windows SMB Client Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-35415 Windows Storage Spaces Controller Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-34350 Windows Storport Miniport Driver Denial of Service Vulnerability Important 6.5 No No DoS CVE-2026-40405 Windows TCP/IP Denial of Service Vulnerability Important 7.5 No No DoS CVE-2026-40414 Windows TCP/IP Denial of Service Vulnerability Important 7.4 No No DoS CVE-2026-40401 Windows TCP/IP Denial of Service Vulnerability Important 6.2 No No DoS CVE-2026-40413 Windows TCP/IP Denial of Service Vulnerability Important 7.4 No No DoS CVE-2026-35422 Windows TCP/IP Driver Security Feature Bypass Vulnerability Important 6.5 No No SFB CVE-2026-34351 Windows TCP/IP Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-40399 Windows TCP/IP Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-34334 Windows TCP/IP Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-40406 Windows TCP/IP Information Disclosure Vulnerability Important 7.5 No No Info CVE-2026-33837 Windows TCP/IP Local Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-40415 Windows TCP/IP Remote Code Execution Vulnerability Important 8.1 No No RCE CVE-2026-42825 Windows Telephony Service Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-34338 Windows Telephony Service Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-40382 Windows Telephony Service Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-40380 Windows Volume Manager Extension Driver Remote Code Execution Vulnerability Important 6.2 No No RCE CVE-2026-40408 Windows WAN ARP Driver Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-34333 Windows Win32k Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-34347 Windows Win32k Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-35417 Windows Win32k Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-42891 Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability Moderate 6.5 No No Spoofing CVE-2026-35429 Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability Moderate 4.3 No No Spoofing CVE-2026-41107 Microsoft Edge (Chromium-based) Information Disclosure Vulnerability Moderate 7.4 No No Info CVE-2026-40416 Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability Low 4.3 No No Spoofing

* Indicates this CVE had been released by a third party and is now being included in Microsoft releases.

† Indicates further administrative actions are required to fully address the vulnerability.

 

Looking at the other Critical-rated bugs in this month’s release, there are quite a few scary-looking bugs (including a CVSS 10!), but there’s no action for the end user as Microsoft has already mitigated these bugs and is just now documenting them. There’s also this month’s crop of Office bugs where the Preview Pane is an attack vector. However, the bug in Office for Android does not have the Preview Pane vector; it’s simple open and own. The bug in the WiFi driver needs a network adjacent attacker. The SharePoint bug requires authentication, but anyone with site privileges has the authentication needed. The bug in SSO Plugin for Jira & Confluence should really be called an authentication bypass, since it allows an unauthenticated attacker to gain access to a system.

Looking at the other code execution bugs, most are of the open and own variety as expected. The bug in Dynamic 365 (On Prem) requires high privileges. The Message Queueing bug requires an adjacent attacker. The bug in SQL Server requires authentication, but as usual, patching won’t be straightforward. Finally, there’s a bug in the kernel that leads to code execution. Most kernel bugs are privilege escalations, but this one could allow code execution if an attacker sends specially crafted NVMe over Fabrics (NVMe‑oF) response messages during the connection handshake process that contains an invalid header length value. Neat.

As usual, the vast majority of the Microsoft release fixes Elevation of Privilege (EoP) bugs. Also as usual, most simply lead to local attackers executing their code at SYSTEM-level privileges or administrative privileges, so there’s not much to add without further technical details about the bugs themselves. There are also a few bugs that just state the attacker could “gain ELEVATED privileges.” How obtuse. The bugs in Azure allow an attacker to access data otherwise hidden from them. The Edge bug allows threat actors to elevate to the privileges of the running application. The bug in Visual Studio allows attackers to get permissions associated with the MCP Server’s managed identity. Finally, there are a couple of sandbox escapes, too, which are always useful.

This month's update includes six Security Feature Bypass vulnerabilities. The most severe is in the Azure SDK for Java (CVSS 9.1). An attacker over the network can bypass the integrity protection provided by authentication tags on encrypted data, effectively manipulating encrypted input in a way that slips past integrity checks during decryption. Close behind is the bypass affecting the GitHub Copilot integration in Visual Studio Code (CWE-74). This one requires a user interaction, but it allows an attacker to circumvent the path validation safeguards that normally control which files Copilot is permitted to modify. The other Visual Studio Code bypass involves cross-site scripting, improper link resolution, and information exposure triggered when a user opens or views a maliciously crafted notebook. On the Windows networking side there are two bypasses. The first hits the Windows TCP/IP driver via an authentication bypass using an alternate channel. The other impacts the Windows Filtering Platform through improper access control, allowing a local, low-privileged attacker to bypass FQDN-based network security rules. Finally, there’s a Secure Boot bypass that, you guessed it, bypasses secure boot features.

Moving on to the Information Disclosure bugs fixed this month, we have 15 different CVEs. As usual, the majority of these simply result in info leaks consisting of unspecified memory contents or memory addresses. The bug in Power Automate could expose data marked “Sensitive” within Power Automate Desktop flows. One of the Word bugs could disclose NLTM hashes. The bug in Edge could disclose your cookies, which seems rude. The bug in Visual Studio could expose file path information. Finally, there’s a bug in Telnet for Windows 11 that leaks information being used by Telnet at the time. I didn’t even realize Windows 11 still had a telnet client.

The May release contains 10 spoofing bugs (plus the ones already addressed by Microsoft). The bug in Azure Machine Learning Notebooks vulnerability requires user interaction, but it could expose info through the Azure ML web interface to the attacker. There’s a cluster of fixes for Microsoft's mobile Office suite on Android. Excel, Word, and PowerPoint for Android all carry spoofing flaws rooted in improper access control. Two Copilot products are also affected by spoofing vulns. The M365 Copilot for Desktop has no details provided. The M365 Copilot for Android variant requires low privileges and producing only limited impact on confidentiality and integrity. Microsoft Teams for Android rounds out the mobile app spoofing bugs. Three Edge bugs close things out, all involving misrepresentation of information in the browser UI.

There are two Tampering bugs in this month’s release. The one in .NET Core allows threat actors to write files to an affected system. The other is in Outlook for iOS and manifests as a command injection bug.

There are eight DoS bugs in the May release, but as always, Microsoft provides little to no actionable information about the vulnerabilities. The most interesting from a practical standpoint are two TCP/IP bugs that allow a low-privilege Hyper-V guest to crash the host. Both are triggered from the adjacent network. On the broader network-exposure side, the ASP.NET Core bug is a straightforward infinite loop condition — an unauthenticated attacker sends a crafted request over the network and the server stops responding.

No new advisories are being released this month.

Looking Ahead

Assuming I survive Pwn2Own Berlin (which is looking iffy at the moment), I’ll return on June 9th on what will hopefully be a smaller release than this one. Until then, stay safe, happy patching, and may all your reboots be smooth and clean!

We’ve received some feedback from those who read the Patch Blog that they would like something similar for macOS updates. Unfortunately, Apple doesn’t schedule these for a particular day, but we can provide our thoughts and analysis on the days they do release their latest patches.

For May 2026, Apple released 82 unique CVEs across the three macOS versions: 79 for macOS Tahoe 26.5, 45 for macOS Sequoia 15.7.7, and 42 for macOS Sonoma 14.8.7. Since Apple doesn’t provide CVSS scores or other severity information, we’re left to speculate on which of these bugs is the most severe. However, there are a couple that stand out.

-              CVE-2026-28819 (Wi-Fi) stands out as the strongest candidate for the most severe as it states, “An app may be able to execute arbitrary code with kernel privileges.” The combination of arbitrary code execution at the kernel level is about as bad as it gets on a severity scale. Plus, it affects all three macOS versions (Tahoe, Sequoia, and Sonoma).

-              CVE-2026-43668 (mDNSResponder) also piques my interest since, “A remote attacker may be able to cause unexpected system termination or corrupt kernel memory.” The remote attack vector with kernel memory corruption on all three OS versions makes this a serious one, especially since mDNSResponder is always running.

-              CVE-2026-28972 (Kernel) This one states that “An app may be able to cause unexpected system termination or write kernel memory.” An out-of-bounds write directly into kernel memory on all three OS versions. This one may also have implications in the upcoming Pwn2Own Berlin contest.

Here’s a look at all the bugs released by Apple this month:

82Unique CVEs 79macOS Tahoe 26.5 45macOS Sequoia 15.7.7 42macOS Sonoma 14.8.7 CVE ID Component Impact macOS Tahoe 26.5 macOS Sequoia 15.7.7 macOS Sonoma 14.8.7 CVE-2026-28991 Accelerate An app may be able to cause a denial-of-service Yes No No CVE-2026-28988 Accounts An app may be able to bypass certain Privacy preferences Yes No No CVE-2026-28959 APFS An app may be able to cause unexpected system termination Yes Yes Yes CVE-2026-28995 App Intents A malicious app may be able to break out of its sandbox Yes No No CVE-2026-1837 AppleJPEG Processing a maliciously crafted image may lead to a denial-of-service Yes No No CVE-2026-28956 AppleJPEG Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory Yes Yes Yes CVE-2026-39869 Audio Processing an audio stream in a maliciously crafted media file may terminate the process Yes Yes Yes CVE-2026-28922 CoreMedia An app may be able to access private information Yes Yes Yes CVE-2026-28936 CoreServices Processing a maliciously crafted file may lead to unexpected app termination Yes No Yes CVE-2026-28918 CoreSymbolication Parsing a maliciously crafted file may lead to an unexpected app termination Yes No No CVE-2026-28878 Crash Reporter An app may be able to enumerate a user's installed apps No Yes No CVE-2026-28915 CUPS An app may be able to gain root privileges Yes Yes Yes CVE-2026-43659 FileProvider An app may be able to access sensitive user data Yes Yes Yes CVE-2026-28923 GPU Drivers A malicious app may be able to break out of its sandbox Yes Yes Yes CVE-2026-28925 HFS An app may be able to cause unexpected system termination or write kernel memory Yes Yes Yes CVE-2025-43524 Icons An app may be able to break out of its sandbox No Yes Yes CVE-2026-43661 ImageIO Processing a maliciously crafted image may corrupt process memory Yes No No CVE-2026-28977 ImageIO Processing a maliciously crafted file may lead to unexpected app termination Yes Yes Yes CVE-2026-28990 ImageIO Processing a maliciously crafted image may corrupt process memory Yes Yes Yes CVE-2026-28978 Installer A malicious app may be able to break out of its sandbox Yes Yes Yes CVE-2026-28992 IOHIDFamily An attacker may be able to cause unexpected app termination Yes Yes Yes CVE-2026-28943 IOHIDFamily An app may be able to determine kernel memory layout Yes Yes Yes CVE-2026-28969 IOKit An app may be able to cause unexpected system termination Yes Yes Yes CVE-2026-43655 IOSurfaceAccelerator An app may be able to cause unexpected system termination or read kernel memory Yes No No CVE-2026-43654 Kernel An app may be able to disclose kernel memory Yes Yes Yes CVE-2026-28908 Kernel An app may be able to modify protected parts of the file system Yes Yes Yes CVE-2026-28954 Kernel A maliciously crafted disk image may bypass Gatekeeper checks Yes Yes Yes CVE-2026-28897 Kernel A local user may be able to cause unexpected system termination or read kernel memory Yes Yes Yes CVE-2026-28952 Kernel An app may be able to cause unexpected system termination Yes Yes Yes CVE-2026-28951 Kernel An app may be able to gain root privileges Yes Yes Yes CVE-2026-28972 Kernel An app may be able to cause unexpected system termination or write kernel memory Yes Yes Yes CVE-2026-28986 Kernel An app may be able to cause unexpected system termination Yes Yes Yes CVE-2026-28987 Kernel An app may be able to leak sensitive kernel state Yes Yes Yes CVE-2026-28983 LaunchServices A remote attacker may be able to cause a denial of service Yes No No CVE-2026-28929 Mail Drafts Replying to an email could display remote images in Mail in Lockdown Mode Yes Yes Yes CVE-2026-43653 mDNSResponder An attacker on the local network may be able to cause a denial-of-service Yes No Yes CVE-2026-28985 mDNSResponder An attacker on the local network may be able to cause a denial-of-service Yes No No CVE-2026-43668 mDNSResponder A remote attacker may be able to cause unexpected system termination or corrupt kernel memory Yes Yes Yes CVE-2026-43666 mDNSResponder An attacker on the local network may be able to cause a denial-of-service Yes Yes Yes CVE-2026-28941 Model I/O Processing a maliciously crafted file may lead to a denial-of-service or potentially disclose memory contents Yes Yes No CVE-2026-28940 Model I/O Processing a maliciously crafted image may corrupt process memory Yes Yes No CVE-2026-28961 Network Extensions An attacker with physical access to a locked device may be able to view sensitive user information Yes No No CVE-2026-28906 Networking An attacker may be able to track users through their IP address Yes Yes Yes CVE-2026-28840 PackageKit An app may be able to gain root privileges No Yes Yes CVE-2026-43656 Quick Look Parsing a maliciously crafted file may lead to an unexpected app termination Yes Yes Yes CVE-2026-43652 Sandbox An app may be able to access protected user data Yes No No CVE-2026-39870 SceneKit Processing a maliciously crafted image may corrupt process memory Yes Yes Yes CVE-2026-28846 SceneKit A remote attacker may be able to cause unexpected app termination Yes Yes Yes CVE-2026-28993 Shortcuts An app may be able to access user-sensitive data Yes Yes Yes CVE-2026-28848 SMB A remote attacker may be able to cause unexpected system termination Yes Yes No CVE-2026-28930 Spotlight An app may be able to access protected user data Yes No No CVE-2026-28974 Spotlight An app may be able to cause a denial-of-service Yes Yes No CVE-2026-28996 Storage An app may be able to access sensitive user data Yes Yes Yes CVE-2026-28919 StorageKit An app may be able to gain root privileges Yes Yes Yes CVE-2026-28924 Sync Services An app may be able to access Contacts without user consent Yes Yes Yes CVE-2026-39871 TV App An app may be able to observe unprotected user data Yes Yes Yes CVE-2026-28976 UserAccountUpdater An app may be able to gain root privileges Yes No No CVE-2026-43660 WebKit Processing maliciously crafted web content may prevent Content Security Policy from being enforced Yes No No CVE-2026-28907 WebKit Processing maliciously crafted web content may prevent Content Security Policy from being enforced Yes No No CVE-2026-28962 WebKit Processing maliciously crafted web content may disclose sensitive user information Yes No No CVE-2026-43658 WebKit Processing maliciously crafted web content may lead to an unexpected Safari crash Yes No No CVE-2026-28905 WebKit Processing maliciously crafted web content may lead to an unexpected process crash Yes No No CVE-2026-28847 WebKit Processing maliciously crafted web content may lead to an unexpected process crash Yes No No CVE-2026-28904 WebKit Processing maliciously crafted web content may lead to an unexpected process crash Yes No No CVE-2026-28955 WebKit Processing maliciously crafted web content may lead to an unexpected process crash Yes No No CVE-2026-28903 WebKit Processing maliciously crafted web content may lead to an unexpected process crash Yes No No CVE-2026-28953 WebKit Processing maliciously crafted web content may lead to an unexpected process crash Yes No No CVE-2026-28902 WebKit Processing maliciously crafted web content may lead to an unexpected process crash Yes No No CVE-2026-28901 WebKit Processing maliciously crafted web content may lead to an unexpected process crash Yes No No CVE-2026-28913 WebKit Processing maliciously crafted web content may lead to an unexpected process crash Yes No No CVE-2026-28883 WebKit Processing maliciously crafted web content may lead to an unexpected process crash Yes No No CVE-2026-28958 WebKit An app may be able to access sensitive user data Yes No No CVE-2026-28917 WebKit Processing maliciously crafted web content may lead to an unexpected process crash Yes No No CVE-2026-28947 WebKit Processing maliciously crafted web content may lead to an unexpected Safari crash Yes No No CVE-2026-28946 WebKit Processing maliciously crafted web content may lead to an unexpected Safari crash Yes No No CVE-2026-28942 WebKit Processing maliciously crafted web content may lead to an unexpected Safari crash Yes No No CVE-2026-28971 WebKit A malicious iframe may use another website's download settings Yes No No CVE-2026-28944 WebRTC Processing maliciously crafted web content may lead to an unexpected process crash Yes No No CVE-2026-28819 Wi-Fi An app may be able to execute arbitrary code with kernel privileges Yes Yes Yes CVE-2026-28994 Wi-Fi An attacker in a privileged network position may be able to perform denial-of-service attack using crafted Wi-Fi packets Yes Yes Yes CVE-2026-28914 zip A maliciously crafted ZIP archive may bypass Gatekeeper checks Yes No No CVE-2026-28920 zlib Visiting a maliciously crafted website may leak sensitive data Yes Yes Yes CVEs marked with the scarab logo were reported through the TrendAI Zero Day Initiative program.

We’ll continue these macOS updates if people find them useful. Stay tuned for the regularly schedule Patch Tuesday blog covering Adobe and Microsoft.

In this excerpt of a TrendAI Research Services vulnerability report, Richard Chen and Lucas Miller of the TrendAI Research team detail a recently patched double free vulnerability in the Windows Internet Key Exchange (IKE) service. This bug was originally discovered by WARP & MORSE team at Microsoft. Successful exploitation could result in a crash of the IKEEXT service, or potentially arbitrary code execution. The following is a portion of their write-up covering CVE-2026-33824, with a few minimal modifications.

A double free vulnerability has been reported in the Windows Internet Key Exchange (IKEv2) service. The vulnerability is due to an error when processing fragments.

An unauthenticated, remote attacker could exploit this vulnerability by sending crafted packets to the target server. Successful exploitation could result in a crash of the IKEEXT service, or potentially arbitrary code execution.

The Vulnerability

Microsoft Windows is an operating system which includes both server and desktop components along with an easy-to-use GUI. All currently supported versions of Windows include Internet Key Exchange Protocol Extensions to support the Virtual Private Network (VPN) feature.

The VPN feature of Windows encrypts communication between hosts. ISAKMP is a negotiation protocol used by IPsec-enabled hosts to build a security association. It uses the Internet Key Exchange (IKE) Protocol in order to negotiate keys for encrypted communication. IKE has two versions: IKEv1 and IKEv2. IKE version 1 (IKEv1) and version 2 (IKEv2) messages have the following general format:

The type of payload is determined by the Next Payload header of the previous payload, or the Next Payload field in the header (in the case of the first payload).

IKEv2 supports message fragmentation as defined in RFC 7383. When IKEv2 messages exceed the path MTU, they may be split into multiple Encrypted Fragment payloads. Of interest to this report is the Encrypted Fragment (SKF) payload (type 0x35). The SKF payload format is defined as:

When an IKEv2 implementation receives fragments, it inserts each fragment into an ordered list and reassembles them once all fragments have been received. In the Windows implementation, the function IkeReinjectReassembledPacket() performs this reassembly.

A double-free vulnerability has been reported in the Windows IKE Extension library (ikeext.dll). The vulnerability is due to improper ownership handling of a heap-allocated blob pointer during IKEv2 fragment reassembly. During the IKE_SA_INIT exchange, a Security Realm Vendor ID payload causes IkeHandleSecurityRealmVendorId() to allocate a blob and store it in the MMSA (Main Mode Security Association) structure at offset 0x208. When a fragmented IKE_AUTH message is fully reassembled, IkeReinjectReassembledPacket copies MMSA fields at offsets 0x178 through 0x21F - including the blob pointer at 0x208 - into a local stack struct. This struct is then passed to IkeQueueRecvRequest, which shallow-copies it into a heap-allocated work item. While IkeQueueRecvRequest deep-copies the reassembly buffer at offset 0x10 in the struct, the Security Realm blob pointer at offset 0xC8 remains a shallow copy, aliasing the original at MMSA+0x208.

When the thread pool processes the queued work item, IkeDestroyPacketContext checks the blob pointer at offset 0xC8 and calls WfpMemFree to release it (first free). The MMSA structure still holds the original pointer to the same allocation at offset 0x208. When the MMSA is subsequently cleaned up through IkeCleanupMMNegotiation, the SA reference count is decremented via IkeDerefMMSA, eventually triggering IkeFreeMMSA, which frees the blob pointer at MMSA offset 0x208 - the same allocation already freed by IkeDestroyPacketContext (second free).

A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted IKE_SA_INIT message followed by two or more Encrypted Fragment (SKF) payloads containing an invalid IKE_AUTH message to the target server. The fragment reassembly path will shallow-copy the blob pointers, and the subsequent MMSA cleanup will trigger the double free. Successful exploitation could result in arbitrary code execution under the security context of the IKEEXT service (SYSTEM).

Source Code Walkthrough

The following code snippets were taken from IKEEXT.DLL file version 10.0.20348.2849 and decompiled with IDA Pro version 8.3. Comments added by TrendAI have been highlighted.

Detection Guidance

To detect an attack exploiting this vulnerability, the detection device must monitor and parse traffic on UDP ports 500 and 4500. The IKE general format, Payloads field, and the Encrypted Fragment (SKF) payload format can be seen above.

The detection device should monitor all incoming IKE traffic. Detection requires correlating two packets within the same IKE session: an IKE_SA_INIT request carrying the Microsoft Security Realm Vendor ID, followed by a fragmented IKE_AUTH request. Neither packet alone is malicious; both must be observed in sequence from the same source.

IKE_SA_INIT

At byte offset 17 of the UDP payload, the device should check for the three-byte sequence 20 22 08, which corresponds to the IKEv2 version identifier (0x20), the IKE_SA_INIT exchange type (0x22), and the Initiator flag (0x08). The device should then scan the remainder of the packet for the 16-byte sequence 68 6a 8c bd fe 63 4b 40 51 46 fb 2b af 33 e9 e8, which is the Microsoft Security Realm Vendor ID. If both conditions are met, the device should follow the guidance below.

IKE_AUTH

For subsequent packets from the same source, the device should check bytes at offset 16 through 23 of the UDP payload. At offset 16, the four-byte sequence 35 20 23 08 identifies an Encrypted Fragment payload (SKF, type 0x35), IKEv2 version (0x20), IKE_AUTH exchange type (0x23), and Initiator flag (0x08). If found, the detection device should inspect offset 20 and search for the four-byte sequence00 00 00 01. If found the traffic should be considered malicious; an attack exploiting this vulnerability is likely underway.

Notes
• All multi-byte values should be treated as big endian.
• When detecting traffic on port 4500, IKE packets are prepended by a 4-byte non-ESP marker (\x00\x00\x00\x00), shifting all IKE header content offsets by 4.

Conclusion

This vulnerability was patched by Microsoft in the April 2026 release cycle. They do note two mitigations that could prevent exploitation while the patch is being tested and deployed. 

·      Block inbound traffic on UDP ports 500 and 4500 for systems that do not use IKE.

·      For systems that require IKE, configure firewall rules to allow inbound traffic on UDP ports 500 and 4500 only from known peer addresses.

These mitigations may be removed once the security patch is applied. The only way to fully remediate the vulnerability is to apply the update from the vendor.

Special thanks to Richard Chen and Lucas Miller of the TrendAI Research team for providing such a thorough analysis of this vulnerability. For an overview of TrendAI Research services please visit https://go.trendmicro.com/tis/vulnerabilities.html.

The threat research team will be back with other great vulnerability analysis reports in the future. Until then, follow the team on Twitter, Mastodon, LinkedIn, or Bluesky for the latest in exploit techniques and security patches.

It’s time once again for Patch Tuesday, and this one is huge. We’ve also got multiple exploits in the wild, which adds another layer of urgency to this month’s release. Take a break from your regularly scheduled activities, and let’s take a look at the latest security patches from Adobe and Microsoft. If you’d rather watch the full video recap covering the entire release, you can check it out here:

Adobe Patches for April 2026

For April, Adobe released 12 bulletins addressing 61 unique CVEs in Adobe Acrobat Reader, InDesign, InCopy, FrameMaker, Connect, ColdFusion, Bridge, Photoshop, Illustrator, Experience Manager Screens, and the Adobe DNG SDK. Three of the Cold Fusion bugs came through the TrendAI ZDI program. For this month, I’m introducing an Adobe table as well. I’d love to get your feedback on whether this is helpful.

Bulletin ID Product CVE Count Highest Severity Highest CVSS Exploited Deployment Priority APSB26-43 Adobe Acrobat Reader 1 Critical 8.6 Yes 1 APSB26-44 Adobe Acrobat Reader 2 Critical 8.6 No 2 APSB26-32 Adobe InDesign 9 Critical 7.8 No 3 APSB26-33 Adobe InCopy 2 Critical 7.8 No 3 APSB26-36 Adobe FrameMaker 11 Critical 8.6 No 3 APSB26-37 Adobe Connect 9 Critical 9.6 No 3 APSB26-38 Adobe ColdFusion 7 Critical 9.3 No 1 APSB26-39 Adobe Bridge 6 Critical 7.8 No 3 APSB26-40 Adobe Photoshop 1 Critical 7.8 No 3 APSB26-42 Adobe Illustrator 1 Critical 7.8 No 3 APSB26-34 Adobe Experience Manager Screens 9 Important 5.4 No 3 APSB26-41 Adobe DNG SDK 3 Important 5.5 No 3

Obviously, the active attack in Reader is the highest priority for this month, but don’t ignore the second bunch of Reader patches. Cold Fusion also gets a deployment priority of 1, so if you’re still running that platform, make sure you get the update. Otherwise, the FrameMaker and Connect patches fix 11 and nine bugs, respectively. InDesign and Experience Manager Screens also have nine CVEs addressed.

Outside of the Reader bug, none of the other bugs fixed by Adobe this month are listed as publicly known or under active attack at the time of release. One of the Reader bugs and Cold Fusion have a deployment priority of one, the other Reader bug has a priority of two, while all of the other updates released by Adobe this month are listed as deployment priority 3.

Microsoft Patches for April 2026

This month, Microsoft released a monstrous 163 new CVEs in Windows and Windows components, Office and Office Components, Microsoft Edge (Chromium-based), Azure, .NET and Visual Studio, SQL Server, Hyper-V Server, BitLocker, and the Windows Wallet Service. Counting the third-party and a huge Chromium release, it brings the total number of CVEs to a staggering 247 updates. Six of these bugs were reported through the TrendAI ZDI program. Eight of these bugs are rated Critical, two are rated as Moderate, and the rest are rated Important in severity.

By my count, this is the second-largest monthly release in Microsoft’s history. There are many things we could speculate on to justify the size, but if Microsoft is like the other programs out there (including ours), they are likely seeing a rise in submissions found by AI tools. For us, our incoming rate has essentially tripled, making triage a challenge, to say the least. Whatever the reason, we have a lot of bugs to deal with this month. I should also point out that the Pwn2Own Berlin occurs next month, and it’s typical for vendors to patch as much as they can before the event.

There is one Microsoft bug listed as under active attack at the time of release, and one other that’s publicly known. Let’s take a closer look at some of the more interesting updates for this month, starting with the vulnerability being exploited in the wild:

-    CVE-2026-32201 - Microsoft SharePoint Server Spoofing Vulnerability
Microsoft doesn’t provide a lot of information about this bug, but Spoofing bugs in SharePoint often manifest as cross-site scripting (XSS) bugs. They do note that attackers could view information or make changes to disclosed information. As always, they don’t provide any information on how widespread these attacks are, but I wouldn’t wait to test and deploy this fix – especially if you have internet-connected SharePoint servers.

-    CVE-2026-33825 - Microsoft Defender Elevation of Privilege Vulnerability
This bug is listed as publicly known, and this time, we know exactly where it was disclosed. There have been some questions about how exploitable this bug may be, but it does look like it’s a real problem – just with some reliability issues in its current state. I won’t add on to the commentary from the researcher about working with Microsoft. I’m just glad they are offering a fix for the vulnerability. If you rely on Defender, test and deploy this one quickly.

-   CVE-2026-33827 - Windows TCP/IP Remote Code Execution Vulnerability
This vulnerability allows remote, unauthenticated attackers to exploit code on affected systems without user interaction. That adds up to a wormable bug – at least on systems with IPv6 and IPSec enabled. It is a race condition, which sets exploitability to High on the CVSS scale, but we see race conditions exploited at Pwn2Own all the time, so don’t rely on that obstacle. If you’re running IPv6, I would test and deploy this fix quickly before public exploits become available.

-    CVE-2026-33824 - Windows Internet Key Exchange (IKE) Service Extensions Remote Code Execution Vulnerability
Speaking of wormable bugs, here’s our second one this month. By the title, we can tell that systems with IKE enabled are affected, but that leaves plenty of targets for attackers. Microsoft also notes a significant mitigation for this bug. Blocking UDP ports 500 and 4500 at the perimeter prevents external attackers from reaching the affected service. However, insiders could still target this for lateral movement within an enterprise. For enterprises using IKE, get this fix tested and deployed with haste.

Here’s the full list of CVEs released by Microsoft for April 2026:

April 2026 Patch Tuesday CVE Title Severity CVSS Public Exploited Type CVE-2026-32201 Microsoft SharePoint Server Spoofing Vulnerability Important 6.5 No Yes Spoofing CVE-2026-5281 * Chromium: CVE-2026-5281 Use after free in Dawn High N/A No Yes RCE CVE-2026-33825 Microsoft Defender Elevation of Privilege Vulnerability Important 7.8 Yes No EoP CVE-2026-23666 .NET Framework Denial of Service Vulnerability Critical 7.5 No No DoS CVE-2026-32190 Microsoft Office Remote Code Execution Vulnerability Critical 8.4 No No RCE CVE-2026-33114 Microsoft Word Remote Code Execution Vulnerability Critical 8.4 No No RCE CVE-2026-33115 Microsoft Word Remote Code Execution Vulnerability Critical 8.4 No No RCE CVE-2026-32157 Remote Desktop Client Remote Code Execution Vulnerability Critical 8.8 No No RCE CVE-2026-33826 Windows Active Directory Remote Code Execution Vulnerability Critical 8 No No RCE CVE-2026-33824 Windows Internet Key Exchange (IKE) Service Extensions Remote Code Execution Vulnerability Critical 9.8 No No RCE CVE-2026-33827 Windows TCP/IP Remote Code Execution Vulnerability Critical 8.1 No No RCE CVE-2026-26171 .NET Denial of Service Vulnerability Important 7.5 No No DoS CVE-2026-32226 .NET Framework Denial of Service Vulnerability Important 5.9 No No DoS CVE-2026-32178 .NET Spoofing Vulnerability Important 7.5 No No Spoofing CVE-2026-32203 .NET and Visual Studio Denial of Service Vulnerability Important 7.5 No No DoS CVE-2026-33116 .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability Important 7.5 No No DoS CVE-2023-20585 * AMD: CVE-2023-20585 IOMMU Write Buffer Vulnerability Important 5.3 No No RCE CVE-2026-32072 Active Directory Spoofing Vulnerability Important 6.2 No No Spoofing CVE-2026-25184 Applocker Filter Driver (applockerfltr.sys) Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-32171 Azure Logic Apps Elevation of Privilege Vulnerability Important 8.8 No No EoP CVE-2026-32168 Azure Monitor Agent Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-32192 Azure Monitor Agent Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-32181 Connected User Experiences and Telemetry Service Denial of Service Vulnerability Important 5.5 No No DoS CVE-2026-27924 Desktop Window Manager Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-32152 Desktop Window Manager Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-32154 Desktop Window Manager Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-27923 Desktop Window Manager Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-32155 Desktop Window Manager Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-23653 GitHub Copilot and Visual Studio Code Information Disclosure Vulnerability Important 5.7 No No Info CVE-2026-23653 * GitHub: CVE-2026-32631 'git clone' from manipulated repositories can leak NTLM hashes Important 7.4 No No Info CVE-2026-33096 HTTP.sys Denial of Service Vulnerability Important 7.5 No No DoS CVE-2026-25250 * MITRE: CVE-2026-25250 Secure Boot disable Eazy Fix Important 6 No No SFB CVE-2026-26181 Microsoft Brokering File System Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-32219 Microsoft Brokering File System Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-32091 Microsoft Brokering File System Elevation of Privilege Vulnerability Important 8.4 No No EoP CVE-2026-26152 Microsoft Cryptographic Services Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-33103 Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-32188 Microsoft Excel Information Disclosure Vulnerability Important 7.1 No No Info CVE-2026-32189 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2026-32197 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2026-32198 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2026-32199 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2026-32184 Microsoft High Performance Compute (HPC) Pack Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-26155 Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability Important 6.5 No No Info CVE-2026-27914 Microsoft Management Console Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-26149 Microsoft Power Apps Security Feature Bypass Important 9 No No SFB CVE-2026-32200 Microsoft PowerPoint Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2026-26143 Microsoft PowerShell Security Feature Bypass Vulnerability Important 7.8 No No SFB CVE-2026-33120 † Microsoft SQL Server Remote Code Execution Vulnerability Important 8.8 No No RCE CVE-2026-20945 Microsoft SharePoint Server Spoofing Vulnerability Important 4.6 No No Spoofing CVE-2026-33822 Microsoft Word Information Disclosure Vulnerability Important 6.1 No No Info CVE-2026-33095 Microsoft Word Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2026-23657 Microsoft Word Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2026-32081 Package Catalog Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-26170 PowerShell Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-26183 Remote Access Management service/API (RPC server) Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-26160 Remote Desktop Licensing Service Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-26159 Remote Desktop Licensing Service Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-26151 Remote Desktop Spoofing Vulnerability Important 7.1 No No Spoofing CVE-2026-32085 Remote Procedure Call Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-32167 SQL Server Elevation of Privilege Vulnerability Important 6.7 No No EoP CVE-2026-32176 SQL Server Elevation of Privilege Vulnerability Important 6.7 No No EoP CVE-2026-0390 UEFI Secure Boot Security Feature Bypass Vulnerability Important 6.7 No No SFB CVE-2026-32220 UEFI Secure Boot Security Feature Bypass Vulnerability Important 4.4 No No SFB CVE-2026-32212 Universal Plug and Play (upnp.dll) Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-32214 Universal Plug and Play (upnp.dll) Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-32079 Web Account Manager Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-33104 Win32k Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-32196 Windows Admin Center Spoofing Vulnerability Important 6.1 No No Spoofing CVE-2026-26178 Windows Advanced Rasterization Platform Elevation of Privilege Vulnerability Important 8.8 No No EoP CVE-2026-32073 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-26168 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-26173 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-26177 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-26182 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-27922 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-33099 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-33100 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-32088 Windows Biometric Service Security Feature Bypass Vulnerability Important 6.1 No No SFB CVE-2026-27913 Windows BitLocker Security Feature Bypass Vulnerability Important 7.7 No No SFB CVE-2026-26175 Windows Boot Manager Security Feature Bypass Vulnerability Important 4.6 No No SFB CVE-2026-32162 Windows COM Elevation of Privilege Vulnerability Important 8.4 No No EoP CVE-2026-20806 Windows COM Server Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-26176 Windows Client Side Caching driver (csc.sys) Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-27926 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-32070 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-33098 Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-26153 Windows Encrypted File System (EFS) Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-32087 Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-32093 Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-32086 Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-32150 Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-27931 Windows GDI Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-27930 Windows GDI Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-32221 Windows Graphics Component Remote Code Execution Vulnerability Important 8.4 No No RCE CVE-2026-27906 Windows Hello Security Feature Bypass Vulnerability Important 4.4 No No SFB CVE-2026-27928 Windows Hello Security Feature Bypass Vulnerability Important 8.7 No No SFB CVE-2026-26156 Windows Hyper-V Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2026-32149 Windows Hyper-V Remote Code Execution Vulnerability Important 7.3 No No RCE CVE-2026-27910 Windows Installer Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-27912 Windows Kerberos Elevation of Privilege Vulnerability Important 8 No No EoP CVE-2026-26179 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-26180 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-32195 Windows Kernel Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-26163 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-32215 Windows Kernel Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-32217 Windows Kernel Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-32218 Windows Kernel Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-26169 Windows Kernel Memory Information Disclosure Vulnerability Important 6.1 No No Info CVE-2026-27929 Windows LUA File Virtualization Filter Driver Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-32071 Windows Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability Important 7.5 No No DoS CVE-2026-20930 Windows Management Services Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-26162 Windows OLE Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-33101 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-32084 Windows Print Spooler Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-27927 Windows Projected File System Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-26184 Windows Projected File System Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-32069 Windows Projected File System Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-32074 Windows Projected File System Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-32078 Windows Projected File System Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-26167 Windows Push Notifications Elevation of Privilege Vulnerability Important 8.8 No No EoP CVE-2026-32158 Windows Push Notifications Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-32159 Windows Push Notifications Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-32160 Windows Push Notifications Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-26172 Windows Push Notifications Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-20928 Windows Recovery Environment Security Feature Bypass Vulnerability Important 4.6 No No SFB CVE-2026-32216 Windows Redirected Drive Buffering System Denial of Service Vulnerability Important 5.5 No No DoS CVE-2026-27909 Windows Search Service Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-26161 Windows Sensor Data Service Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-26174 Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-32224 Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-26154 Windows Server Update Service (WSUS) Tampering Vulnerability Important 7.5 No No Tampering CVE-2026-26165 Windows Shell Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-26166 Windows Shell Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-27918 Windows Shell Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-32151 Windows Shell Information Disclosure Vulnerability Important 6.5 No No Info CVE-2026-32225 Windows Shell Security Feature Bypass Vulnerability Important 8.8 No No SFB CVE-2026-32202 Windows Shell Spoofing Vulnerability Important 4.3 No No Spoofing CVE-2026-32082 Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-32083 Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-32068 Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-32183 Windows Snipping Tool Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2026-32089 Windows Speech Brokered Api Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-32090 Windows Speech Brokered Api Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-32153 Windows Speech Runtime Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-27907 Windows Storage Spaces Controller Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-32076 Windows Storage Spaces Controller Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-27908 Windows TDI Translation Driver (tdx.sys) Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-27921 Windows TDI Translation Driver (tdx.sys) Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-27915 Windows UPnP Device Host Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-27919 Windows UPnP Device Host Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-32075 Windows UPnP Device Host Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-27916 Windows UPnP Device Host Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-27920 Windows UPnP Device Host Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-32077 Windows UPnP Device Host Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-27925 Windows UPnP Device Host Information Disclosure Vulnerability Important 6.5 No No Info CVE-2026-32156 Windows UPnP Device Host Remote Code Execution Vulnerability Important 7.4 No No RCE CVE-2026-32223 Windows USB Printing Stack (usbprint.sys) Elevation of Privilege Vulnerability Important 6.8 No No EoP CVE-2026-32165 Windows User Interface Core Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-27911 Windows User Interface Core Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-32163 Windows User Interface Core Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-32164 Windows User Interface Core Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-23670 Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability Important 5.7 No No SFB CVE-2026-27917 Windows WFP NDIS Lightweight Filter Driver (wfplwfs.sys) Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-32080 Windows WalletService Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-32222 Windows Win32k Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-21637 * HackerOne: CVE-2026-21637 TLS PSK/ALPN Callback Exceptions Bypass Error Handlers Moderate 7.5 No No SFB CVE-2026-33119 Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability Moderate 5.4 No No Spoofing CVE-2026-33829 Windows Snipping Tool Spoofing Vulnerability Moderate 4.3 No No Spoofing CVE-2026-5858 * Chromium: CVE-2026-5858 Heap buffer overflow in WebML Critical N/A No No RCE CVE-2026-5859 * Chromium: CVE-2026-5859 Integer overflow in WebML Critical N/A No No RCE CVE-2026-5272 * Chromium: CVE-2026-5272 Heap buffer overflow in GPU High N/A No No RCE CVE-2026-5273 * Chromium: CVE-2026-5273 Use after free in CSS High N/A No No RCE CVE-2026-5274 * Chromium: CVE-2026-5274 Integer overflow in Codecs High N/A No No RCE CVE-2026-5275 * Chromium: CVE-2026-5275 Heap buffer overflow in ANGLE High N/A No No RCE CVE-2026-5276 * Chromium: CVE-2026-5276 Insufficient policy enforcement in WebUSB High N/A No No SFB CVE-2026-5277 * Chromium: CVE-2026-5277 Integer overflow in ANGLE High N/A No No RCE CVE-2026-5279 * Chromium: CVE-2026-5279 Object corruption in V8 High N/A No No RCE CVE-2026-5280 * Chromium: CVE-2026-5280 Use after free in WebCodecs High N/A No No RCE CVE-2026-5283 * Chromium: CVE-2026-5283 Inappropriate implementation in ANGLE High N/A No No SFB CVE-2026-5284 * Chromium: CVE-2026-5284 Use after free in Dawn High N/A No No RCE CVE-2026-5285 * Chromium: CVE-2026-5285 Use after free in WebGL High N/A No No RCE CVE-2026-5286 * Chromium: CVE-2026-5286 Use after free in Dawn High N/A No No RCE CVE-2026-5287 * Chromium: CVE-2026-5287 Use after free in PDF High N/A No No RCE CVE-2026-5289 * Chromium: CVE-2026-5289 Use after free in Navigation High N/A No No RCE CVE-2026-5290 * Chromium: CVE-2026-5290 Use after free in Compositing High N/A No No RCE CVE-2026-5860 * Chromium: CVE-2026-5860 Use after free in WebRTC High N/A No No RCE CVE-2026-5861 * Chromium: CVE-2026-5861 Use after free in V8 High N/A No No RCE CVE-2026-5862 * Chromium: CVE-2026-5862 Inappropriate implementation in V8 High N/A No No SFB CVE-2026-5863 * Chromium: CVE-2026-5863 Inappropriate implementation in V8 High N/A No No SFB CVE-2026-5864 * Chromium: CVE-2026-5864 Heap buffer overflow in WebAudio High N/A No No RCE CVE-2026-5865 * Chromium: CVE-2026-5865 Type Confusion in V8 High N/A No No RCE CVE-2026-5866 * Chromium: CVE-2026-5866 Use after free in Media High N/A No No RCE CVE-2026-5867 * Chromium: CVE-2026-5867 Heap buffer overflow in WebML High N/A No No RCE CVE-2026-5868 * Chromium: CVE-2026-5868 Heap buffer overflow in ANGLE High N/A No No RCE CVE-2026-5869 * Chromium: CVE-2026-5869 Heap buffer overflow in WebML High N/A No No RCE CVE-2026-5870 * Chromium: CVE-2026-5870 Integer overflow in Skia High N/A No No RCE CVE-2026-5871 * Chromium: CVE-2026-5871 Type Confusion in V8 High N/A No No RCE CVE-2026-5872 * Chromium: CVE-2026-5872 Use after free in Blink High N/A No No RCE CVE-2026-5873 * Chromium: CVE-2026-5873 Out of bounds read and write in V8 High N/A No No RCE CVE-2026-5291 * Chromium: CVE-2026-5291 Inappropriate implementation in WebGL Medium N/A No No SFB CVE-2026-5292 * Chromium: CVE-2026-5292 Out of bounds read in WebCodecs Medium N/A No No Info CVE-2026-5874 * Chromium: CVE-2026-5874 Use after free in PrivateAI Medium N/A No No RCE CVE-2026-5875 * Chromium: CVE-2026-5875 Policy bypass in Blink Medium N/A No No SFB CVE-2026-5876 * Chromium: CVE-2026-5876 Side-channel information leakage in Navigation Medium N/A No No Info CVE-2026-5877 * Chromium: CVE-2026-5877 Use after free in Navigation Medium N/A No No RCE CVE-2026-5878 * Chromium: CVE-2026-5878 Incorrect security UI in Blink Medium N/A No No Spoofing CVE-2026-5879 * Chromium: CVE-2026-5879 Insufficient validation of untrusted input in ANGLE Medium N/A No No SFB CVE-2026-5880 * Chromium: CVE-2026-5880 Incorrect security UI in browser UI Medium N/A No No Spoofing CVE-2026-5881 * Chromium: CVE-2026-5881 Policy bypass in LocalNetworkAccess Medium N/A No No SFB CVE-2026-5882 * Chromium: CVE-2026-5882 Incorrect security UI in Fullscreen Medium N/A No No Spoofing CVE-2026-5883 * Chromium: CVE-2026-5883 Use after free in Media Medium N/A No No RCE CVE-2026-5884 * Chromium: CVE-2026-5884 Insufficient validation of untrusted input in Media Medium N/A No No SFB CVE-2026-5885 * Chromium: CVE-2026-5885 Insufficient validation of untrusted input in WebML Medium N/A No No SFB CVE-2026-5886 * Chromium: CVE-2026-5886 Out of bounds read in WebAudio Medium N/A No No Info CVE-2026-5887 * Chromium: CVE-2026-5887 Insufficient validation of untrusted input in Downloads Medium N/A No No SFB CVE-2026-5888 * Chromium: CVE-2026-5888 Uninitialized Use in WebCodecs Medium N/A No No RCE CVE-2026-5889 * Chromium: CVE-2026-5889 Cryptographic Flaw in PDFium Medium N/A No No SFB CVE-2026-5890 * Chromium: CVE-2026-5890 Race in WebCodecs Medium N/A No No RCE CVE-2026-5891 * Chromium: CVE-2026-5891 Insufficient policy enforcement in browser UI Medium N/A No No SFB CVE-2026-5892 * Chromium: CVE-2026-5892 Insufficient policy enforcement in PWAs Medium N/A No No SFB CVE-2026-5893 * Chromium: CVE-2026-5893 Race in V8 Medium N/A No No RCE CVE-2026-5894 * Chromium: CVE-2026-5894 Inappropriate implementation in PDF Low N/A No No SFB CVE-2026-5895 * Chromium: CVE-2026-5895 Incorrect security UI in Omnibox Low N/A No No Spoofing CVE-2026-5896 * Chromium: CVE-2026-5896 Policy bypass in Audio Low N/A No No SFB CVE-2026-5897 * Chromium: CVE-2026-5897 Incorrect security UI in Downloads Low N/A No No Spoofing CVE-2026-5898 * Chromium: CVE-2026-5898 Incorrect security UI in Omnibox Low N/A No No Spoofing CVE-2026-5899 * Chromium: CVE-2026-5899 Incorrect security UI in History Navigation Low N/A No No Spoofing CVE-2026-5900 * Chromium: CVE-2026-5900 Policy bypass in Downloads Low N/A No No SFB CVE-2026-5901 * Chromium: CVE-2026-5901 Policy bypass in DevTools Low N/A No No SFB CVE-2026-5902 * Chromium: CVE-2026-5902 Race in Media Low N/A No No RCE CVE-2026-5903 * Chromium: CVE-2026-5903 Policy bypass in IFrameSandbox Low N/A No No SFB CVE-2026-5904 * Chromium: CVE-2026-5904 Use after free in V8 Low N/A No No RCE CVE-2026-5905 * Chromium: CVE-2026-5905 Incorrect security UI in Permissions Low N/A No No Spoofing CVE-2026-5906 * Chromium: CVE-2026-5906 Incorrect security UI in Omnibox Low N/A No No Spoofing CVE-2026-5907 * Chromium: CVE-2026-5907 Insufficient data validation in Media Low N/A No No SFB CVE-2026-5908 * Chromium: CVE-2026-5908 Integer overflow in Media Low N/A No No RCE CVE-2026-5909 * Chromium: CVE-2026-5909 Integer overflow in Media Low N/A No No RCE CVE-2026-5910 * Chromium: CVE-2026-5910 Integer overflow in Media Low N/A No No RCE CVE-2026-5911 * Chromium: CVE-2026-5911 Policy bypass in ServiceWorkers Low N/A No No SFB CVE-2026-5912 * Chromium: CVE-2026-5912 Integer overflow in WebRTC Low N/A No No RCE CVE-2026-5913 * Chromium: CVE-2026-5913 Out of bounds read in Blink Low N/A No No Info CVE-2026-5914 * Chromium: CVE-2026-5914 Type Confusion in CSS Low N/A No No RCE CVE-2026-5915 * Chromium: CVE-2026-5915 Insufficient validation of untrusted input in WebML Low N/A No No SFB CVE-2026-5918 * Chromium: CVE-2026-5918 Inappropriate implementation in Navigation Low N/A No No SFB CVE-2026-5919 * Chromium: CVE-2026-5919 Insufficient validation of untrusted input in WebSockets Low N/A No No SFB CVE-2026-33118 Microsoft Edge (Chromium-based) Spoofing Vulnerability Low 4.3 No No Spoofing

* Indicates this CVE had been released by a third party and is now being included in Microsoft releases.

† Indicates further administrative actions are required to fully address the vulnerability.

 

Looking at the other Critical-rated bugs in this month’s release, there are three Office-related bugs where the Preview Pane is once again listed as an exploit vector. I would still like to have a full-proof way of disabling the Preview Pane, but I don’t see that as an option. There’s a bug in the RDP client, but that involves connecting to a malicious RDP server. The bug in Active Directory requires authentication and a network adjacent attacker. The final Critical-rated bug is an interesting DoS in .NET Framework. An unauthenticated attacker could deny service over a network – presumably crippling any affected app made in .NET. You rarely see Critical-rated DoS bugs, but this one deserves the moniker.

Moving on to the other code execution bugs, you have quite a few open-and-own bugs in Office components, most notably Excel, where the Preview Pane is not an attack vector. The bug in SQL Server requires authentication, and as usual, additional steps are needed to ensure you have the correct update to remediate this vulnerability. The two bugs in Hyper-V almost reads like a privilege escalation since it allows unauthorized attackers to execute code locally. That’s the same for the bugs in the Windows Snipping Tool and the UPnP Device host.

More than half of this release addresses Elevation of Privilege (EoP) bugs. However, most simply lead to local attackers executing their code at SYSTEM-level privileges or administrative privileges, so there’s not much to add without further technical details about the bugs themselves. The bugs in SQL Server could allow an attacker to gain SQL sysadmin privileges. One of the kernel bugs simply states an attacker could “elevate privileges locally”. How obtuse. That’s similar for the bug in afd.sys and Desktop Windows Manager, but Microsoft also states that these bugs could crash an affected system. There are several bugs that result in a sandbox escape, including Windows Push Notifications, AFD for Winsock, Management Services, and User Interface Core. Of these, CVE-2026-26167 (Push Notifications) is the most notable — it's the only one with low attack complexity, meaning no race condition needed. The rest all require winning a race condition (AC:H). The bugs in UPnP are interesting as they allow attackers to gain access to a limited set of administrator-protected objects. Not a full escalation but definitely getting access to resources they shouldn’t. The vulnerability in the Brokering File System allows attackers to gain the level of the logged on user, so don’t do your normal activities as a user with admin privileges. The bug in Azure Monitor Agent leads to root-level access.

There are a dozen different security features bypass bugs in the April release. Some of these are obvious by the title alone. For example, the bugs in Windows Hello bypass safety features within the Hello app itself. The bug in the Biometric Service allows attackers to bypass biometric protections. The vulns in BitLocker and Secure Boot bypass protections in those components. The bug in Power Apps allows attackers to bypass a security warning dialog and trick targets into triggering an external protocol call that performs unintended actions on the user’s device. The bug in Windows Shell allows attackers to bypass Mark of the Web (MotW) protections. The bug in PowerShell could almost be described as a code execution bug as exploiting it bypasses dynamic-expression security checks, which could result in code execution. The vulnerability in the Windows Recovery Environment allows local attackers to bypass BitLocker device encryption. Finally, the bug in Virtualization‑Based Security (VBS) is the most interesting of the bunch – and not just because VBS is a (relatively) new feature. The problem allows attackers to manipulate allow a compromised Windows kernel to modify memory belonging to the secure kernel, breaking the intended isolation guarantees provided by VBS. Somewhat of a sandbox escape, but this time, you’re escaping from Virtual Trust Level 0 (VTL0) to Virtual Trust Level 1 (VTL1). Neat.

Moving on to the Information Disclosure bugs fixed this month, we have 20 different CVEs. Fortunately, most of these simply result in info leaks consisting of unspecified memory contents or memory addresses. While useful in crafting exploits, they aren’t exactly exciting on their own. There are also several bugs that disclose addresses from an object a contained in a sandboxed execution environment. This includes bugs in the Print Spooler, Package Catalog, and Web Account Manager. The bug in Dynamics 365 discloses the ever ineffable “sensitive information”. There are three different info disclosure bugs in UPnP. Two allow an attacker to read from the file system, while the third discloses anything available to the LOCAL SERVICE account. The final info disclosure bug resides in Copilot and Visual Studio and allows attackers to disclose the contents of the Model Context Protocol (MCP) when using Copilot. There are those who think MCP is dead (thanks to agentic AI agents), but if you’re using a custom MCP, I doubt you would want it leaked.

The April release contains just a handful of Spoofing bugs. Some, like the bugs in .NET, Active Directory, and Windows Shell, just say that they allow spoofing over a network. Others, like the bug in Windows Snipping Tool, say similar but also note that it could be used to relay NTLMv2 hashes. The patch for RDP notes that there are new warning dialogs coming this month. The bug in the Windows Admin Center would allow an attacker to interact with other tenant’s applications and content. Finally, the spoofing bug in SharePoint is another XSS issue.

There are eight DoS bugs in the April release, but as always, Microsoft provides no actionable information about the vulnerabilities. Microsoft does offer a mitigation for the http.sys bug that can be applied while you test and deploy the patch, but I would rely on the patch rather than the mitigation. Another exception is the bug for Connected User Experiences and Telemetry Service, which allows attackers to deny service locally rather than over the network.

The final(!) bug in the April release is a Tampering bug in WSUS that reads like a DoS. According to Microsoft, “An attacker can send specially crafted packets which could affect availability of the service and result in Denial of Service (DoS).” But sure – let’s call it Tampering.

No new advisories are being released this month.

Looking Ahead

I will be in Berlin for the next Patch Tuesday, which will be May 12, and I’ll provide my full thoughts then on what will hopefully be a smaller release than this one. Until then, stay safe, happy patching, and may all your reboots be smooth and clean!

In September of 2024, ZDI received a vulnerability submission from an anonymous researcher affecting npm CLI that revealed a fundamental design issue in Node.js. This blog details how it continues to expose applications to local privilege escalation (LPE) attacks on Windows systems, including the Discord desktop app (CVE-2026-0776 0-Day), which remains unpatched and vulnerable.

The issue is straightforward: when Node.js resolves modules, the runtime searches for packages in C:\node_modules as part of its default behavior. Since low-privileged Windows users can create this directory and plant malicious modules there, any Node.js application with missing or optional dependencies becomes vulnerable to privilege escalation.

This issue is not new. Concerned discussions about Node.js's module search path behavior date back to 2013 and 2014.

Node.js has explicitly stated that they consider this behavior intentional:

"Node.js trusts the file system."

They do not treat CWE-427 (Uncontrolled Search Path Element) as a vulnerability, pushing responsibility onto application developers.

Figure 1: The vendor’s security policy stance on CWE-427 as a non-issue

As the case studies below demonstrate, this stance has dangerous consequences. Developers are largely unaware of this attack surface, and the result is a proliferation of exploitable applications. We will show examples in npm CLI and Discord, but there are likely many more applications that are impacted by this.

Root Cause

The root cause lies in the way Node.js performs module resolution. This is documented here. Although UNIX paths are used in the documentation provided by Node.js, the same logic is applied on Windows.

When a Node.js application calls require(‘bar’), the runtime searches for the module in the following order:

1. C:\Users\Administrator\projects\node_modules\bar.js
2. C:\Users\Administrator\node_modules\bar.js
3. C:\Users\node_modules\bar.js
4. C:\node_modules\bar.js <-- The problem

If the legitimate package is missing, whether due to optional dependencies, development packages removed in production, or installation failures, the resolution search will eventually reach the root of the drive. Any user can create C:\node_modules and place a malicious package there. Once the low-privileged user has populated C:\node_modules\bar.js, Node.js will load and execute it in the context of the current user. In the following case studies, we will provide evidence of how, despite properly following NPM’s guidelines, third-party dependencies end up triggering this vulnerability anytime you launch the application.

Case Studies: Real-World Manifestations

The Optional Dependency Pattern: npm supports optional dependencies to be specified in the project’s package.json file. The recommended pattern for checking for these dependencies is as follows:

Figure 2: npm Docs showing optionalDependencies example code

This pattern silently catches errors when optional packages are missing, allowing execution to continue. So what’s the problem? On Windows, Node.js will search all the way up to C:\node_modules where an attacker may have planted a malicious replacement. This search behavior mirrors UNIX conventions where /node_modules at the filesystem root is typically only writable by root. Windows systems by default allow any user to create C:\node_modules. Once require is called, Node.js will traverse the search path and execute any matching module it finds.

Important things to note:

1. This pattern can be found in third party libraries deep in a dependency tree, as we will see in the following examples.
2. There is no runtime indication to either the developers or the end users that such a vulnerability exists without looking at the filesystem logs with Procmon.
3. The optional dependency pattern itself would not be dangerous if Node.js did not search for packages in C:\node_modules.

Let’s take a deeper look at both cases and see why this is so dangerous.

Case 1: npm CLI (ZDI-26-043 / ZDI-CAN-25430 / CVE-2026-0775).

Prior to version 11.2.0, npm CLI used a library called “promise-inflight”, which contained an optional dependency on a package called “bluebird”.

Figure 3: npm CLI repo snippet showing require call for missing bluebird package dependency

When Node.js is installed on the system, npm is included by default without the bluebird package. This vulnerability was introduced when bluebird was removed through a well-intentioned pull request (https://github.com/npm/cli/pull/1438/changes), demonstrating how easy it is for developers to unknowingly create this attack surface.

We can see Node’s package resolution logic at work in the screenshot below:

Figure 4: Procmon log showing the package resolution behavior of Node.js via CVE-2026-0775

First, the application looks for the bluebird.js package in the Node.js installation directory. Node.js sequentially searches back to the system root until it finds the package. If an attacker has placed C:\node_modules\bluebird.js, the require call will find, read, and execute the malicious payload in the context of any user running npm on the system.

This vulnerability is especially dangerous because it is triggered when many npm * cli commands are used. Common development commands such as npm install, npm –l, and npm prune will all execute the malicious bluebird.jspackage.

Case 2: Discord (ZDI-26-040/ ZDI-CAN-27057 / CVE-2026-0776/ UNPATCHED)

On April 22, 2025, ZDI received a report for a similar vulnerability in Discord reported by T. Doğa Gelişli. Discord uses the ws WebSocket library, which contains an optional dependency on utf-8-validate for compatibility with older Node.js versions:

Figure 5: websockets library repo snippet showing require call for missing utf-8-validate package dependency

Discord does not ship with the utf-8-validate package. As a result, the following Procmon logs show the same behavior as Case 1. Anytime Discord is launched, the attacker controlled C:\node_modules\utf-8-validate.js is executed.

Figure 6: Procmon log showing the package resolution behavior of Node.js via CVE-2026-0776

The ws library does support disabling this check via the WS_NO_UTF_8_VALIDATE environment variable, but this requires the consuming application (Discord) to set it explicitly. Here’s a quick video demonstrating the bug by popping the calc app when opening Discord:

Discord automatically opens on login by default, so in practice code execution happens immediately without any user interaction. Strangely, the Discord Security team made it clear to us in their responses that they do not consider local attack vectors as valid security issues.

The Bigger Picture

The cases above represent only a few of the applications affected by this pattern. During our investigation we found many other independent reports.  These issues in Mongo DB Compass and Mongo DB Shell are just two other examples.

Every Windows application built on Node.js with missing or optional dependencies is potentially vulnerable. This includes desktop applications that utilize Electron as well as popular web frameworks such as Next.js and React.

Each vendor has clearly stated that they will not treat these issues as vulnerabilities:

NPM’s response to our report:

“exploits that require local access to a machine are considered ineligible for npm CLI

Discord’s response to our report:

“We do not consider physical/local attacks as valid security issues”

Node.js, in the “Examples of non-vulnerabilities” section of their Security Policy:

“Node.js trusts the file system in the environment accessible to it. Therefore, it is not a vulnerability if it accesses/loads files from any path that is accessible to it.”

Conclusion

The vulnerability pattern described in this blog stems from a deliberate design decision by Node.js maintainers. While Node.js's position that “applications should trust their filesystem” may hold true on properly administered UNIX systems, it creates a systemic vulnerability on Windows where low-privileged users can write to C:\node_modules. Without a fix from Node.js, the burden silently falls on application developers.

Making matters worse, the vulnerable code may not live in the application code itself. The optional dependencies that trigger this behavior could come from third-party libraries buried in the dependency tree as we saw with both Discord and npm CLI.

We encourage security researchers to further review this issue and investigate other applications for this dangerous behavior. You can find us online at @bobbygould5 and @izobashi, and follow the team on Twitter, Mastodon, LinkedIn, or Bluesky for the latest in exploit techniques and security patches.

 

DISCLOSURE TIMELINES

 

NPM CLI:

2024-11-13 – ZDI submitted the report to the vendor

2024-11-13 – The vendor acknowledged the receipt of the report

2024-11-13 – The vendor communicated that the reported behavior was by design and they do not consider local attacks as valid security issues

2025-08-05 – ZDI encouraged the vendor to re-assess the issue

2025-12-18 – ZDI notified the vendor of the intention to publish the case as a 0-day advisory

 

DISCORD:

2025-07-08 – ZDI notified vendor

2025-09-11 – ZDI followed up with vendor

2025-09-15 – Vendor stated they do not consider local attacks as valid security issues

2025-12-01 – ZDI explained why we believe the issue is still valid

2025-12-10 – Vendor replied that the vulnerability is still out of scope 

2025-12-11 – ZDI informed vendor of intent to publish 0-day 

  

REFERENCES

https://nodejs.org/api/modules.html#loading-from-node_modules-folders

https://docs.npmjs.com/cli/v10/configuring-npm/package-json#optionaldependencies

https://groups.google.com/g/nodejs/c/5BGr5dliUIk/m/abJEH3sPymcJ?pli=1

https://github.com/nodejs/node-v0.x-archive/issues/8830

https://bounty.github.com/ineligible.html#vulnerability_in_upstream_dependencies:~:text=eligible%20for%20rewards.-,Local%20access,-Vulnerabilities%20which%20require

https://github.com/nodejs/node/security/policy#examples-of-non-vulnerabilities

If you just want to read the contest rules, click here.

 

Willkommen zurück, meine Damen und Herren, zu unserem zweiten Wettbewerb in Berlin! That’s correct (if Google translate didn’t steer me wrong). After our inaugural competition last year, Pwn2Own returns to Berlin and OffensiveCon. Outside of our shipping troubles, we had an amazing time and can’t wait to get back.

Last year, we added Artificial Intelligence as a category with great results. This year, we’re expanding this and splitting it into multiple different categories: AI Databases, Coding Agents, Local Inferences, and a separate category for NVIDIA products. In last year’s contest, NVIDIA targets had wins, losses, and collisions, so it will be interesting to see how they fare this year. The folks from AWS wanted to get into the fray as well, so they stepped up to co-sponsor this year’s event, which allows us to increase the reward for bugs in Firecracker. Of course, we have all of the returning categories as well, including web browsers, containers, servers, virtualization, and operating systems. There’s more than $1,000,000 in cash and prizes available for contestants. Last year, we awarded $1,078,750 for 28 unique 0-days over the three-day event. We’ll see if we can eclipse those numbers in 2026.

The contest begins on May 14, but registration closes on May 7, so don’t delay in getting those submissions in. We’re hoping for maximum participation, so set aside your vibe coding and show us what you can really do. We’re looking forward to some cutting-edge exploitation on display. For 2026, we have a total of 31 targets across 10 categories. Here is a full list of the categories for this year’s event:  

-- Virtualization
-- Web Browser
-- Enterprise Applications
-- Servers
-- Local Escalation of Privilege
-- Containers
-- AI Database
-- Coding Agents
-- Local Inference
-- NVIDIA

Of course, no Pwn2Own competition would be complete without us crowning a Master of Pwn (Meister von Pwn?). Since the order of the contest is decided by a random draw, contestants with an unlucky draw could still demonstrate fantastic research but receive less money since subsequent rounds go down in value. However, the points awarded for each unique, successful entry do not go down. Someone could have a bad draw and still accumulate the most points. The person or team with the most points at the end of the contest will be crowned Master of Pwn, receive 65,000 ZDI reward points (enough for Platinum status), a killer trophy, and a pretty snazzy jacket to boot.

Let's look at the details of the rules for this year's event.

Virtualization Category

Some of the highlights for each contest can be found in the Virtualization Category, and we’re thrilled to see what this year’s event could bring with it. As usual, VMware is the main highlight of this category as we’ll have VMware ESXi return with an award of $150,000. Last year produced the first ESXi exploits in Pwn2Own history, so it will be interesting to see if we get more. Microsoft also returns as a target and leads the virtualization category with a $250,000 award for a successful Hyper-V Client guest-to-host escalation. Kernel-based Virtual Machine (KVM) is our final target in this category with a prize of $50,000.

There’s an add-on bonus in this category as well. If a contestant can escape the guest OS, then gain arbitrary code execution on the virtualization target and obtain arbitrary code execution in the guest operating system on a separate virtual machine managed by the same targeted virtualization target, they’ll earn another $50,000. That could push the payout on a ESXi bug to $200,000. This bonus is for KVM and ESXi only. Here’s a detailed look at the targets and available payouts in the Virtualization category:

Back to top

Web Browser Category

While browsers are the “traditional” Pwn2Own target, we’re continuously tweaking the targets in this category to ensure they remain relevant. We re-introduced renderer-only exploits a couple of years ago, and this year, we’ve increased the award to $75,000. In fact, we’ve increased the awards across the board for this category. Here’s a detailed look at the targets and available payouts:

Back to top

Enterprise Applications Category

Enterprise applications return as targets with Adobe Reader and various Office components on the target list once again. Attempts in this category must be launched from the target under test. For example, launching the target under test from the command line is not allowed. Prizes in this category run from $50,000 for a Reader exploit with a sandbox escape or a Reader exploit with a kernel privilege escalation, and $150,000 for an Office 365 application. Word, Excel, and PowerPoint are all valid targets. Microsoft Office-based targets will have Protected View enabled where applicable. Adobe Reader will have Protected Mode enabled where applicable.

This year, we’re adding a bonus for Copilot data exfiltration and Copilot action execution. Microsoft just patched a bug like this in Excel, so we know they are out there. If you’re able to exploit Copilot in addition to a Microsoft application, you’ll earn an additional $50,000. There are quite a few rules and scenarios around this add-on, so be sure to read the rules carefully and contact us with questions. Here’s a detailed view of the targets and payouts in the Enterprise Application category:

Back to top

The Server Category

The Server Category for 2026 focuses solely on the server components we’re most interested in. These servers are often targeted by everyone from ransomware crews to nation/state actors, so we know there are exploits out there for them. The only question is whether we’ll see any of the competitors bring one of those exploits to Pwn2Own. Last year, the bugs demonstrated in SharePoint ended up being exploited in the wild, so we know people are looking for these with great interest. Microsoft Exchange has been a popular target for some time, and it returns as a target this year as well, with a payout of $200,000. This category is rounded out by Microsoft Windows RDP/RDS, which also has a payout of $200,000. Here’s a detailed look at the targets and payouts in the Server category:

Back to top

Local Escalation of Privilege Category

This category is a classic for Pwn2Own and focuses on attacks that originate from a standard user and result in executing code as a high-privileged user. A successful entry in this category must leverage a kernel vulnerability to escalate privileges. Red Hat Enterprise Linux for Workstations returns as our Linux-based target, while Apple macOS, and Microsoft Windows 11 return as targets in this category. Prior exploits in this category have won Pwnie awards, so they’re always interesting to see. Here’s a detailed look at the targets and payouts in this category:

Back to top

The Container Category

We’re excited to have this category return for its third season, and we’re hopeful that even more contestants will target one of these container targets. For an attempt to be ruled a success against these three, the exploit must be launched from within the guest container/microVM and execute arbitrary code on the host operating system. Again, with help from AWS, Firecracker returns as a target with a prize of $100,000. Here are the targets and payouts for this category:

Back to top

AI Database Category

In the past, AI Hackathons have focused on using AI to develop vulnerabilities or other offensive frameworks. We’re opening up the models and various components themselves for exploitation. The first AI sub-category focuses on databases. An attempt in this category must be launched from the contestant’s laptop. Here’s a look at the targets and awards in the AI Database category:

Back to top

The Coding Agent Category

Let’s face it. At some point or another, we’ve probably all vibe coded something. There’s no shame in that, but how secure are the tools we use for vibe coding? Well, let’s take the most popular choices and find out. A successful entry must interact with a contestant-controlled resource (e.g. web page, repository, media file) to exploit a vulnerability within the coding agent. The attack vector of the entry must be a common coding agent use case. There are few things out of scope here as well. UI spoofing or misrepresentation unrelated to permission prompts, model jailbreaks or prompt outputs that do not cross security boundaries, and vulnerabilities that require unsafe or permission-less modes are just a few of the things not allowed. As this is a new category, please read the rules carefully to ensure your entry qualifies. Here’s a look at the targets and awards in the AI Coding Agent category:

Back to top

The Local Inference Category

We couldn’t leave local inference and LLMs out of Pwn2Own. These products claim to provide enhanced data privacy, zero-cost inference, lower latency, and fully offline functionality. We’ll see how the security stacks up. An attempt in this category must be launched from the contestant’s laptop within the contest network. Here are the targets and payouts for the Local Inference category:

Back to top

The NVIDIA Category

Our last AI sub-category focuses solely on NVIDIA products. For network accessible targets, an attempt must be launched from the contestant's laptop within the contest network. For NV Container Toolkit, the attempt must be launched from within a crafted container image and execute arbitrary code on the host operating system. For Megatron Bridge, entries that leverage vulnerabilities pertaining to pickle deserialization or that leverage a vulnerability when “trust_remote_code=true” are out of scope. Here are the targets and payouts for the NVIDIA category:

Back to top

Conclusion

The complete rules for Pwn2Own Berlin 2026 are found here. As always, we highly encourage entrants to read the rules thoroughly if they choose to participate. If you are thinking about participating but have specific configuration or rule-related questions, email us. Questions asked over X (nee Twitter), BlueSky, or other means will not be answered. Registration is required to ensure we have sufficient resources on hand at the event. Please contact ZDI at [email protected] to begin the registration process. Registration for onsite participation closes at 5 p.m. Central European Time on May 7, 2026.

Be sure to stay tuned to this blog and follow us on Twitter, Mastodon, LinkedIn, or Bluesky for the latest information and updates about the contest. We look forward to seeing everyone in Germany, and we hope to see some of the best in the world show what they can do – vibe coded or not.

With special thanks to our Pwn2Own Berlin 2026 partners AWS, for providing their expertise and technology.

© 2026 Trend Micro Incorporated. All rights reserved. PWN2OWN, ZERO DAY INITIATIVE, ZDI, ZERO DAY INITIATIVE, TrendAI, and Trend Micro are trademarks or registered trademarks of Trend Micro Incorporated. All other trademarks and trade names are the property of their respective owners.

I am back in the friendly confines of the Mid-South headquarters of TrendAI ZDI (a.k.a. my home office), and am all set for the third patch Tuesday of 2026. Take a break from your regularly scheduled activities and let’s take a look at the latest security patches from Adobe and Microsoft.If you’d rather watch the full video recap covering the entire release, you can check it out here:

Adobe Patches for March 2026

For March, Adobe released eight bulletins addressing 80 unique CVEs in Adobe Acrobat Reader, Commerce, Illustrator, Substance 3D Painter, Premier Pro, Experience Manager, Substance 3D Stager, and the Adobe DNG Software Development Kit (SDK). Two of these bugs were submitted through the TrendAI ZDI program. If you need to prioritize, the update for Acrobat likely has the most impact, with the patch fixing two Critical-rated and one Important bugs. The fix for Experience Manager is the largest this month with 33 CVEs addressed. However, these are simple cross-site scripting (XSS) bugs, so it’s not too exciting. The fix for Commerce is also quite large with 19 CVEs. Most of these are also XSS bugs, but there’s a few security feature bypass bugs in there, too. Adobe actually gives this patch a deployment priority of 2, but it’s not under active attack at the time of release.

The fix for Illustrator corrects seven bugs, including a few Critical-rated ones. The patch for Substance 3D Painter fixes nine different CVEs, all rated Important. That’s not the case for Substance 3D Stager, which fixes six different Critical bugs that could lead to arbitrary code execution. The patch for the Adobe DNG Software Development Kit (SDK) addresses one Critical and one Important bug. Finally, the update for Premiere Pro correct a single, Critical-rated bug that could lead to arbitrary code execution.

None of the bugs fixed by Adobe this month are listed as publicly known or under active attack at the time of release, and beyond the update for Commerce, all of the other updates released by Adobe this month are listed as deployment priority 3.

Microsoft Patches for March 2026

This month, Microsoft released 84 new CVEs in Windows and Windows components, Office and Office Components, Microsoft Edge (Chromium-based), Azure, SQL Server, Hyper-V Server, and the Windows Resilient File System (ReFS). Counting the third-party and Chromium updates listed in the release, it brings to total number of CVEs to 94. Five of these bugs were reported through the TrendAI ZDI program. Eight of these bugs are rated Critical, and the rest are rated Important in severity.

This volume is relatively typical for a March release, and the lack of bugs under active attack is a nice change from last month. There are two vulnerabilities listed as publicly known at the time of release, but none listed as actively exploited.

Let’s take a closer look at some of the more interesting updates for this month, starting with a bug with an AI slant:

-    CVE-2026-26144 - Microsoft Excel Information Disclosure Vulnerability
This is a fascinating bug and an attack scenario we’re likely to see more often. The vulnerability is a simple cross-site scripting (XSS) bug in Excel, but an attacker could use it to cause the Copilot Agent to exfiltrate data off the target. This essentially makes it a zero-click information disclosure. Although not stated, the disclosure is likely at the level of the logged-on user, so there isn’t a privilege escalation component. Info disclosures rarely get rated Critical, but it makes sense here.

-    CVE-2026-26110/CVE-2026-26113 - Microsoft Office Remote Code Execution Vulnerability
Another month and another pair of Office bugs where the Preview Pane is an exploit vector. I’ve lost count of how many of these bugs have been patched over the last year, but it’s just a matter of time until they start appearing in active exploits. The latest versions of Outlook allow you to hide the Preview Pane, but it isn’t clear if this would mitigate these attacks. The best option is still to test and deploy the update, but considering how many of these patches exist, it’s likely further updates will be needed to fully address these issues.

-    CVE-2026-23669 - Windows Print Spooler Remote Code Execution Vulnerability
Just reading the title makes me twitch with remembrances of Print Nightmare from a few years ago. This bug works in the same manner as those exploits. An authenticated attacker sends specially crafted messages to an affected system to gain arbitrary code execution. No user interaction is required. Let’s hope we don’t end up in a new nightmare of spooler exploits. Test and deploy this one quickly.

-    CVE-2026-23668 - Windows Graphics Component Elevation of Privilege Vulnerability
This vulnerability was submitted to the ZDI program by Marcin Wiązowski as two separate bugs, and it demonstrates the need for variant investigations when creating security patches. Both cases are caused by the lack of proper locking when performing operations on an object. However, in one case, it’s in the cdd.dll driver while the other is in the win32kfull driver. Either way, an attacker could use these to elevate privileges to SYSTEM and execute arbitrary code. Since the fix for both is to add object locking to the GDI object, the cases are combined into a single CVE. That’s not a problem, but it does show how variants can occur, and fixes should be as broad as possible.

Here’s the full list of CVEs released by Microsoft for March 2026:

CVE Title Severity CVSS Public Exploited Type CVE-2026-26127 .NET Denial of Service Vulnerability Important 7.5 Yes No DoS CVE-2026-21262 SQL Server Elevation of Privilege Vulnerability Important 8.8 Yes No EoP CVE-2026-23651 Microsoft ACI Confidential Containers Elevation of Privilege Vulnerability Critical 6.7 No No EoP CVE-2026-26124 Microsoft ACI Confidential Containers Elevation of Privilege Vulnerability Critical 6.7 No No EoP CVE-2026-26122 Microsoft ACI Confidential Containers Information Disclosure Vulnerability Critical 6.5 No No Info CVE-2026-21536 Microsoft Devices Pricing Program Remote Code Execution Vulnerability Critical 9.8 No No RCE CVE-2026-26144 Microsoft Excel Information Disclosure Vulnerability Critical 7.5 No No Info CVE-2026-26110 Microsoft Office Remote Code Execution Vulnerability Critical 8.4 No No RCE CVE-2026-26113 Microsoft Office Remote Code Execution Vulnerability Critical 8.4 No No RCE CVE-2026-26125 Payment Orchestrator Service Elevation of Privilege Vulnerability Critical 8.6 No No EoP CVE-2026-26131 .NET Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-25177 Active Directory Domain Services Elevation of Privilege Vulnerability Important 8.8 No No EoP CVE-2026-26117 Arc Enabled Servers - Azure Connected Machine Agent Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-26130 ASP.NET Core Denial of Service Vulnerability Important 7.5 No No DoS CVE-2026-23661 Azure IoT Explorer Information Disclosure Vulnerability Important 7.5 No No Info CVE-2026-23662 Azure IoT Explorer Information Disclosure Vulnerability Important 7.5 No No Info CVE-2026-23664 Azure IoT Explorer Information Disclosure Vulnerability Important 7.5 No No Info CVE-2026-26121 Azure IOT Explorer Spoofing Vulnerability Important 7.5 No No Spoofing CVE-2026-26118 Azure MCP Server Tools Elevation of Privilege Vulnerability Important 8.8 No No EoP CVE-2026-23667 Broadcast DVR Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-25190 GDI Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2026-25181 GDI+ Information Disclosure Vulnerability Important 7.5 No No Info CVE-2026-26030 * GitHub: CVE-2026-26030 Microsoft Semantic Kernel InMemoryVectorStore filter functionality vulnerable Important 9.9 No No RCE CVE-2026-23654 * GitHub: Zero Shot SCFoundation Remote Code Execution Vulnerability Important 8.8 No No RCE CVE-2026-26141 Hybrid Worker Extension (Arc-enabled Windows VMs) Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-23665 † Linux Azure Diagnostic extension (LAD) Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-23674 MapUrlToZone Security Feature Bypass Vulnerability Important 7.5 No No SFB CVE-2026-26123 Microsoft Authenticator Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-26148 † Microsoft Azure AD SSH Login extension for Linux Elevation of Privilege Vulnerability Important 8.1 No No EoP CVE-2026-25167 Microsoft Brokering File System Elevation of Privilege Vulnerability Important 7.4 No No EoP CVE-2026-26107 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2026-26108 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2026-26109 Microsoft Excel Remote Code Execution Vulnerability Important 8.4 No No RCE CVE-2026-26112 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2026-26134 Microsoft Office Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-26106 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 8.8 No No RCE CVE-2026-26114 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 8.8 No No RCE CVE-2026-26105 Microsoft SharePoint Server Spoofing Vulnerability Important 8.1 No No Spoofing CVE-2026-24283 Multiple UNC Provider Kernel Driver Elevation of Privilege Vulnerability Important 8.8 No No EoP CVE-2026-25165 Performance Counters for Windows Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-24282 Push message Routing Service Elevation of Privilege Vulnerability Important 5.5 No No Info CVE-2026-26115 SQL Server Elevation of Privilege Vulnerability Important 8.8 No No EoP CVE-2026-26116 SQL Server Elevation of Privilege Vulnerability Important 8.8 No No EoP CVE-2026-20967 System Center Operations Manager (SCOM) Elevation of Privilege Vulnerability Important 8.8 No No EoP CVE-2026-24285 Win32k Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-24291 Windows Accessibility Infrastructure (ATBroker.exe) Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-25186 Windows Accessibility Infrastructure (ATBroker.exe) Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-23660 † Windows Admin Center in Azure Portal Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-24293 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-25176 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-25178 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-25179 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-23656 Windows App Installer Spoofing Vulnerability Important 5.9 No No Spoofing CVE-2026-25171 Windows Authentication Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-23671 Windows Bluetooth RFCOM Protocol Driver Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-24292 Windows Connected Devices Platform Service Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-24295 Windows Device Association Service Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-24296 Windows Device Association Service Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-25189 Windows DWM Core Library Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-25174 Windows Extensible File Allocation Table Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-25168 Windows Graphics Component Denial of Service Vulnerability Important 6.2 No No DoS CVE-2026-25169 Windows Graphics Component Denial of Service Vulnerability Important 6.2 No No DoS CVE-2026-23668 Windows Graphics Component Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-25180 Windows Graphics Component Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-25170 Windows Hyper-V Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-24297 Windows Kerberos Security Feature Bypass Vulnerability Important 6.5 No No SFB CVE-2026-24287 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-24289 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-26132 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-24288 Windows Mobile Broadband Driver Remote Code Execution Vulnerability Important 6.8 No No RCE CVE-2026-25175 Windows NTFS Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-23669 Windows Print Spooler Remote Code Execution Vulnerability Important 8.8 No No RCE CVE-2026-24290 Windows Projected File System Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-23673 Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-25172 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Important 8.8 No No RCE CVE-2026-25173 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Important 8 No No RCE CVE-2026-26111 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Important 8.8 No No RCE CVE-2026-25185 Windows Shell Link Processing Spoofing Vulnerability Important 5.3 No No Spoofing CVE-2026-24294 Windows SMB Server Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-26128 Windows SMB Server Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-25166 Windows System Image Manager Assessment and Deployment Kit (ADK) Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2026-25188 Windows Telephony Service Elevation of Privilege Vulnerability Important 8.8 No No EoP CVE-2026-23672 Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-25187 Winlogon Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-3536 * Chromium: CVE-2026-3536 Integer overflow in ANGLE Critical N/A No No RCE CVE-2026-3538 * Chromium: CVE-2026-3538 Integer overflow in Skia Critical N/A No No RCE CVE-2026-3539 * Chromium: CVE-2026-3539 Object lifecycle issue in DevTools High N/A No No RCE CVE-2026-3540 * Chromium: CVE-2026-3540 Inappropriate implementation in WebAudio High N/A No No RCE CVE-2026-3541 * Chromium: CVE-2026-3541 Inappropriate implementation in CSS High N/A No No RCE CVE-2026-3542 * Chromium: CVE-2026-3542 Inappropriate implementation in WebAssembly High N/A No No RCE CVE-2026-3543 * Chromium: CVE-2026-3543 Inappropriate implementation in V8 High N/A No No RCE CVE-2026-3544 * Chromium: CVE-2026-3544 Heap buffer overflow in WebCodecs High N/A No No RCE CVE-2026-3545 * Chromium: CVE-2026-3545 Insufficient data validation in Navigation High N/A No No RCE

* Indicates this CVE had been released by a third party and is now being included in Microsoft releases.

† Indicates further administrative actions are required to fully address the vulnerability.

 

Looking at the other Critical-rated bugs in this month’s release, they are all cloud-native and require no user action. Microsoft has already remediated the vulnerabilities.

Moving on to the other code execution bugs, the vulnerabilities in SharePoint Server pop out first. Both require authentication, but it’s essentially the lowest level of authentication, so these would be ideal cases for lateral movement within an enterprise. There are the standard open-and-own cases within Office components. There an interesting sounding bug in the Windows Mobile Broadband Driver that requires physical access, but Microsoft doesn’t elaborate on the attack scenario beyond that fact. The bug in the System Image Manager Assessment and Deployment Kit (ADK) requires authentication. The bug in GDI requires user interaction. The remaining code execution bugs are in the RRAS protocol. We’ve seen bugs in this component in the past, but never in the wild. I wouldn’t ignore these, but I wouldn’t rush them out either.

Similar to last month, updates for Elevation of Privilege (EoP) bugs make up nearly half of this month’s release. And as we saw last month, but most simply lead to local attackers executing their code at SYSTEM-level privileges or administrative privileges. The bugs in SQL Server allow attackers to elevate to SQL sysadmin privileges. The bug in the Azure MCP Server is more complex. It allows attackers to obtain the permissions associated with the MCP Server’s managed identity, which lets them perform actions that the managed identity is able to reach. The bug in the Azure AD SSH Login extension for Linux leads to root access, and it won’t be easy to patch. You’ll need to run the update instructions from the command line on each affected system. That’s the same case for the bug in the Linux Azure Diagnostic extension (LAD). There’s an odd bug in the Hybrid Worker Extension (Arc‑enabled Windows VMs) that leads to “ELEVATED” privileges, which is something I’ve never seen before. The bug in the Broadcast DVR component allows an attacker to go from low integrity level up to medium. There’s a bug listed as an EoP in the Push message Routing Service, but reading the description, Microsoft notes it could lead to an information disclosure. It’s likely this is an error and should be an Information Disclosure bug. The final EoP is in the Azure Portal Windows Admin Center and leads to SYSTEM. However, there’s no patch to remediate this bug. Instead, you need to install the latest version of the Windows Admin Center extension through the Azure Portal by hand.

There are two security feature bypass patches in the March release. The first is a bypass of the MapURLToZone method, which (as expected) allows attackers to bypass MapURLToZone protections. The third bypass is in Kerberos and could allow an attacker to either view some sensitive information or make changes to “disclosed” information. This is a race condition that occurs while the group policy is being reapplied, so the window to exploit this would be extremely small.

Looking at the remaining info disclosure bugs getting patched this month, only two result in info leaks consisting of unspecified memory contents or memory addresses. Ther others provide more interesting results. There are three bugs in the Azure IoT Explorer have some wide-ranging implications. According to Microsoft, exploitation could result in, “device connection information, authentication tokens, request data, file paths, and other information transmitted between the application and the IoT Hub.” The bug in Authenticator almost reads like a security feature bypass, as exploit results in the disclosure of a one‑time sign‑in code or authentication deep link. The attacker would receive the sign‑in information and could potentially use it to authenticate as the user, allowing access to information or services available to that account. The last info disclosure bug is in the Accessibility Infrastructure and allows an attacker to gain secrets or privileged information belonging to the user of the affected application.

There are only four spoofing bugs in the March release. The first is in SharePoint server and manifests as an XSS. The second bug is a Server-Side Request Forgery (SSRF) in the Azure IoT Explorer. The remaining two are a bit more cryptic. The bug in Windows Shell Link Processing results from the “exposure of sensitive information to an unauthorized actor,” and could lead to spoofing. That sounds like credential exposure, but it’s not explicitly called out. The final spoofing bug results from the insufficient verification of data authenticity in Windows App Installer. Again, this sounds vaguely like credential reflection, but without further information, we can only speculate.

Finally, there are four denial-of-service (DoS) bugs in the release, including one that’s listed as publicly known in the .NET Framework. As usual, Microsoft provides no actionable information about these bugs.

No new advisories are being released this month.

Looking Ahead

I plan on being at RSA for the first time in my career, so if you’re around, please stop by and say hello. I like it when people say hello. Otherwise, I’ll be back on April 14 with my assessment of that patch Tuesday release. Until then, stay safe, happy patching, and may all your reboots be smooth and clean!

In this excerpt of a TrendAI Research Services vulnerability report, Nikolai Skliarenko and Yazhi Wang of the TrendAI Research team detail a recently patched command injection vulnerability in the Windows Notepad application. This bug was originally discovered by Cristian Papa and Alasdair Gorniak of Delta Obscura. Successful exploitation of this vulnerability could result in the execution of arbitrary commands in the security context of the victim's account. The following is a portion of their write-up covering CVE-2026-20841, with a few minimal modifications.

A remote code execution vulnerability has been reported in Microsoft Windows Notepad. The vulnerability is due to improper validation of links in Markdown files.

A remote attacker could exploit this vulnerability by enticing the victim to download and interact with a malicious file. Successful exploitation of this vulnerability could result in the execution of arbitrary commands in the security context of the victim's account.

The Vulnerability

Microsoft Windows comes with a default text-editing application called Windows Notepad. Historically, this application offered only minimal editing features. However, modern versions of Windows include an improved and extended Notepad by default. This new version supports multiple file formats, Markdown rendering, and Copilot-enhanced features.

Markdown is a lightweight markup language that allows users to create formatted text using a simple syntax. It is widely used for writing documents, blog posts, and README files. It supports a wide range of formatting options, including (but not limited to) headers, styled text, numbered and bulleted lists, and links. Markdown supports two main link formats: standard and inline. The standard link format is:

          [link-name](link/path)

When rendered, only the link text ("link-name") is shown to the user.

The inline links use the following format:

          <link/path>

When rendered, they are transformed into the equivalent standard link:

          [link/path](link/path)

A remote code execution vulnerability has been reported in Microsoft Windows Notepad. The vulnerability is due to improper validation of links when handling Markdown files.

When Notepad opens a file, if the application detects that the file requires special rendering (in this case, Markdown), the input file is tokenized. Tokenization in this context means splitting the raw file text into a sequence of small, recognizable pieces ("tokens") that the renderer can process one by one. Detection is performed based on the file extension. Only the ".md" extension was found to trigger Markdown rendering, as the application uses a fixed string comparison to determine whether Markdown should be rendered by calling sub_1400ED5D0(). Markdown files are rendered token by token.

Function sub_140170F60() handles clicking on links in Markdown files. It filters the link value, and passes it to ShellExecuteExW() call.

The filtering performed on the link is found to be insufficient, as it allows using malicious crafted protocol URIs, such as "file://" and "ms-appinstaller://", to execute arbitrary files in the security context of victim. ShellExecuteExW() uses the configured protocol handlers and may expose additional exploitable protocols depending on the system configuration.

A remote attacker could exploit this vulnerability by enticing the victim to download a malicious crafted Markdown file, open it, and click on a malicious link. Successful exploitation of this vulnerability could result in the execution of arbitrary commands in the security context of the victim's account.

Notes
• Files using the ".md" file extension are not registered to be opened by Notepad by default. However, when opened manually in Notepad, they are rendered as Markdown, which allows the vulnerability to be triggered.
• Any "\\" sequences are converted to "\" in the attacker-controlled link path prior to passing it to the ShellExecuteExW() call.

Source Code Walkthrough

The following code snippet was taken from Notepad.exe version 11.2508. Comments added by TrendAI researchers have been highlighted.

In sub_140170F60():

Detection Guidance

To detect an attack exploiting this vulnerability, the detection device must monitor and parse traffic on the following application protocols that can be used to deliver an attack to exploit this vulnerability:
• FTP, over ports 21/TCP, 20/TCP
• HTTP, over port 80/TCP
• HTTPS, over port 443/TCP
• IMAP, over port 143/TCP
• NFS, over ports 2049/TCP, 2049/UDP, 111/TCP, 111/UDP
• POP3, over port 110/TCP
• SMTP, over ports 25/TCP, 587/TCP
• SMB/CIFS, over ports 139/TCP, 445/TCP

The detection device must inspect traffic transferring a Markdown file with the file extension ".md". If such a file transfer is found, the detection device must search the file content for links.

The detection device must check whether the link paths contain the strings "file:" or "ms-appinstaller:".

If "file:" was found, the detection device must search the Markdown file contents using the following case-insensitive regular expression:

(\x3C|\[[^\x5d]+\]\()file:(\x2f|\x5c\x5c){4}

If "ms-appinstaller:" was found, the detection device must search the Markdown file contents using the following case-insensitive regular expression:

(\x3C|\[[^\x5d]+\]\()ms-appinstaller:(\x2f|\x5c\x5c){2}

If any of the regular expressions matches, the link contains a path to a remote resource. The traffic must be considered malicious; an attack exploiting this vulnerability is likely underway. This guidance should also detect the public PoC that was recently posted on GitHub.

Notes

•  The string matches are case-insensitive.
•  The detection guidance is based on the vendor-provided patch. However, the patch restricts the links to local-only files and HTTP(S) URIs, which may result in a huge number of false positives. Because of that, the detection guidance focuses on formats that may access and execute remote files. Due to that, it may result in false negatives.
•  The vulnerable function uses the configured protocol handlers and may expose additional exploitable protocols depending on the system configuration.

Conclusion

This vulnerability was patched by Microsoft in the February 2026 release cycle. They note no workarounds but do list user interaction as a prerequisite to exploitation. To fully remediate the vulnerability, the proper action is to test and deploy the provided vendor patch.

Special thanks to Nikolai Skliarenko and Yazhi Wang of the TrendAI Research team for providing such a thorough analysis of this vulnerability. For an overview of TrendAI Research services please visit https://go.trendmicro.com/tis/vulnerabilities.html.

The threat research team will be back with other great vulnerability analysis reports in the future. Until then, follow the team on Twitter, Mastodon, LinkedIn, or Bluesky for the latest in exploit techniques and security patches.

I have survived the biggest Pwn2Own ever, but I’m back in Tokyo for the second Patch Tuesday of 2026. My location never stops Patch Tuesday from coming, so let’s take a look at the latest security patches from Adobe and Microsoft. If you’d rather watch the full video recap covering the entire release, you can check it out here:

Adobe Patches for February 2026

For February, Adobe released nine bulletins addressing 44 unique CVEs in Adobe Audition, After Effects, InDesign, Substance 3D Designer, Substance 3D Stager, Adobe Bridge, Substance 3D Modeler, Lightroom Classic, and the Adobe DNG Software Development Kit (SDK). The largest update here is for After Effects, which fixes 13 Critical and two Important rated bugs. The patch for Substance 3D Designer is on the larger side with seven fixes, but only two of those are Critical. On the other hand, the fix for Substance 3D Stager corrects five Critical-rated bugs that could lead to code execution. The Audition patch fixes six bugs, but only one is Critical.

The other patches are smaller in size. The fix for the Adobe DNG Software Development Kit (SDK) corrects two Critical and two Important-rated bugs. The InDesign patch fixes three bugs, but only one is Critical. The update for Adobe Bridge fixes two Critical bug that could lead to code execution. The patch for Lightroom Classic addresses a single Critical bug, and the release is wrapped up with a patch for Substance 3D Modeler that fixes a single, Important-rated memory link.

None of the bugs fixed by Adobe this month are listed as publicly known or under active attack at the time of release, and all of the updates released by Adobe this month are listed as deployment priority 3.

Microsoft Patches for February 2026

This month, Microsoft drops 58 new CVEs in Windows and Windows components, Office and Office Components, Azure, Microsoft Edge (Chromium-based), .NET and Visual Studio, GitHub Copilot, Mailslot FS, Exchange Server, Internet Explorer (!), Power BI, Hyper-V Server, and the Windows Subsystem for Linux. Counting the third-party and Chromium updates listed in the release, it brings the total number of CVEs to 62. One of the bugs in the Windows Graphics component was submitted through the ZDI program. Five of these bugs are rated Critical, two are rated Moderate, and the rest are rated Important in severity.

It’s typical to see this number of CVEs released in February, but the number of bugs under active attack is extraordinarily high. Microsoft lists six bugs being exploited at the time of release, with three of these listed as publicly known. Last month only had a single bug being exploited, although there were twice as many CVEs patched. We’ll see if we’re on our way to another “hot exploit summer” as we saw a few years ago or if this is just an aberration.

Let’s take a closer look at some of the more interesting updates for this month, starting with the bugs under active attack:

-    CVE-2026-21510 - Windows Shell Security Feature Bypass Vulnerability
This bug is listed as a security feature bypass, but it could also be classified as code execution. An attacker can bypass Windows SmartScreen and Windows Shell security prompts to execute code on a target system. This bug is also listed as publicly known, but Microsoft doesn’t say where. There is user interaction here, as the client needs to click a link or a shortcut file. Still, a one-click bug to gain code execution is a rarity. Definitely test and deploy this fix quickly.

-    CVE-2026-21514 - Microsoft Word Security Feature Bypass Vulnerability
This bug also requires user interaction in the form of opening a Word document, but that’s all that’s required to bypass protections to dangerous COM/OLE controls. Thankfully, the Preview Pane is not an attack vector here. However, users are well known to open lots of documents they receive in e-mail. This bypass could also result in code execution if the right COM/OLE control is hit. This is also listed as publicly known, so add this to the list to test and deploy quickly.

-    CVE-2026-21519 - Desktop Window Manager Elevation of Privilege Vulnerability
This is the second month in a row that a DWM was listed as being exploited in the wild. That leads me to believe the first patch didn’t completely resolve the vulnerability. Same as last month, this bug allows attackers to run code with SYSTEM privileges. Bugs of this type are typically paired with a code execution bug to take over a system. As always, Microsoft offers no indication of how widespread these exploits may be.

-    CVE-2026-21533 - Windows Remote Desktop Services Elevation of Privilege Vulnerability
Don’t let the word “Remote” in the title fool you – this is a local bug that allows attackers to run code with SYSTEM privileges. It’s interesting that Microsoft lists “Improper privilege management” as the root cause for this issue. If the system is running Remote Desktop Services, it’s probably a juicy target for attackers to move laterally after an initial breach. Add this one to the list of patches to test and deploy immediately.

-    CVE-2026-21513 - Internet Explorer Security Feature Bypass Vulnerability
Although long gone by many measurements, IE does still exist on Windows systems, and calling it always results in a vulnerability somehow. This bug manifests similarly to the Shell bug above, as it requires user interaction but could result in code execution. The bypass here is simply the ability to reach IE, which shouldn’t be possible. Again, test and deploy this fix quickly.

-    CVE-2026-21525 - Windows Remote Access Connection Manager Denial of Service Vulnerability
It’s unusual to see DoS bugs being used in active attacks, but that’s what we have here. A null pointer deref in the Windows Remote Access Connection Manager allows an unauthorized attacker to deny service locally. Most null pointer derefs cause the application or service to crash, but it’s not clear if it will automatically restart. I would exercise caution and patch quickly either way.

Here’s the full list of CVEs released by Microsoft for February 2026:

CVE Title Severity CVSS Public Exploited TYPE CVE-2026-21514 Microsoft Word Security Feature Bypass Vulnerability Important 7.8 Yes Yes SFB CVE-2026-21510 Windows Shell Security Feature Bypass Vulnerability Important 8.8 Yes Yes SFB CVE-2026-21513 Internet Explorer Security Feature Bypass Vulnerability Important 8.8 Yes Yes SFB CVE-2026-21519 Desktop Window Manager Elevation of Privilege Vulnerability Important 7.8 No Yes EoP CVE-2026-21533 Windows Remote Desktop Services Elevation of Privilege Vulnerability Important 7.8 No Yes EoP CVE-2026-21525 Windows Remote Access Connection Manager Denial of Service Vulnerability Moderate 6.2 No Yes DoS CVE-2026-21511 Microsoft Outlook Spoofing Vulnerability Important 7.5 No No Spoofing CVE-2023-2804 * Red Hat, Inc. CVE-2023-2804: Heap Based Overflow libjpeg-turbo Important 6.5 Yes No RCE CVE-2026-24302 Azure Arc Elevation of Privilege Vulnerability Critical 8.6 No No EoP CVE-2026-24300 Azure Front Door Elevation of Privilege Vulnerability Critical 9.8 No No EoP CVE-2026-21532 Azure Function Information Disclosure Vulnerability Critical 8.2 No No Info CVE-2026-21522 Microsoft ACI Confidential Containers Elevation of Privilege Vulnerability Critical 6.7 No No EoP CVE-2026-23655 Microsoft ACI Confidential Containers Information Disclosure Vulnerability Critical 6.5 No No Info CVE-2026-21218 .NET and Visual Studio Spoofing Vulnerability Important 7.5 No No Spoofing CVE-2026-21512 Azure DevOps Server Cross-Site Scripting Vulnerability Important 6.5 No No XSS CVE-2026-21529 † Azure HDInsight Spoofing Vulnerability Important 5.7 No No Spoofing CVE-2026-21528 Azure IoT Explorer Information Disclosure Vulnerability Important 6.5 No No Info CVE-2026-21228 Azure Local Remote Code Execution Vulnerability Important 8.1 No No RCE CVE-2026-21531 Azure SDK for Python Remote Code Execution Vulnerability Important 9.8 No No RCE CVE-2026-21251 Cluster Client Failover (CCF) Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-20846 GDI+ Denial of Service Vulnerability Important 7.5 No No DoS CVE-2026-21523 GitHub Copilot and Visual Studio Code Remote Code Execution Vulnerability Important 8 No No RCE CVE-2026-21518 GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability Important 6.5 No No SFB CVE-2026-21257 GitHub Copilot and Visual Studio Elevation of Privilege Vulnerability Important 8 No No EoP CVE-2026-21256 GitHub Copilot and Visual Studio Remote Code Execution Vulnerability Important 8.8 No No RCE CVE-2026-21516 GitHub Copilot for Jetbrains Remote Code Execution Vulnerability Important 8.8 No No RCE CVE-2026-21253 Mailslot File System Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-21537 † Microsoft Defender for Endpoint Linux Extension Remote Code Execution Vulnerability Important 8.8 No No RCE CVE-2026-21259 Microsoft Excel Elevation of Privilege Vulnerability Important 7.3 No No EoP CVE-2026-21258 Microsoft Excel Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-21261 Microsoft Excel Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-21527 Microsoft Exchange Server Spoofing Vulnerability Important 6.5 No No Spoofing CVE-2026-21260 Microsoft Outlook Spoofing Vulnerability Important 7.5 No No Spoofing CVE-2026-21229 Power BI Remote Code Execution Vulnerability Important 8 No No RCE CVE-2026-21236 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-21238 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-21241 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-21517 Windows App for Mac Installer Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-21234 Windows Connected Devices Platform Service Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-21235 Windows Graphics Component Elevation of Privilege Vulnerability Important 7.3 No No EoP CVE-2026-21246 Windows Graphics Component Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-21232 Windows HTTP.sys Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-21240 Windows HTTP.sys Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-21250 Windows HTTP.sys Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-21244 Windows Hyper-V Remote Code Execution Vulnerability Important 7.3 No No RCE CVE-2026-21247 Windows Hyper-V Remote Code Execution Vulnerability Important 7.3 No No RCE CVE-2026-21248 Windows Hyper-V Remote Code Execution Vulnerability Important 7.3 No No RCE CVE-2026-21255 Windows Hyper-V Security Feature Bypass Vulnerability Important 8.8 No No SFB CVE-2026-21231 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-21239 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-21245 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-21222 Windows Kernel Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-21243 Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability Important 7.5 No No DoS CVE-2026-20841 Windows Notepad App Remote Code Execution Vulnerability Important 8.8 No No RCE CVE-2026-21249 Windows NTLM Spoofing Vulnerability Important 3.3 No No Spoofing CVE-2026-21508 Windows Storage Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-21237 Windows Subsystem for Linux Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-21242 Windows Subsystem for Linux Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-1861 * Chromium: CVE-2026-1861 Heap buffer overflow in libvpx High N/A No No RCE CVE-2026-1862 * Chromium: CVE-2026-1862 Type Confusion in V8 High N/A No No RCE CVE-2026-0391 Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability Moderate 6.5 No No Spoofing

* Indicates this CVE had been released by a third party and is now being included in Microsoft releases.

† Indicates further administrative actions are required to fully address the vulnerability.

 

Moving on to the Critical-rated bugs, the patch for Azure Front Door sounds frightening, but Microsoft has already fixed the bug and is just now documenting it. That’s also true for the bugs in Azure Arc and Azure Function. There are two Critical-rated bugs in the ACI Confidential Containers. The first allows a container escape while the second discloses secret tokens and keys. Either way, you’ll want to handle those quickly.

Taking a look at the other code execution vulnerabilities in this month’s release, we start with a frightening looking bug in Azure SDK for Python that has the highest CVSS this month of 9.8. A remote, unauthenticated attacker code gain code execution on an affected system via a maliciously crafted continuation token. It’s not clear why this isn’t rated Critical, but I would treat it as such. The three bugs in Hyper-V are actually local open-and-own bugs that require a user to open a malicious file on an affected system. That’s also true for the bug in Notepad. The bug in Power BI is confusing, because Microsoft says it requires authentication and could lead to an attacker running code as an authenticated user. There’s the poorly named “Azure Local Remote Code Execution Vulnerability”, but it requires a machine-in-the-middle (MitM) to exploit. The bug in Defender for Endpoint Linux is restricted to local subnets, but you’ll need to enable auto provisioning to get the patch. The final code execution bugs addressed this month are in GitHub Copilot. Two are command injections and the other is a Time-of-check time-of-use (toctou) race condition, but both could end up in code execution on affected systems.

Patches for Elevation of Privilege (EoP) bugs make up nearly 50% of this release, but most simply lead to local attackers executing their code at SYSTEM-level privileges or administrative privileges. There are only two of note. The first is a command injection bug in GitHub Copilot that leads to executing code at the level of the targeted application. The second is a bug in a kernel that leads to SYSTEM but could also be used for a sandbox escape.

There’s a unusually high number of spoofing bugs in this month’s release, and the ones for Outlook are the most troubling. First, the Preview Pane is an attack vector. Secondly, the bugs could be used to relay NTLM credentials via just an email, which could result in credential disclosure. And you’ll need multiple patches to fully address these bugs. At least they can be applied in any order.  There’s a UI misrepresentation bug in Exchange Server that could allow an attacker to either view some sensitive information or “make changes to disclosed information”. At what point does data become disclosed? That odd phrasing makes me think they are using AI to right some of their descriptions. The phrasing also appears in the patch for NTLM. That bug is triggered by opening a specially crafted Office doc, and while they explicitly say it could be used to relay NTLM creds, it sure seems that way. The patch for .NET and Visual Studio fixes a bug that allows attackers to bypass header validation, resulting in the service accepting a message it should reject. Finally, the bug in Azure HDInsight is really just a cross-site scripting (XSS) bug. The caveat here is that you need to restart Ambari server in both of the head nodes to have this fix updated. There is also an XSS in Azure Devops Server, but at least it is labelled as such.

There are a couple of additional security feature bypass bugs to discuss. The first is in Hyper-V and bypasses the Virtualization-based Security feature. The other is in GitHub Copilot and Visual Studio Code. It’s another command injection, but this one can be used to bypass authentication. Neat.

Looking at the remaining info disclosure bugs getting patched this month, most simply result in info leaks consisting of unspecified memory contents or memory addresses. The exception is the bug in Azure IoT Explorer. This bug could be used to view the contents of the target user’s local file system.

We end this month’s release with two DoS bugs: one in LDAP and one in GDI+. Neither descriptions from Microsoft provide any usable information.

No new advisories are being released this month.

Looking Ahead

I plan on being back home for the March release but wherever I’m at, you can rest assured that March 10, I’ll be here to provide my assessment of the release. Until then, stay safe, happy patching, and may all your reboots be smooth and clean!

In this excerpt of a TrendAI Research Services vulnerability report, Jonathan Lein and Simon Humbert of the TrendAI Research team detail a recently patched command injection vulnerability in the Arista NG Firewall. This bug was originally discovered by Gereon Huppertz and reported through the TrendAI Zero Day Initiative (ZDI) program. Successful exploitation could result in arbitrary command execution under the security context of the root user. The following is a portion of their write-up covering CVE-2025-6798, with a few minimal modifications.

A command injection vulnerability has been reported in Arista NG Firewall. The vulnerability is due to improper validation of user data in the diagnostics component.

A remote, authenticated attacker could exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could result in arbitrary command execution under the security context of the root user.

The Vulnerability

Arista NG Firewall is an open-source firewall appliance. It was originally developed under the name Untangle. Some features of Arista Firewall include spam blocking, bandwidth control, and IPS, etc. NG Firewall can be managed through a web user interface, or a JSON-RPC API using HTTP.

HTTP is a request/response protocol described in RFCs 7230 - 7237 and other RFCs. A request is sent by a client to a server, which in turn sends a response back to the client. An HTTP request consists of a request line, various headers, an empty line, and an optional message body

where CRLF represents the new line sequence Carriage Return (CR) followed by Line Feed (LF). SP represents a space character. Parameters can be passed from the client to the server as name-value pairs in either the Request-URI, or in the message-body, depending on the Method used and Content-Type header. For example, a simple HTTP request passing a parameter named “param” with value “1”, using the GET method might look like:

A corresponding HTTP request using the POST method might look like:

If there is more than one parameter/value pair, they are encoded as '&'-delimited name=value pairs:

          var1=value1&var2=value2&var3=value3...

The component relevant to this report is the JSON-RPC endpoint. A JSON object has the following syntax:

•            An object is enclosed in curly braces {}.
•            An object consists of zero or more items delimited by a comma (",") character.
•            An item consists of a key and a value. A key is delimited from its value by a colon (":") character.
•            A key must be a string (enclosed in quotes).
•            A value must be a valid type. Valid types include string, number, JSON object, array, Boolean, or null.
•            An array is an object enclosed in square braces []. An array consists of zero or more string, number, JSON object, array, Boolean or null type-objects delimited by a comma (",") character.

An example JSON object is as follows:

The following is an example of a JSON-RPC request to the runTroubleshooting() method that is relevant to this report:

A command injection vulnerability has been reported in Arista NG Firewall. The vulnerability is due to improper validation of user data that is used in a command line. The runTroubleshooting() method of the class NetworkManagerImpl will be used to handle JSON-RPC requests to the runTroubleshooting method. The command parameter passed to the method will be the first element in the params JSON array in the body of the request. This value must be one of the strings in the TroubleshootingCommands enum defined in the NetworkManager class. The second parameter of the method will contain additional arguments passed to the JSON-RPC call.

The method will first iterate through each of the additional arguments and combine each key value pair into a single string, separated by a "=" character that will later be used as an environment variable. Next, a switch case statement is used to ensure the provided command is one of the values in TroubleshootingCommands. Each command value will be processed using the same code.

The method will next iterate through each environment variable, and inspect it for the following common command injection strings:

          ; & | > $(

If any are found, the request will be rejected, and an exception is thrown. If each environment variable is valid, the method execEvil() is called to create and execute a command line for the network-troubleshooting.sh script, with the environment variables passed as a parameter. The execEvil() method in turn will call Runtime.getRuntime().exec() to run the script, with the second parameter passing the environment variables that will be used by the script. Each command value will have a function in network-troubleshooting.sh, such as run_dns() for the “DNS” command value. Each function will follow a similar structure, by creating a CMD string using the environment variables passed by exec() and then calling eval to execute it.

However, the values of the parameters passed to the runTroubleshooting JSON-RPC method are not completely sanitized before it is used in the command line. While the parameters passed to the endpoint are inspected for some shell metacharacters, the list is incomplete. For example, the backtick character (`) is not included in the check and may be used to inject a command.

For example:

The example above will write and execute a python script on the server to achieve code execution without using any restricted characters.

A remote, authenticated attacker could exploit this vulnerability by sending a JSON-RPC request to the runTroubleshooting method containing a crafted “HOST” or “URL” parameter containing shell metacharacters not present in the runTroubleshooting() check. Successful exploitation in the worst case will result in arbitrary command execution under the security context of the root user.

Detection Guidance

To detect an attack exploiting this vulnerability, the detection device must monitor and parse traffic on the following ports:
          - HTTP, over port 80/TCP
          - HTTPS, over port 443/TCP

Traffic to Arista NG Firewall may be encrypted and must be decrypted prior to applying this guidance.

The detection device must search for HTTP POST requests made to the request-URI /admin/JSON-RPC. If found, the body of the request must be parsed as JSON. The JSON object in the body must be inspected for a method key, and its value must be inspected to contain the substring runTroubleshooting. If found, the object must also be inspected for the JSON key "params", with a value containing a JSON array. The first entry in the JSON array must be inspected for any of the following strings:

If found, the second entry in the array must be inspected for a JSON object, and inspected for any of the following keys:

If either is found, the corresponding value to the key must be inspected for any of the following command injection characters:

If found, the traffic should be treated as suspicious; an attack exploiting this vulnerability is likely underway.

The following regular expression can be applied to find malicious requests:

          /\x22(HOST|URL)\x22\s*:\s*\x22(?:[^\x22\\]|\\.)*?[\x60\x27\x24\x3c]/

Notes:

• String matching on the request-URI and all JSON strings should be done in a case sensitive manner.
• The JSON strings may be encoded and must be decoded prior to applying this guidance.
• The request-URI may be URL-encoded and must be decoded before applying this guidance.

Conclusion

This vulnerability has been addressed by Arista with their Security Advisory 0123. They note that the Arista Edge Threat Management - Arista Next Generation Firewall (Formerly Untangle) is affected by this bug, but other product versions are not. They also state the following mitigation can be applied:

Do not allow non-authorized administrative access or access to the administrative browser.

However, the more appropriate action is to apply the provided vendor security patch by upgrading to version 17.4 or higher.

Special thanks to Jonathan Lein and Simon Humbert of the TrendAI Research team for providing such a thorough analysis of this vulnerability. For an overview of TrendAI Research services, please visit https://go.trendmicro.com/tis/vulnerabilities.html.

The threat research team will be back with other great vulnerability analysis reports in the future. Until then, follow the team on Twitter, Mastodon, LinkedIn, or Bluesky for the latest in exploit techniques and security patches.

The last day of Pwn2Own Automotive 2026 saw the world’s top security researchers take their final shots at the latest automotive systems. Over three days of intense competition, $1,047,000 USD was awarded for 76 unique 0-day vulnerabilities, with bold exploits, clever techniques, and collisions keeping the action thrilling throughout.

By the end, Tobias Scharnowski (@ScepticCtf), Felix Buchmann (@diff_fusion), and Kristian Covic (@SeTcbPrivilege) of Fuzzware.io claimed the title of Master of Pwn, earning 28 points and $215,500 USD.

Follow the final updates on Twitter, Mastodon, LinkedIn, and Bluesky, and join the conversation using #Pwn2OwnAutomotive and #P2OAuto.

SUCCESS / COLLISON - Tobias Scharnowski (@ScepticCtf), Felix Buchmann (@diff_fusion), and Kristian Covic (@SeTcbPrivilege) of Fuzzware.io targeted the Alpine iLX-F511, demonstrating one vulnerability previously used by another contestant, earning $2,500 USD and 1 Master of Pwn point. #Pwn2Own #P2OAuto

SUCCESS / COLLISON - Slow Horses of Qrious Secure (@qriousec) targeted the Grizzl-E Smart 40A but encountered two bug collisions, still earning $5,000 USD and 2 Master of Pwn points.

SUCCESS / COLLISON - Team MST targeted the Kenwood DNR1007XR, demonstrating one bug but running into a collision, earning $2,500 USD and 1 Master of Pwn point.

SUCCESS - PetoWorks (@petoworks) targeted the Grizzl-E Smart 40A, exploiting one buffer overflow bug, and earned $10,000 USD and 4 Master of Pwn points.

SUCCESS - Bongeun Koo (@kiddo_pwn) and Evangelos Daravigkas (@freddo_1337) of Team DDOS targeted the Alpine iLX‑F511, exploiting a stack‑based buffer overflow to earn $5,000 USD and 2 Master of Pwn points.

SUCCESS - Viettel Cyber Security (@vcslab) targeted the Sony XAV‑9500ES, exploiting a heap‑based buffer overflow to achieve arbitrary code execution, earning $10,000 USD and 2 Master of Pwn points. #Pwn2Own #P2OAuto

SUCCESS / COLLISON - Qrious Secure (@qriousec) targeted the Kenwood system, demonstrating three bugs - one n-day and two unique vulnerabilities (incorrect permission assignment and a race condition), earning $4,000 USD and 1.75 Master of Pwn points.

SUCCESS - Boom! or shall we say Doom? Game On! Aapo Oksman, Elias Ikkelä-Koski and Mikael Kantola of Juurin Oy exploit the Alpitronic HYC50 with a TOCTOU bug - and installed a playable version of Doom to boot. They earn $20,000 and 4 Master of Pwn points. #Pwn2Own #P2OAuto

SUCCESS / COLLISON - Nguyen Thanh Dat (@rewhiles) of Viettel Cyber Security (@vcslab) targeted the Kenwood DNR1007XR, demonstrating one bug but encountering a collision, earning $2,500 USD and 1 Master of Pwn point.

SUCCESS / COLLISON - Autocrypt (Hoyong Jin, Jaewoo Jeong, Chanhyeok Jung, Minsoo Son, and Kisang Choi) targeted the Alpine iLX-F511, demonstrating two vulnerabilities to gain root access. One collided with a previously known issue, earning $3,000 USD and 1.25 Master of Pwn points.

SUCCESS - Elias Ikkelä-Koski and Aapo Oksman of Juurin Oy targeted the Kenwood DNR1007XR, demonstrating a link-following vulnerability to earn $5,000 USD and 2 Master of Pwn points.

SUCCESS - Nam Ha Bach and Vu Tien Hoa of the FPT NightWolf Team targeted the Alpine iLX-F511, exploiting one unique vulnerability to gain root access and earning $5,000 USD and 2 Master of Pwn points.

SUCCESS / COLLISON - Ryo Kato (@Pwn4S0n1c) targeted the Autel MaxiCharger AC Elite Home 40A, demonstrating a three-bug chain but encountering one collision, still earning $16,750 USD and 3.5 Master of Pwn points.

Day Two of Pwn2Own Automotive 2026 was packed with action, and the stakes continued to rise. Security researchers returned to the Pwn2Own stage, probing and challenging the latest automotive systems as the competition intensified. New exploits, unexpected twists, and standout performances emerged throughout the day - follow along here for daily updates as the race for Master of Pwn heats up. 

Following an action-packed Day One, where $516,500 USD was awarded for 37 unique 0-day vulnerabilities, Day Two added another $439,250 USD and 29 unique 0-days, bringing the event totals to $955,750 USD with 66 unique vulnerabilities overall. Fuzzware.io holds a commanding lead for Master of Pwn, but with one day to go, anything can still happen. We’ll see what the final day of the contest brings. 

Stay up to date throughout Day Two by following us on Twitter, Mastodon, LinkedIn, and Bluesky, and join the conversation using #Pwn2Own Automotive and #P2OAuto. 

SUCCESS - Inhyung Lee, Seokhun Lee, Chulhan Park, Wooseok Kim, and Yeonseok Jang of Team MAMMOTH exploited a command injection vulnerability against the Alpine iLX-F511, earning $10,000 USD and 2 Master of Pwn points.

FAILURE - Autocrypt - Hoyong Jin, Jaewoo Jeong, Chanhyeok Jung, Minsoo Son, and Kisang Choi - targeted the Grizzl‑E Smart 40A with the Charging Connector Protocol/Signal Manipulation add‑on but were unable to demonstrate the vulnerability within the allotted time.

SUCCESS - Julien COHEN‑SCALI of FuzzingLabs (@FuzzingLabs) targeted the Phoenix Contact CHARX SEC‑3150, chaining two vulnerabilities - an authentication bypass and privilege escalation - to earn $20,000 USD and 4 Master of Pwn points.

SUCCESS - Neodyme AG (@Neodyme) exploited a buffer overflow vulnerability (CWE‑120) in Round 3 to achieve privileged code execution on the Sony XAV‑9500ES, earning $10,000 USD and 2 Master of Pwn points. #Pwn2Own #P2OAuto

SUCCESS - Hank Chen (@hank0438) of InnoEdge Labs exploited an exposed dangerous method against the Alpitronic HYC50 – Lab Mode, earning $40,000 USD and 4 Master of Pwn points.

SUCCESS / COLLISON - Nguyen Thanh Dat (@rewhiles) of Viettel Cyber Security (@vcslab) targeted the Alpine iLX-F511, hitting a one-vulnerability collision with a previous attempt and earning $2,500 USD and 1 Master of Pwn point.

SUCCESS / COLLISON - BoredPentester (@BoredPentester) targeted the Grizzl‑E Smart 40A with the Charging Connector Protocol/Signal Manipulation add‑on, combining two bugs to earn $20,000 USD and 3 Master of Pwn points. #Pwn2Own #P2OAuto

SUCCESS / COLLISON - Bongeun Koo (@kiddo_pwn) and Evangelos Daravigkas (@freddo_1337) of Team DDOS targeted the Kenwood DNR1007XR, exploiting an n‑day command injection to earn $4,000 USD and 1 Master of Pwn point.

SUCCESS - Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) targeted the Kenwood DNR1007XR in Round 6, exploiting a command injection vulnerability to earn $5,000 USD and 2 Master of Pwn points.

SUCCESS / COLLISON - Kazuki Furukawa (@N4NU) of GMO Cybersecurity by Ierae targeted the Alpine iLX-F511, hitting a one-vulnerability collision with a previous attempt and earning $2,500 USD and 1 Master of Pwn point. #Pwn2Own #P2OAuto

SUCCESS / COLLISON - Donggeon Kim (@gbdngb12), Hoon Nam (@pwnstar96), Jaeho Jeong (@jeongZero), Sangsoo Jeong (@sangs00Jeong), and Wonyoung Jung (@nonetype_pwn) of 78ResearchLab targeted the Kenwood DNR1007XR, exploiting one n-day vulnerability along with two collisions to earn $2,500 USD and 1 Master of Pwn point.

SUCCESS - Xilokar ([email protected]) targeted the Alpitronic HYC50 – Lab Mode, exploiting one bug to earn $20,000 USD and 4 Master of Pwn points.

SUCCESS / COLLISON - Hyeongseok Lee (@fluorite_pwn), Yunje Shin (@YunjeShin), Chaeeul Hyun (@yskm_Gunter), Ingyu Yang (@Mafty5275), Hoseok Kang (@cl4y419), Seungyeon Park (@vvsy46), and Wonjun Choi (@won6_choi) of BoB::Takedown targeted the Grizzl-E Smart 40A, hitting one collision and one unique 0-day, earning $15,000 USD and 3 Master of Pwn points.

SUCCESS - Tobias Scharnowski (@ScepticCtf), Felix Buchmann (@diff_fusion), and Kristian Covic (@SeTcbPrivilege) of Fuzzware.io targeted the Phoenix Contact CHARX SEC-3150 in Round 5, exploiting three bugs with two add-ons to earn $50,000 USD and 7 Master of Pwn points.

SUCCESS / COLLISON - Slow Horses of Qrious Secure (@qriousec) targeted the Alpine iLX-F511, resulting in a single vulnerability collision with a previous attempt, earning $2,500 USD and 1 Master of Pwn point.

FAILURE - Autocrypt (Hoyong Jin, Jaewoo Jeong, Chanhyeok Jung, Minsoo Son, and Kisang Choi) targeted the Autel MaxiCharger AC Elite Home 40A with the Charging Connector Protocol/Signal Manipulation add-on, but ran out of attempts before the exploit could be demonstrated.

SUCCESS - BoredPentester (@BoredPentester) targeted the Kenwood DNR1007XR, demonstrating a command injection vulnerability to earn $5,000 USD and 2 Master of Pwn points.

SUCCESS - Rob Blakely of Technical Debt Collectors targeted Automotive Grade Linux, chaining three bugs - an out-of-bounds read, memory exhaustion, and a heap overflow - to earn $40,000 USD and 4 Master of Pwnpoints. #Pwn2Own #P2OAuto

SUCCESS / COLLISON - PHP Hooligans / Midnight Blue (@midnightbluelab) targeted the Autel MaxiCharger AC Elite Home 40A with the Charging Connector Protocol/Signal Manipulation add-on, hitting a full collision on a two-bug chain, earning $20,000 USD and 3 Master of Pwn points. #Pwn2Own #P2OAuto

SUCCESS - Synacktiv (@synacktiv) targeted the Autel MaxiCharger AC Elite Home 40A with the Charging Connector Protocol/Signal Manipulation add‑on. In Round 2, they exploited one stack‑based buffer overflow, earning $30,000 USD and 5 Master of Pwn points.

SUCCESS - Tobias Scharnowski (@ScepticCtf), Felix Buchmann (@diff_fusion), and Kristian Covic (@SeTcbPrivilege) of Fuzzware.io targeted the ChargePoint Home Flex (CPH50-K) with the Charging Connector Protocol/Signal Manipulation add-on, exploiting one command injection bug to earn $30,000 USD and 5 Master of Pwn points. #Pwn2Own #P2OAuto

FAILURE - PetoWorks (@petoworks) targeted the Alpine iLX-F511 but was unable to demonstrate their exploit within the allotted time.

SUCCESS - Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) targeted the ChargePoint Home Flex (CPH50-K) with the Charging Connector Protocol/Signal Manipulation add-on, exploiting two bugs to earn $30,000 USD and 5 Master of Pwn points.

SUCCESS / COLLISON - PetoWorks (@petoworks) targeted the Kenwood DNR1007XR, hitting one bug collision earning $2,500 USD and 1 Master of Pwn point.

SUCCESS / COLLISON - Tobias Scharnowski (@ScepticCtf), Felix Buchmann (@diff_fusion), and Kristian Covic (@SeTcbPrivilege) of Fuzzware.io targeted the Grizzl-E Smart 40A with the Charging Connector Protocol/Signal Manipulation add-on, resulting in two bug collisions and earning $15,000 USD and 3 Master of Pwn points.

SUCCESS / COLLISON - Bongeun Koo (@kiddo_pwn) and Evangelos Daravigkas (@freddo_1337) of Team DDOS targeted the Phoenix Contact CHARX SEC-3150 with the Charging Connector Protocol/Signal Manipulation add-on, demonstrating six bugs but encountering a collision, still earning $19,250 USD and 4.75 Master of Pwn points.

SUCCESS - Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) targeted the Alpine iLX-F511, exploiting two unique vulnerabilities to gain root access, earning $5,000 USD and 2 Master of Pwn points.

SUCCESS / COLLISON - Evan Grant (@stargravy) targeted the Grizzl-E Smart 40A with the Charging Connector Protocol/Signal Manipulation add-on, hitting two bug collisions, still earning $15,000 USD and 3 Master of Pwn points.

SUCCESS / COLLISON - Hyeonjun Lee (@gul9ul), Younghun Kwon (@d0kk2bi), Hyeokjong Yun (@dig06161), Dohwan Kim (@neko__hat), Hanryeol Park (@hanR0724), Hyojin Lee (@meixploit), Jinyeong Yoon, and Youngmin Cho (@ZIEN0621) of ZIEN, Inc. targeted the ChargePoint Home Flex (CPH50-K), demonstrating two unique bugs (symlink following and command injection) but encountered a collision with a previous attempt - still earning $16,750 USD and 3.5 Master of Pwn points.

SUCCESS / COLLISON - Hyeongseok Lee (@fluorite_pwn), Yunje Shin (@YunjeShin), Chaeeul Hyun (@yskm_Gunter), Ingyu Yang (@Mafty5275), Hoseok Kang (@cl4y419), Seungyeon Park (@vvsy46), and Wonjun Choi (@won6_choi) of BoB::Takedown targeted the Phoenix Contact CHARX SEC-3150, demonstrating three bugs, but ran into two collisions, earning $6,750 USD and 2.75 Master of Pwn points.

Welcome to Day One of Pwn2Own Automotive 2026! Today, 30 entries took the Pwn2Own stage to target the latest automotive systems, as the world’s top security researchers push technology to its limits. Exploits, surprises, and breakthrough discoveries are unfolding.

After Day One, we awarded $516,500 for 37 unique 0-days! Fuzzware.io is currently in the lead for Master of Pwn, but Team DDOS is right on their heels. Stay tuned tomorrow for more results and surprises.

Stay up to date by following us on Twitter, Mastodon, LinkedIn, and Bluesky, and join the conversation using #Pwn2Own Automotive and #P2OAuto for continuous coverage. 

FAILURE - Unfortunately, Team Hacking Group targeting Kenwood DNR1007XR in the In-Vehicle Infotainment (IVI) category could not get their exploit working within the time allotted.

SUCCESS - Neodyme AG (@Neodyme) used a stack based buffer overflow to get a root shell on the Alpine iLX-F511, earning $20,000 USD and 2 Master of Pwn points.

SUCCESS - Fuzzware.io ( @ScepticCtf, @diff_fusion, @SeTcbPrivilege) chained two vulnerabilities (CWE-306, CWE-347) to achieve code execution on the Autel charger and manipulate the charging signal, earning $50,000 USD and 5 Master of Pwn points. Full win with the add-on.

SUCCESS - Taejin Kim (@tae3pwn), Junsu Yeo (@junactually), Sunmin Park (@sunminpark4503), Sungmin Son (@_ssm98), and Hoseok Lee of SKShieldus (@EQSTLab) of 299 exploited a hardcoded credential (CWE-798) to achieve code execution via CWE-494 on the Grizzl-E Smart 40A, earning $40,000 USD and 4 Master of Pwn points.

SUCCESS - Bongeun Koo (@kiddo_pwn) and Evangelos Daravigkas (@freddo_1337) of Team DDOS exploited two bugs, including a command injection, against the ChargePoint Home Flex. Add-on failed, but still earned $40,000 USD and 4 Master of Pwn points.

SUCCESS - Cyrill Bannwart, Emanuele Barbeno, Yves Bieri, Lukasz D., and Urs Mueller of Compass Security (@compasssecurity) exploited one exposed dangerous method/function bug on the Alpine iLX-F511, winning Round 2 for $10,000 USD and 2 Master of Pwn points.

SUCCESS - PetoWorks (@petoworks) chained three bugs - including Denial of Service (DoS), a race condition, and command injection - against the Phoenix Contact CHARX SEC-3150, winning Round 1 for $50,000 USD and 5 Master of Pwn points with the signal manipulation add-on.

SUCCESS - Synacktiv (@synacktiv) chained three vulnerabilities to gain root-level code execution on the Sony XAV-9500ES, earning a full win of $20,000 USD and 2 Master of Pwn points.

SUCCESS - Tobias Scharnowski (@ScepticCtf), Felix Buchmann (@diff_fusion), and Kristian Covic (@SeTcbPrivilege) of Fuzzware.io exploited an n-day command injection against Kenwood, earning $8,000 USD and 1 Master of Pwn point.

SUCCESS - Yannik Marchand (@kinnay) exploited a single out-of-bounds write to achieve a full win against the Kenwood DNR1007XR, earning $20,000 USD and 2 Master of Pwn points.

FAILURE - Hyunseok Yun, Heaeun Moon, and Eungyo Seo of CIS targeted the Alpine iLX-F511 but were unable to complete their exploit within the allotted time.

SUCCESS / COLLISON - Cyrill Bannwart, Emanuele Barbeno, Yves Bieri, Lukasz D., and Urs Mueller of Compass Security (@compasssecurity) earned $25,000 USD and 4 Master of Pwn points with the Charging Connector Protocol/Signal Manipulation add‑on against the Grizzl‑E Smart 40A, chaining an authentication bypass (CWE‑306) to remote code execution via CWE‑494.

FAILURE - Tobias Scharnowski (@ScepticCtf), Felix Buchmann (@diff_fusion), and Kristian Covic (@SeTcbPrivilege) of Fuzzware.io targeted the EMPORIA Pro Charger Level 2 with the Charging Connector Protocol/Signal Manipulation add‑on but were unable to complete their exploit within the allotted time.

SUCCESS / COLLISON - Kazuki Furukawa (@N4NU) of GMO Cybersecurity chained three bugs against Kenwood - including an n‑day hard‑coded credential, incorrect permissions on a critical resource, and command injection - to earn $8,000 USD and 1.75 Master of Pwn points.

SUCCESS / COLLISON - Bongeun Koo (@kiddo_pwn) and Evangelos Daravigkas (@freddo_1337) of Team DDOS targeted the Autel MaxiCharger AC Elite Home 40A with the Charging Connector Protocol/Signal Manipulation add-on. Due to a full collision with a previous attempt, they earned $10,000 USD and 2 Master of Pwn points.

SUCCESS / COLLISON - Chumy Tsai (@rm_rf_chumy), Jimmy Liu (@DrmnSamoLiu), and Jim Chen (@asef18766) of Cycraft Technology (@cycraft_corp) targeted the Grizzl-E Smart 40A. Due to a 2-bug collision, they earned $10,000 USD and 2 Master of Pwn points.

SUCCESS - Mia Miku Deutsch (@newbe3e) exploited a stack-based buffer overflow against the Alpine iLX‑F511, earning $10,000 USD and 2 Master of Pwn points.

SUCCESS - Synacktiv (@synacktiv) chained two vulnerabilities - an information leak and an out‑of‑bounds write - to achieve a full win in the Tesla Infotainment USB‑based Attack category, earning $35,000 USD and 3.5 Master of Pwn points.

SUCCESS / COLLISON - Donggeon Kim (@gbdngb12), Hoon Nam (@pwnstar96), Jaeho Jeong (@jeongZero), Sangsoo Jeong (@sangs00Jeong), and Wonyoung Jung (@nonetype_pwn) of 78ResearchLab hit a one‑vulnerability collision against the Alpine iLX‑F511, earning $5,000 USD and 1 Master of Pwn point.

SUCCESS - Giuseppe Calì (_gcali) and 8cf53a459714977f6bb11ee2d90416bf1675fa0e2451d80cf55a06d0b6ac2 of Team Zeroshi exploited five bugs against the Phoenix Contact CHARX SEC-3150, securing a Round 2 win for $20,000 USD and 4 Master of Pwn points.

SUCCESS / COLLISON - Bongeun Koo (@kiddo_pwn) and Evangelos Daravigkas (@freddo_1337) of Team DDOS hit a collision against the Grizzl-E Smart 40A with the Charging Connector Protocol/Signal Manipulation add-on, combining three duplicate bugs and one new bug to earn $22,500 USD and 3.5 Master of Pwn points.

FAILURE - Tobias Scharnowski (@ScepticCtf), Felix Buchmann (@diff_fusion), and Kristian Covic (@SeTcbPrivilege) of Fuzzware.io targeted Sony XAV-9500ES but were unable to get their exploit working within the allotted time.

FAILURE - Viettel Cyber Security (@vcslab) targeted the ChargePoint Home Flex (CPH50-K) but were unable to get their exploit working within the allotted time.

SUCCESS - Tobias Scharnowski (@ScepticCtf), Felix Buchmann (@diff_fusion), and Kristian Covic (@SeTcbPrivilege) of Fuzzware.io achieved a full win against the Alpitronic HYC50 - Field Mode, exploiting a single out-of-bounds write to earn $60,000 USD and 6 Master of Pwn points.

SUCCESS - Dong hee Kim (@heehee_0219_) and Jong geon Kim (@kimjor22) of Team K exploited two vulnerabilities - an out-of-bounds read and a stack-based buffer overflow - against the Alpine iLX-F511, earning $10,000 USD and 2 Master of Pwn points.

SUCCESS - Interrupt Labs (@InterruptLabs) scored a Round 3 win against the Kenwood DNR1007XR, exploiting a unique heap-based buffer overflow to earn $10,000 USD and 2 Master of Pwn points. #Pwn2Own #P2OAuto

FAILURE - Jonathan Conrad (@jwconrad.bsky.social) targeted the Grizzl-E Smart 40A but was unable to reproduce the vulnerability within the allotted time.

SUCCESS / COLLISON - TienPP of FPT NightWolf hit a collision against the Kenwood DNR1007XR, chaining three bugs - including an n‑day hard‑coded credential and two 0‑days (incorrect default permissions and symlink following) - to earn $8,000 USD and 1.75 Master of Pwn points.

SUCCESS - @ExLuck99 and @gr4ss341 of ANHTUD chained two vulnerabilities (CWE‑125 and CWE‑122) to achieve code execution on the Sony XAV‑9500ES, earning $10,000 USD and 2 Master of Pwn points in Round 2.

SUCCESS / COLLISON - Donggeon Kim (@gbdngb12), Hoon Nam (@pwnstar96), Jaeho Jeong (@jeongZero), Sangsoo Jeong (@sangs00Jeong), and Wonyoung Jung (@nonetype_pwn) of 78ResearchLab targeted the Phoenix Contact CHARX SEC‑3150, chaining four bugs (two unique and two collisions) to earn $15,000 USD and 3 Master of Pwn points.

おかえりなさい (Welcome back!) The third annual Pwn2Own Automotive competition has returned to Automotive World in Tokyo, and the excitement is building. This year marks a major milestone for Pwn2Own, with a record 73 entries. We’ve brought together some of the world’s most talented security researchers to take on the latest automotive components, pushing them to their limits in a real-world testing environment.

Earlier today, we held the random drawing to determine the order of attempts, setting the stage for an exciting lineup of demonstrations and discoveries. Below is the official schedule based on that draw. All times are listed in Tokyo local time and may change as the competition progresses - updates will be posted as the event unfolds.

In case you missed it, you can watch the draw here.

Jump to:    Day One           Day Two           Day Three

Day One

Wednesday, January 21 – 1100

Team Hacking Group targeting Kenwood DNR1007XR in the In-Vehicle Infotainment (IVI) category for a total of $20,000 and 2 Master of Pwn points.

Tobias Scharnowski (@ScepticCtf), Felix Buchmann (@diff_fusion), and Kristian Covic (@SeTcbPrivilege) of Fuzzware.io targeting Autel MaxiCharger AC Elite Home 40A EV Charger in the Level 2 Electric Vehicle Chargers category with the Charging Connector Protocol/Signal Manipulation add-on for a total of $50,000 and 5 Master of Pwn points.

Neodyme AG (@Neodyme) targeting Alpine iLX-F511 in the In-Vehicle Infotainment (IVI) category for a total of $20,000 and 2 Master of Pwn points.

Bongeun Koo (@kiddo_pwn) and Evangelos Daravigkas (@freddo_1337) of Team DDOS targeting ChargePoint Home Flex (Model CPH50-K) in the Level 2 Electric Vehicle Chargers category with the Charging Connector Protocol/Signal Manipulation add-on for a total of $50,000 and 5 Master of Pwn points.

Taejin Kim (@_tae3_), Junsu Yeo (@junactually), Sunmin Park (@sunminpark4503), Sungmin Son (@_ssm98), Hoseok Lee of SKShieldus (@EQSTLab) of 299 targeting Grizzl-E Smart 40A in the Level 2 Electric Vehicle Chargers category for a total of $40,000 and 4 Master of Pwn points.

Wednesday, January 21 – 1200

PetoWorks (@petoworks) targeting Phoenix Contact CHARX SEC-3150 in the Level 2 Electric Vehicle Chargers category with the Charging Connector Protocol/Signal Manipulation add-on for a total of $50,000 and 5 Master of Pwn points.

Wednesday, January 21 – 1230

Tobias Scharnowski (@ScepticCtf), Felix Buchmann (@diff_fusion), and Kristian Covic (@SeTcbPrivilege) of Fuzzware.io targeting Kenwood DNR1007XR in the In-Vehicle Infotainment (IVI) category for a total of $20,000 and 2 Master of Pwn points.

Synacktiv (@synacktiv) targeting Sony XAV-9500ES in the In-Vehicle Infotainment (IVI) category for a total of $20,000 and 2 Master of Pwn points.

Cyrill Bannwart, Emanuele Barbeno, Yves Bieri, Lukasz D., and Urs Mueller of Compass Security (@compasssecurity) targeting Alpine iLX-F511 in the In-Vehicle Infotainment (IVI) category for a total of $20,000 and 2 Master of Pwn points.

Wednesday, January 21 – 1400

Yannik Marchand (@kinnay) targeting Kenwood DNR1007XR in the In-Vehicle Infotainment (IVI) category for a total of $20,000 and 2 Master of Pwn points.

Hyunseok Yun, Heaeun Moon, Eungyo Seo of CIS targeting Alpine iLX-F511 in the In-Vehicle Infotainment (IVI) category for a total of $20,000 and 2 Master of Pwn points

Synacktiv (@synacktiv) targeting Infotainment USB-based Attack in the Tesla Infotainment category for a total of $35,000 and 3.5 Master of Pwn points.

Tobias Scharnowski (@ScepticCtf), Felix Buchmann (@diff_fusion), and Kristian Covic (@SeTcbPrivilege) of Fuzzware.io targeting EMPORIA Pro Charger Level 2 in the Level 2 Electric Vehicle Chargers category with the Charging Connector Protocol/Signal Manipulation add-on for a total of $50,000 and 5 Master of Pwn points.

Cyrill Bannwart, Emanuele Barbeno, Yves Bieri, Lukasz D., Urs Mueller of Compass Security (@compasssecurity) targeting Grizzl-E Smart 40A in the Level 2 Electric Vehicle Chargers category with the Charging Connector Protocol/Signal Manipulation add-on for a total of $50,000 and 5 Master of Pwn points.

Wednesday, January 21 – 1500

Bongeun Koo (@kiddo_pwn) and Evangelos Daravigkas (@freddo_1337) of Team DDOS targeting Autel MaxiCharger AC Elite Home 40A EV Charger in the Level 2 Electric Vehicle Chargers category with the Charging Connector Protocol/Signal Manipulation add-on for a total of $50,000 and 5 Master of Pwn points.

Wednesday, January 21 – 1530

Kazuki Furukawa (@_N4NU_) of GMO Cybersecurity by Ierae targeting Kenwood DNR1007XR in the In-Vehicle Infotainment (IVI) category for a total of $20,000 and 2 Master of Pwn points.

Mia Miku Deutsch (@newbe3e) targeting Alpine iLX-F511 in the In-Vehicle Infotainment (IVI) category for a total of $20,000 and 2 Master of Pwn points.

Tobias Scharnowski (@ScepticCtf), Felix Buchmann (@diff_fusion), and Kristian Covic (@SeTcbPrivilege) of Fuzzware.io targeting Alpitronic HYC50 - Field Mode in the Level 3 Electric Vehicle Chargers category for a total of $60,000 and 6 Master of Pwn points.

Chumy Tsai (@rm_rf_chumy), Jimmy Liu (@DrmnSamoLiu), and Jim Chen (@asef18766) at Cycraft Technology (@cycraft_corp) targeting Grizzl-E Smart 40A in the Level 2 Electric Vehicle Chargers category for a total of $40,000 and 4 Master of Pwn points.

Wednesday, January 21 – 1600

Team Zeroshi targeting Phoenix Contact CHARX SEC-3150 in the Level 2 Electric Vehicle Chargers category with the Charging Connector Protocol/Signal Manipulation add-on for a total of $50,000 and 5 Master of Pwn points.

Wednesday, January 21 – 1700

Interrupt Labs (@InterruptLabs) targeting Kenwood DNR1007XR in the In-Vehicle Infotainment (IVI) category for a total of $20,000 and 2 Master of Pwn points.

Donggeon Kim (@gbdngb12), Hoon Nam (@pwnstar96), Jaeho Jeong (@jeongZero), Sangsoo Jeong (@sangs00Jeong) and Wonyoung Jung (@nonetype_pwn) of 78ResearchLab targeting Alpine iLX-F511 in the In-Vehicle Infotainment (IVI) category for a total of $20,000 and 2 Master of Pwn points.

Bongeun Koo (@kiddo_pwn) and Evangelos Daravigkas (@freddo_1337) of Team DDOS targeting Grizzl-E Smart 40A in the Level 2 Electric Vehicle Chargers category with the Charging Connector Protocol/Signal Manipulation add-on for a total of $50,000 and 5 Master of Pwn points.

Wednesday, January 21 – 1730

Tobias Scharnowski (@ScepticCtf), Felix Buchmann (@diff_fusion), and Kristian Covic (@SeTcbPrivilege) of Fuzzware.io targeting Sony XAV-9500ES in the In-Vehicle Infotainment (IVI) category for a total of $20,000 and 2 Master of Pwn points.

Viettel Cyber Security (@vcslab) targeting ChargePoint Home Flex (Model CPH50-K) in the Level 2 Electric Vehicle Chargers category for a total of $40,000 and 4 Master of Pwn points.

Wednesday, January 21 – 1830

TienPP from FPT NightWolf targeting Kenwood DNR1007XR in the In-Vehicle Infotainment (IVI) category for a total of $20,000 and 2 Master of Pwn points.  

Dong hee Kim (@heehee_0219_) and Jong geon Kim (@kimjor22) targeting Alpine iLX-F511 in the In-Vehicle Infotainment (IVI) category for a total of $20,000 and 2 Master of Pwn points.  

Donggeon Kim (@gbdngb12), Hoon Nam (@pwnstar96), Jaeho Jeong (@jeongZero), Sangsoo Jeong (@sangs00Jeong) and Wonyoung Jung (@nonetype_pwn) of 78ResearchLab targeting Phoenix Contact CHARX SEC-3150 in the Level 2 Electric Vehicle Chargers category for a total of $40,000 and 4 Master of Pwn points.  

Jonathan Conrad (@jwconrad.bsky.social) targeting Grizzl-E Smart 40A in the Level 2 Electric Vehicle Chargers category for a total of $40,000 and 4 Master of Pwn points.

Wednesday, January 21 – 1900

@ExLuck99 and @gr4ss341 of ANHTUD targeting Sony XAV-9500ES in the In-Vehicle Infotainment (IVI) category for a total of $20,000 and 2 Master of Pwn points.

Back to top

Day Two

Thursday, January 22 – 1030

Bongeun Koo (@kiddo_pwn) and Evangelos Daravigkas (@freddo_1337) of Team DDOS targeting Kenwood DNR1007XR in the In-Vehicle Infotainment (IVI) category for a total of $20,000 and 2 Master of Pwn points.

Inhyung Lee, Seokhun Lee, Chulhan Park, Wooseok Kim, and Yeonseok Jang from Team MAMMOTH targeting Alpine iLX-F511 in the In-Vehicle Infotainment (IVI) category for a total of $20,000 and 2 Master of Pwn points.

Julien COHEN-SCALI from FuzzingLabs (@FuzzingLabs) targeting Phoenix Contact CHARX SEC-3150 in the Level 2 Electric Vehicle Chargers category for a total of $40,000 and 4 Master of Pwn points.  

Hank Chen (@hank0438) of InnoEdge Labs targeting Alpitronic HYC50 - Lab Mode in the Level 3 Electric Vehicle Chargers category for a total of $40,000 and 4 Master of Pwn points.   

Autocrypt (Hoyong Jin, Jaewoo Jeong, Chanhyeok Jung, Minsoo Son, and Kisang Choi) targeting Grizzl-E Smart 40A in the Level 2 Electric Vehicle Chargers category with the Charging Connector Protocol/Signal Manipulation add-on for a total of $50,000 and 5 Master of Pwn points.

Thursday, January 22 – 1130

Neodyme AG (@Neodyme) targeting Sony XAV-9500ES in the In-Vehicle Infotainment (IVI) category for a total of $20,000 and 2 Master of Pwn points.

Thursday, January 22 – 1200

Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) targeting Kenwood DNR1007XR in the In-Vehicle Infotainment (IVI) category for a total of $20,000 and 2 Master of Pwn points.

Nguyen Thanh Dat (@rewhiles) from Viettel Cyber Security (@vcslab) targeting Alpine iLX-F511 in the In-Vehicle Infotainment (IVI) category for a total of $20,000 and 2 Master of Pwn points.

BoredPentester (@BoredPentester) targeting Grizzl-E Smart 40A in the Level 2 Electric Vehicle Chargers category with the Charging Connector Protocol/Signal Manipulation add-on for a total of $50,000 and 5 Master of Pwn points.

Thursday, January 22 – 1230

Tobias Scharnowski (@ScepticCtf), Felix Buchmann (@diff_fusion), and Kristian Covic (@SeTcbPrivilege) of Fuzzware.io targeting Phoenix Contact CHARX SEC-3150 in the Level 2 Electric Vehicle Chargers category with the Charging Connector Attack and Charging Connector Protocol/Signal Manipulation add-on for a total of $70,000 and 7 Master of Pwn points.

Xilokar ([email protected]) targeting Alpitronic HYC50 - Lab Mode in the Level 3 Electric Vehicle Chargers category for a total of $40,000 and 4 Master of Pwn points.

Thursday, January 22 – 1300

PHP Hooligans / Midnight Blue (@midnightbluelab) targeting Autel MaxiCharger AC Elite Home 40A EV Charger in the Level 2 Electric Vehicle Chargers category with the Charging Connector Protocol/Signal Manipulation add-on for a total of $50,000 and 5 Master of Pwn points.

Thursday, January 22 – 1330

Donggeon Kim (@gbdngb12), Hoon Nam (@pwnstar96), Jaeho Jeong (@jeongZero), Sangsoo Jeong (@sangs00Jeong) and Wonyoung Jung (@nonetype_pwn) of 78ResearchLab targeting Kenwood DNR1007XR in the In-Vehicle Infotainment (IVI) category for a total of $20,000 and 2 Master of Pwn points.

Kazuki Furukawa (@_N4NU_) of GMO Cybersecurity by Ierae targeting Alpine iLX-F511 in the In-Vehicle Infotainment (IVI) category for a total of $20,000 and 2 Master of Pwn points.

Hyeongseok Lee (@fluorite_pwn), Yunje Shin (@YunjeShin), Chaeeul Hyun (@yskm_Gunter), Ingyu Yang (@Mafty5275), Hoseok Kang (@clay419), Seungyeon Park (@vvsy46), and Wonjun Choi (@won6_choi) of BoB::Takedown targeting Grizzl-E Smart 40A in the Level 2 Electric Vehicle Chargers category for a total of $40,000 and 4 Master of Pwn points.

Thursday, January 22 – 1430

Autocrypt (Hoyong Jin, Jaewoo Jeong, Chanhyeok Jung, Minsoo Son, and Kisang Choi) targeting Autel MaxiCharger AC Elite Home 40A EV Charger in the Level 2 Electric Vehicle Chargers category with the Charging Connector Protocol/Signal Manipulation add-on for a total of $50,000 and 5 Master of Pwn points.

Rob Blakely of Technical Debt Collectors targeting Automotive Grade Linux in the Operating System category for a total of $40,000 and 4 Master of Pwn points.

Tobias Scharnowski (@ScepticCtf), Felix Buchmann (@diff_fusion), and Kristian Covic (@SeTcbPrivilege) of Fuzzware.io targeting ChargePoint Home Flex (Model CPH50-K) in the Level 2 Electric Vehicle Chargers category with the Charging Connector Protocol/Signal Manipulation add-on for a total of $50,000 and 5 Master of Pwn points.

Thursday, January 22 – 1500

BoredPentester (@BoredPentester) targeting Kenwood DNR1007XR in the In-Vehicle Infotainment (IVI) category for a total of $20,000 and 2 Master of Pwn points.

Slow Horses of Qrious Secure (@qriousec) targeting Alpine iLX-F511 in the In-Vehicle Infotainment (IVI) category for a total of $20,000 and 2 Master of Pwn points.

Thursday, January 22 – 1600

Synacktiv (@synacktiv) targeting Autel MaxiCharger AC Elite Home 40A EV Charger in the Level 2 Electric Vehicle Chargers category with the Charging Connector Protocol/Signal Manipulation add-on for a total of $50,000 and 5 Master of Pwn points.

Bongeun Koo (@kiddo_pwn) and Evangelos Daravigkas (@freddo_1337) of Team DDOS targeting Phoenix Contact CHARX SEC-3150 in the Level 2 Electric Vehicle Chargers category with the Charging Connector Protocol/Signal Manipulation add-on for a total of $50,000 and 5 Master of Pwn points.

Thursday, January 22 – 1630

PetoWorks (@petoworks) targeting Alpine iLX-F511 in the In-Vehicle Infotainment (IVI) category for a total of $20,000 and 2 Master of Pwn points.

Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) targeting ChargePoint Home Flex (Model CPH50-K) in the Level 2 Electric Vehicle Chargers category with the Charging Connector Protocol/Signal Manipulation add-on for a total of $50,000 and 5 Master of Pwn points.

Thursday, January 22 – 1700

Tobias Scharnowski (@ScepticCtf), Felix Buchmann (@diff_fusion), and Kristian Covic (@SeTcbPrivilege) of Fuzzware.io targeting Grizzl-E Smart 40A in the Level 2 Electric Vehicle Chargers category with the Charging Connector Protocol/Signal Manipulation add-on for a total of $50,000 and 5 Master of Pwn points.

Thursday, January 22 – 1800

PetoWorks (@petoworks) targeting Kenwood DNR1007XR in the In-Vehicle Infotainment (IVI) category for a total of $20,000 and 2 Master of Pwn points.

Hyeongseok Lee (@fluorite_pwn), Yunje Shin (@YunjeShin), Chaeeul Hyun (@yskm_Gunter), Ingyu Yang (@Mafty5275), Hoseok Kang (@clay419), Seungyeon Park (@vvsy46), and Wonjun Choi (@won6_choi) of BoB::Takedown targeting Phoenix Contact CHARX SEC-3150 in the Level 2 Electric Vehicle Chargers category for a total of $40,000 and 4 Master of Pwn points.

Thursday, January 22 – 1830

Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) targeting Alpine iLX-F511 in the In-Vehicle Infotainment (IVI) category for a total of $20,000 and 2 Master of Pwn points.

Hyeonjun Lee (@gul9ul), Younghun Kwon (@d0kk2bi), Hyeokjong Yun (@dig06161), Dohwan Kim (@neko__hat), Hanryeol Park (@hanR0724), Hyojin Lee (@meixploit), Jinyeong Yoon, and Youngmin Cho (@ZIEN0621) of ZIEN, Inc. targeting ChargePoint Home Flex (Model CPH50-K) in the Level 2 Electric Vehicle Chargers category for a total of $40,000 and 4 Master of Pwn points.

Evan Grant (@stargravy) targeting Grizzl-E Smart 40A in the Level 2 Electric Vehicle Chargers category with the Charging Connector Protocol/Signal Manipulation add-on for a total of $50,000 and 5 Master of Pwn points.

Back to top

Day Three

Friday, January 23 – 1030

Team MST targeting Kenwood DNR1007XR in the In-Vehicle Infotainment (IVI) category for a total of $20,000 and 2 Master of Pwn points.

Viettel Cyber Security (@vcslab) targeting Sony XAV-9500ES in the In-Vehicle Infotainment (IVI) category for a total of $20,000 and 2 Master of Pwn points.

Tobias Scharnowski (@ScepticCtf), Felix Buchmann (@diff_fusion), and Kristian Covic (@SeTcbPrivilege) of Fuzzware.io targeting Alpine iLX-F511 in the In-Vehicle Infotainment (IVI) category for a total of $20,000 and 2 Master of Pwn points.

Slow Horses of Qrious Secure (@qriousec) targeting Grizzl-E Smart 40A in the Level 2 Electric Vehicle Chargers category for a total of $40,000 and 4 Master of Pwn points.

Friday, January 23 – 1200

Slow Horses of Qrious Secure (@qriousec) targeting Kenwood DNR1007XR in the In-Vehicle Infotainment (IVI) category for a total of $20,000 and 2 Master of Pwn points.

Bongeun Koo (@kiddo_pwn) and Evangelos Daravigkas (@freddo_1337) of Team DDOS targeting Alpine iLX-F511 in the In-Vehicle Infotainment (IVI) category for a total of $20,000 and 2 Master of Pwn points.

PetoWorks (@petoworks) targeting Grizzl-E Smart 40A in the Level 2 Electric Vehicle Chargers category with the Charging Connector Protocol/Signal Manipulation add-on for a total of $50,000 and 5 Master of Pwn points.

Friday, January 23 – 1300

Aapo Oksman, Elias Ikkelä-Koski and Mikael Kantola of Juurin Oy targeting the Alpitronic HYC50 - Lab Mode in the Level 3 Electric Vehicle Chargers category for a total of $40,000 and 4 Master of Pwn points.

Friday, January 23 – 1330

Nguyen Thanh Dat (@rewhiles) from Viettel Cyber Security (@vcslab) targeting Kenwood DNR1007XR in the In-Vehicle Infotainment (IVI) category for a total of $20,000 and 2 Master of Pwn points.

Autocrypt (Hoyong Jin, Jaewoo Jeong, Chanhyeok Jung, Minsoo Son, Kisang Choi) targeting Alpine iLX-F511 in the In-Vehicle Infotainment (IVI) category for a total of $20,000 and 2 Master of Pwn points.

Friday, January 23 – 1500

Elias Ikkelä-Koski and Aapo Oksman of Juurin Oy targeting Kenwood DNR1007XR in the In-Vehicle Infotainment (IVI) category for a total of $20,000 and 2 Master of Pwn points.

Ryo Kato (@Pwn4S0n1c) targeting the Autel MaxiCharger AC Elite Home 40A EV Charger in the Level 2 Electric Vehicle Chargers category for a total of $40,000 and 4 Master of Pwn points.

Nam Ha Bach and Vu Tien Hoa from FPT NightWolf Team targeting Alpine iLX-F511 in the In-Vehicle Infotainment (IVI) category for a total of $20,000 and 2 Master of Pwn points.

The Results 

Follow the action live! We’ll be posting real-time updates and results throughout the competition on our blog and across social media. Stay up to date by following us on Twitter, Mastodon, LinkedIn, and Bluesky, and join the conversation using #Pwn2Own Automotive and #P2OAuto for continuous coverage. 

I may be in Tokyo preparing for Pwn2Own Automotive, but that doesn’t stop patch Tuesday from coming. Put aside your broken New Year’s resolutions for just a moment as we review the latest security patches from Adobe and Microsoft. If you’d rather watch the full video recap covering the entire release, you can check it out here:

Adobe Patches for January 2026

For January, Adobe released 11 bulletins addressing 25 unique CVEs in Adobe Dreamweaver, InDesign, Illustrator, InCopy, Bridge, Substance 3D Modeler, Substance 3D Stager, Substance 3D Painter, Substance 3D Sampler, Substance 3D Designer, and ColdFusion. The patch for ColdFusion fixes a single code execution bug, but the update is listed as Priority 1. It isn’t publicly known or under active attack, though. The fix for Dreamweaver corrects five Critical-rated code execution bugs. The update for InDesign also has five CVEs, but only four are rated Critical. The Substance 3D Modeler patch contains six fixes total, but only two are for arbitrary code execution.

The patch for Substance 3D Stager fixes a single, Critical-rated code execution bug. That’s the same story for Substance 3D Painter, Adobe Bridge, and InCopy. The patch for Substance 3D Sampler is a bit odd. It states that it was released in August but updated today. The CVE is from 2026, so this may just be a clerical error. The patch for Substance 3D Designer fixes a single Important-severity memory leak. Finally, the fix for Illustrator includes one Critical-rated and one Important-severity bug.

None of the bugs fixed by Adobe this month are listed as publicly known or under active attack at the time of release. Besides the fix for ColdFusion, all of the updates released by Adobe this month are listed as deployment priority 3.

Microsoft Patches for January 2026

Microsoft kicks off the new year with a bang, dropping 112 new CVEs in Windows and Windows components, Office and Office Components, Azure, Microsoft Edge (Chromium-based), SharePoint Server, SQL Server, SMB Server, and Windows Management Services.

One of these bugs came through the ZDI program. Of the patches released today, eight are rated Critical while the rest are rated Important in severity. Counting the third-party Chromium updates listed in the release, it brings to total number of CVEs to 114.

It’s not uncommon to see a large release in January. I suspect vendors hold off on certain updates through the holiday season to prevent disruptions should patches fail or cause application compatibility issues. This results in a large January release. Last year was Microsoft’s second busiest in terms of CVEs released. We’ll see if they top that in 2026.

Microsoft lists one bug under active attack, but two others as publicly known at the time of the release (although I think that number should be three). Let’s take a closer look at some of the more interesting updates for this month, starting with the bug under active attack:

-    CVE-2026-20805 - Desktop Window Manager Information Disclosure Vulnerability
It’s a bit unusual to see an information disclosure bug exploited in the wild, but that’s what we have here. This bug allows an attacker to leak a section address from a remote ALPC port. Presumably, threat actors would then use the address in the next stage of their exploit chain – probably gaining arbitrary code execution. This shows how memory leaks can be as important as code execution bugs since they make the RCEs reliable. As always, Microsoft offers no indication of how widespread these exploits may be, but considering the source, they are likely limited.

-    CVE-2026-21265 - Secure Boot Certificate Expiration Security Feature Bypass Vulnerability
While unlikely to be exploited, this bug could cause quite a bit of headaches for administrators. You will need to update the expiring certificates to continue receiving security updates or trusting new boot loaders. Again, the chances this CVE gets exploited are low. However, the chance this CVE gets ignored and devices using Secure Boot don’t receive patches is quite high. Also, this is listed as publicly known, but that just means Microsoft published information about this months ago.

-    CVE-2026-20952/202953 - Microsoft Office Remote Code Execution Vulnerability
Another month with Preview Pane exploit vectors in an Office bug. While we are still unaware of any exploitation of these bugs, they keep adding up. It’s only a matter of time until threat actors find a way to use these types of bugs in their exploits. If you are concerned about these, you can take the extra precaution of disabling the Preview Pane, which at least prevents exploitation without user interaction.

-    CVE-2026-20876 – Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability
VBS is a newer security feature in Windows, and Virtual Trust Levels (VTL) serve as different privilege levels. VTL2 is currently the highest privileged level, and this bug allows attackers to escalate to VTL2. Microsoft doesn’t say if you need to be at VTL0 or VTL1 to exploit this bug. As far as I can recall, this is the first VTL escalation bug patched within VBS. Microsoft lists this as CVSS 6.7, but I believe this is a scope change since you’re traversing VTL levels. Taking that into consideration makes the  CVSS score 8.2 (High).

Here’s the full list of CVEs released by Microsoft for January 2026:

CVE Title Severity CVSS Public Exploited Type CVE-2026-20805 Desktop Window Manager Information Disclosure Vulnerability Important 5.5 No Yes Info CVE-2023-31096 * MITRE: CVE-2023-31096 Windows Agere Soft Modem Driver Elevation of Privilege Vulnerability Important 7.8 Yes No EoP CVE-2026-21265 † Secure Boot Certificate Expiration Security Feature Bypass Vulnerability Important 6.4 Yes No SFB CVE-2024-55414 * Windows Motorola Soft Modem Driver Elevation of Privilege Vulnerability Important 7.8 Yes* No EoP CVE-2026-20955 Microsoft Excel Remote Code Execution Vulnerability Critical 7.8 No No RCE CVE-2026-20957 Microsoft Excel Remote Code Execution Vulnerability Critical 7.8 No No RCE CVE-2026-20952 Microsoft Office Remote Code Execution Vulnerability Critical 8.4 No No RCE CVE-2026-20953 Microsoft Office Remote Code Execution Vulnerability Critical 8.4 No No RCE CVE-2026-20944 Microsoft Word Remote Code Execution Vulnerability Critical 7.8 No No RCE CVE-2026-20822 Windows Graphics Component Elevation of Privilege Vulnerability Critical 7.8 No No EoP CVE-2026-20854 Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability Critical 7.5 No No RCE CVE-2026-20876 Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability Critical 6.7 No No EoP CVE-2026-21224 Azure Connected Machine Agent Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-21226 Azure Core shared client library for Python Remote Code Execution Vulnerability Important 7.5 No No RCE CVE-2026-20815 Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-20830 Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-21221 Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-20835 Capability Access Management Service (camsvc) Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-20851 Capability Access Management Service (camsvc) Information Disclosure Vulnerability Important 6.2 No No Info CVE-2026-20871 Desktop Windows Manager Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-20814 DirectX Graphics Kernel Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-20836 DirectX Graphics Kernel Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-20962 Dynamic Root of Trust for Measurement (DRTM) Information Disclosure Vulnerability Important 4.4 No No Info CVE-2026-20941 Host Process for Windows Tasks Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-21219 Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability Important 7 No No RCE CVE-2026-20812 LDAP Tampering Vulnerability Important 6.5 No No Tampering CVE-2026-20842 Microsoft DWM Core Library Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-20946 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2026-20950 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2026-20956 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2026-20949 Microsoft Excel Security Feature Bypass Vulnerability Important 7.8 No No SFB CVE-2026-20943 Microsoft Office Click-To-Run Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-20958 Microsoft SharePoint Information Disclosure Vulnerability Important 5.4 No No Info CVE-2026-20963 Microsoft SharePoint Remote Code Execution Vulnerability Important 8.8 No No RCE CVE-2026-20947 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 8.8 No No RCE CVE-2026-20951 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2026-20959 Microsoft SharePoint Server Spoofing Vulnerability Important 4.6 No No Spoofing CVE-2026-20803 † Microsoft SQL Server Elevation of Privilege Vulnerability Important 7.2 No No EoP CVE-2026-20847 Microsoft Windows File Explorer Spoofing Vulnerability Important 6.5 No No Spoofing CVE-2026-20948 Microsoft Word Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2026-20872 NTLM Hash Disclosure Spoofing Vulnerability Important 6.5 No No Spoofing CVE-2026-20925 NTLM Hash Disclosure Spoofing Vulnerability Important 6.5 No No Spoofing CVE-2026-20821 Remote Procedure Call Information Disclosure Vulnerability Important 6.2 No No Info CVE-2026-20826 Tablet Windows User Interface (TWINUI) Subsystem Information Disclosure Vulnerability Important 7.8 No No EoP CVE-2026-20827 Tablet Windows User Interface (TWINUI) Subsystem Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-20829 TPM Trustlet Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-20811 Win32k Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-20863 Win32k Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-20920 Win32k Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-20965 Windows Admin Center Elevation of Privilege Vulnerability Important 7.5 No No EoP CVE-2026-20810 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-20831 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-20860 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-20839 Windows Client-Side Caching (CSC) Service Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-20844 Windows Clipboard Server Elevation of Privilege Vulnerability Important 7.4 No No EoP CVE-2026-20857 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-20940 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-20820 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-20864 Windows Connected Devices Platform Service Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-0386 † Windows Deployment Services Remote Code Execution Vulnerability Important 7.5 No No RCE CVE-2026-20817 Windows Error Reporting Service Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-20808 Windows File Explorer Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-20823 Windows File Explorer Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-20932 Windows File Explorer Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-20937 Windows File Explorer Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-20939 Windows File Explorer Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-20804 Windows Hello Tampering Vulnerability Important 7.7 No No Tampering CVE-2026-20852 Windows Hello Tampering Vulnerability Important 7.7 No No Tampering CVE-2026-20929 Windows HTTP.sys Elevation of Privilege Vulnerability Important 7.5 No No EoP CVE-2026-20825 Windows Hyper-V Information Disclosure Vulnerability Important 4.4 No No Info CVE-2026-20816 Windows Installer Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-20849 Windows Kerberos Elevation of Privilege Vulnerability Important 7.5 No No EoP CVE-2026-20833 † Windows Kerberos Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-20818 Windows Kernel Information Disclosure Vulnerability Important 6.2 No No Info CVE-2026-20838 Windows Kernel Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-20809 Windows Kernel Memory Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-20859 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-20875 Windows Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability Important 7.5 No No DoS CVE-2026-20869 Windows Local Session Manager (LSM) Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2026-20858 Windows Management Services Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-20861 Windows Management Services Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-20865 Windows Management Services Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-20866 Windows Management Services Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-20867 Windows Management Services Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-20873 Windows Management Services Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-20874 Windows Management Services Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-20877 Windows Management Services Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-20918 Windows Management Services Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-20923 Windows Management Services Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-20924 Windows Management Services Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-20862 Windows Management Services Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-20837 Windows Media Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2026-20936 Windows NDIS Information Disclosure Vulnerability Important 4.3 No No Info CVE-2026-20840 Windows NTFS Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2026-20922 Windows NTFS Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2026-20824 Windows Remote Assistance Security Feature Bypass Vulnerability Important 5.5 No No SFB CVE-2026-20832 Windows Remote Procedure Call Interface Definition Language (IDL) Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-20828 Windows rndismp6.sys Information Disclosure Vulnerability Important 4.6 No No Info CVE-2026-20843 Windows Routing and Remote Access Service (RRAS) Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-20868 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Important 8.8 No No RCE CVE-2026-20856 Windows Server Update Service (WSUS) Remote Code Execution Vulnerability Important 8.1 No No RCE CVE-2026-20927 Windows SMB Server Denial of Service Vulnerability Important 5.3 No No DoS CVE-2026-20848 Windows SMB Server Elevation of Privilege Vulnerability Important 7.5 No No EoP CVE-2026-20919 Windows SMB Server Elevation of Privilege Vulnerability Important 7.5 No No EoP CVE-2026-20921 Windows SMB Server Elevation of Privilege Vulnerability Important 7.5 No No EoP CVE-2026-20926 Windows SMB Server Elevation of Privilege Vulnerability Important 7.5 No No EoP CVE-2026-20934 Windows SMB Server Elevation of Privilege Vulnerability Important 7.5 No No EoP CVE-2026-20834 Windows Spoofing Vulnerability Important 4.6 No No Spoofing CVE-2026-20931 Windows Telephony Service Elevation of Privilege Vulnerability Important 8 No No EoP CVE-2026-20938 Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-20819 Windows Virtualization-Based Security (VBS) Information Disclosure Vulnerability Important 5.5 No No Info CVE-2026-20935 Windows Virtualization-Based Security (VBS) Information Disclosure Vulnerability Important 6.2 No No Info CVE-2026-20853 Windows WalletService Elevation of Privilege Vulnerability Important 7.4 No No EoP CVE-2026-20870 Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2026-0628 * Chromium: CVE-2026-0628 Insufficient policy enforcement in WebView tag High N/A No No SFB

* Indicates this CVE had been released by a third party and is now being included in Microsoft releases.

† Indicates further administrative actions are required to fully address the vulnerability.

 

Moving on to the other Critical-rated bugs in this month’s release, there are a couple of odd Excel vulns receiving patches. Initially, I though the Preview Pane would be involved, but it isn’t. In fact, it’s not clear what makes these Critical at all. That’s not true for the Word bug, where the Preview Pane is an attack vector. The bug in LSASS allows for code execution over a network, but you need to be authenticated. The final Critical bug is a privilege escalation involving GPU paravirtualization and could lead to local users executing code as SYSTEM. For some reason, I feel like we have just scratched the surface with GPU-related bugs.

Taking a look at the other code execution vulnerabilities in this month’s release, there’s the standard open-and-own bugs in Word and Excel. The SharePoint bugs require authentication, but almost every authenticated user will have the needed permissions. There is an interesting SharePoint bug reported by former ZDI analyst Piotr Bazydło. This one doesn’t require authentication but does require user interaction such as importing a malicious WSDL or opening a file. The bug in WSUS looks frightening, but it requires a machine-in-the-middle (MiTM) to exploit the issue. The two bugs in NTFS require authentication. The vuln in Azure Core requires an attacker to change a valid token to be malicious, which requires “developer-type authentication” – whatever that means.

The final code execution bug for January requires extra steps for remediation. Microsoft is removing the hands-free deployment feature of Windows Deployment Services. This means you will need to audit your enterprise to find systems configured with hands-free deployments. From there, you’ll need to opt if for protection in the immediate future. You’ll also need to have a plan to migrate these systems to something other than hands free prior to Microsoft removing the feature in mid-2026.

Elevation of Privilege (EoP) bugs make up the vast majority of this release, but most simply lead to local attackers executing their code at SYSTEM-level privileges or administrative privileges. There are also quite a few bugs that allow attackers to move from Low to Medium integrity to escape AppContainer isolation. These bugs are mostly in the Windows Management Services. There is one bug that leads to “Kernel Memory Access” – whatever that means. There’s another bug that leads to change VTL levels, but this one only gets you VTL1 access. The bug in the Windows Admin Center (WAC) is interesting as it could allow attackers to gain local admin privileges on targeted WAC-managed machines within a tenant. This gives the attacker the ability to interact with other tenant’s applications and content. The bug in WalletService only leads to the privileges of the compromised user. That’s the same for the File Explorer bug. The bug in SQL Server allows an attacker to gain debugging privileges, including the ability to dump memory. As always, SQL admins will need to take extra steps for full remediation of this issue. The final EoP is actually from 2024. Microsoft doesn’t list this as public, but I do. There have already been press articles describing this vulnerability. The bug is in the Motorola Soft Modem drivers, which ship be default on supported Windows OS systems. It’s a deprecated piece of gear, so rather than fix the driver, Microsoft is simply removing the driver completely.

There are a couple of additional security feature bypass bugs to discuss. The first is in Excel, and it could allow attackers to bypass macro protections. It also requires some user interaction, so it’s not just an open-and-own bug. The bug in Remote Assistance allows attacker to evade Mark of the Web (MotW) protections.

There are quite a few information disclosure bug receiving fixes this month. Many only result in info leaks consisting of unspecified memory contents or memory addresses, but there are multiple exceptions. The bug in CamSvc discloses the ever popular “sensitive information”. Another CamSvc bug discloses the memory of the Capability Access Manager service. There are a couple of bugs that allow someone in VTL0 to view VTL1 data – again, a first as far as I know. Windows File Explorer has a few bugs that could disclose an address outside of a sandbox. That would certainly be useful for sandbox escapes. The bug in Kerberos doesn’t sound all that exciting, but it requires additional steps after installing the patch. The bug in TPM allows attacker to disclose “secrets or privileged information belonging to the user of the affected application.” The vulnerability in the Dynamic Root of Trust for Measurement (DRTM) component discloses cryptographic secrets. The Hyper-V bug is fascinating as it allows attackers to disclose data from a Guest VM to Hyper-V host server, bypassing the virtualization security boundary. Finally, the SharePoint info disclosure is interesting as it allows the exposure of data returned from outbound requests SharePoint makes on the attacker’s behalf. It’s like the attacker can use an affected system to perform reconnaissance on their behalf.

The January release contains five fixes for spoofing bugs, although some of the descriptions about the bugs themselves are quite obtuse. We can say the bug in SharePoint is a cross-site scripting (XSS) bug. Two of the bugs simply state that they allow spoofing over a network. The bugs in NTLM Hash Disclosure are least list the fact that user interaction is required.

Speaking of unclear descriptions, there are three bugs with the ever-ineffable Tampering impact. Two are in Windows Hello and allow “an unauthorized attacker to perform tampering locally.” That likely means they can abuse the Hello component to bypass it, but that’s not clearly stated. Similarly, the LDAP bug just states it could allow tampering over a network.

Finally, there are two denial-of-service bugs in SMB and LSASS. However, Microsoft provides no real information about these bugs, just that an attacker could use them to deny service over a network. At least they note the SMB bug requires authentication.

No new advisories are being released this month.

Looking Ahead

Assuming I survive Pwn2Own automotive and haven’t transformed into a giant piece of sushi, I’ll be back for the February release on the 10th. Until then, stay safe, happy patching, and may all your reboots be smooth and clean!

As we ramp up to the premier automotive and charging station hacking competition, Pwn2Own Automotive 2026 in Tokyo, the Trend Micro Zero Day Initiative (ZDI) is providing a preliminary look at one of the main targets: the Alpitronic HYC50 High-Power Charger.

The HYC50 series represents the leading edge of fast-charging infrastructure, blending complex high-voltage power electronics with a robust, networked digital control system. For Pwn2Own contestants, the digital attack surface is often the most accessible path to a top-tier bounty. This post serves as a hardware identification primer, guiding researchers through the core components that make up the device's control and low-voltage sections.

This is strictly a hardware reconnaissance report. We encourage all participants to begin their deep-dive analysis ahead of the contest.

Section 1: The Development Hardware Enclosure

Participants in Pwn2Own Automotive 2026 will be provided with a modified hardware setup to simplify the research process. This setup isolates the low-voltage control and digital boards from the high-voltage power stack, allowing for safer and more focused analysis.

The following image shows the custom enclosure housing the core digital and communication components extracted from the larger HYC50 unit.

The low-voltage control and digital stack mounted in the custom development case. Note the external power inputs and clearly labeled network ports for easy connectivity.

This case contains the primary application processor, communication interfaces (Ethernet, CAN), and critical memory components that govern the charger's operation, payment, and network connectivity.  Additionally, you will find the touchscreen and NFC interfaces readily accessible on the front of the case.

Section 2: Core Digital Control Board (DCB)

The central brain of the Alpitronic HYC50 is the main digital control board. This PCB is responsible for managing the charger's state machine, handling OCPP (Open Charge Point Protocol) communication, managing user authentication, and orchestrating the power modules.  The main application processor and its memoires reside on a customized System On a Module (SOM) that attaches to the main board via a 200 pin SO-DIMM header. We’ll discuss the SOM specifically in the next section.

Top of the main Digital Control Board (DCB)

Bottom of the main Digital Control Board (DCB)

The DCB features several key components of interest to security researchers:

Component Functionality and additional information Power Line Communication Controller (PLC) Two PLC units provide communication to the vehicle. The RED Beet E 1.1 devices are utilized for this purpose. These are alternately known as SECC (Supply Equipment Communication Controllers). Ethernet Interfaces Two RJ45 Ethernet interfaces reside on the board. As these are located near a maintenance access hatch on the enclosure, the interfaces are intended to be used by installers and technicians to access the management interface of the charger. Local MPU An STM32G0B1 is utilized on the DCB, likely for real time control of the charging process. Note the possible JTAG header footprint nearby in the pictures below. SOM The main processor subsystem is located on a 208 pin SO-DIMM that can be plugged into the DCB. Connectors Near SOM The high-density connectors near the SOM interface the other boards of the system. This includes the touch screen LCD and the SIM card communications board. SOM Console Header There is a 4-pin unpopulated header on the DCB near the SOM socket. Silkscreen reads “CON_SOM_UART”, suggesting a console port. Its operational status is unknown.

Close-up of the PLC controller

Ethernet interfaces for accessing the management interface

The SOM residing on the DCB along with the LCD and COMM board interfaces. Note the 4-pin header marked “CON_SOM_UART” in the upper left corner of the picture.

The local MPU (STM32G0B1) and possible test ports (missing conformal coating)

Section 3: SOM

The main processing components of the charger reside on a 208-pin module that is plugged into the DCB.  The module is custom, however it is heavily based on the VAR-SOM-6UL design produced by Variscite.   It is a variant that contains an eMMC device but appears to be lacking the Wi-Fi devices that a standard VAR-SOM-6UL is advertised with.  That’s not surprising because the radio functions of the charger are handled by a separate board.  Thus, it is very possible that this “custom” SOM is simply a cost-reduced version with some unneeded parts de-populated from the off-the-shelf version.

Top and Bottom views of the SOM (System On a Module)

The custom SOM features several key components of interest to security researchers:

Component Functionality and additional information Main SoC/CPU The primary processor, an i.MX6 (MCIMX6G2AVM07 AB). This runs the operating system (likely embedded Linux or a RTOS) and the core application code. DRAM/RAM Soldered DDR memory adjacent to the i.MX6 on the top side. Part number reads K4B4G1646E-BMMA, which translates to a 512MB DDR3L device. Flash Memory A surface-mounted eMMC Flash chip sits on the back side of the SOM. Part number reads SDINBDG4-8G-XI1 and is thus an 8GB device.

Main top side components. i.MX6 and DDR memory

Main bottom side component. SanDisk eMMC memory

Section 4: Communication Board (COMM)

The HYC50 relies on several interfaces for communication, and much of that capability is housed on the COMM board attached to the door of the enclosure.  This board is connected to the DCB through the single large connector. There appear to be two 4G LTE radios and they share the same antenna.  Two SIM card slots exist, possibly to support those radios.  There’s a third radio module that’s likely providing the Wi-Fi and Bluetooth functions on its separate antenna.  Thereis also a USB port, but it is not accessible from the outside of the enclosure.   Finally, this board appears to interface to the screen’s touch function while the display appears to fed by the DCB directly.  In addition to the board pictures, a picture of its arrangement in the charger’s enclosure will be included for clarity.

Top side of the communication board (COMM) showing two 4G LTE  controllers

Bottom side of the COMM board

HYC50 enclosure door layout

The COMM board  features several key components of interest to security researchers:

Component Functionality and additional information 4G LTE Radios Two QUECTEL EG915U-EU sharing an antenna. There are two SIM card slots as well. Wi-Fi/BT Radio Likely an ESP32-WROOM or ESP32-WROVER, based on the QR code shown and its package and pin count. NFC board Interface NFC board interfaces to the COMM board USB Port A type A USB port on the board. Not exposed outside the enclosure. Function unknown.

The 4G LTE module (lower left) and the Wi-Fi/BT module (upper right)

Section 5: Additional Observations

1)  The HYC50 is a mature product with documentation available online.  Do not neglect to search for documents that might assist your effort.  Installation and operational manuals exist in various locations.

2)  If you are one of the few who were approved to receive a development case for research, please be aware that these are custom, hand-built, experimental devices.  Before powering up, look/listen for any fasteners that may have come loose during shipping.   Correct those before applying power to the unit to avoid damage.

Conclusion

The Alpitronic HYC50 offers a rich and complex target for Pwn2Own researchers. This preliminary look identifies the core digital components, memory, and — crucially — the physical debug and manufacturing interfaces that may be leveraged for the contest.

We look forward to seeing the innovative research that will be brought to bear on the HYC50 at Pwn2Own Automotive 2026. Happy hunting, and may the bounty be ever in your favor!

Follow the team on Twitter, Mastodon, LinkedIn, or Bluesky for the latest in exploit techniques and security patches and visit the Pwn2Own Automotive 2026 page for rule updates and bounty lists.

In our previous Kenwood DNR1007XR blog, we detailed the internals of the Kenwood in-vehicle infotainment (IVI) head unit and provided annotated pictures of the main PCB. In this post, we aim to outline the attack surface of the DNR1007XR in the hopes of providing inspiration for vulnerability research.

We will cover the main supported technologies that present potential attack surfaces, such as USB, Bluetooth, Android Auto, Apple CarPlay, Kenwood apps, and more.

All information has been obtained through reverse engineering, experimenting, and combing through the following resources:

·      DNR1007XR product page
·      DNR1007XR instruction manual
·      DNR1007XR quick start guide
·      Kenwood Portal app
·      Kenwood Remote S app

USB

The DNR1007XR is equipped with a single USB-A port that operates at USB 2.0 speeds, providing the necessary interface for wired Android Auto and Apple CarPlay.

The USB port also supports playback of audio files from a USB flash drive. The supported audio filetypes and their associated extensions are:

·      MP3 (.mp3)
·      WMA (.wma)
·      AAC-LC (.m4a)
·      WAV (.wav)
·      FLAC (.flac, .fla)
·      Vorbis (.ogg)
·      DSD (.dsf, .dff)

As well as audio, a USB flash drive can also be used to play back video files. The supported video filetypes and their associated extensions are:

·      MPEG-1 (.mpg, .mpeg)
·      MPEG-2 (.mpg, .mpeg)
·      H.264 / MPEG-4 (.mp4, .m4v, .avi, .flv, .f4v)
·      WMV (.wmv)
·      MKV (.mkv)

Robustly parsing and decoding these file formats is notoriously complicated and error-prone, which makes for a potentially rewarding attack surface.

USB flash drives must be formatted as either FAT16, FAT32, exFAT, or NTFS for the head unit to be able to read them.

SD Card

A full-sized SD card slot is tucked away behind the screen and is used for audio/video playback as well as updating map data. As previously mentioned, a large attack surface is exposed when parsing audio and video files. Map updates are likely a good research target, too.

SD cards must be formatted as either FAT16, FAT32, exFAT, or NTFS for the head unit to be able to read them.

Bluetooth

Bluetooth version 5 is supported by the head unit and is used for making and receiving phone calls, as well as playing audio from a paired mobile phone. The following Bluetooth profiles are officially documented in the user manual:

·      Hands Free Profile v1.7
·      Serial Port Profile
·      Phonebook Access Profile
·      Audio/Video Remote Control Profile (AVRCP) v1.6
·      Advanced Audio Distribution Profile (A2DP)
o   Supporting codecs: SBC, AAC, or LDAC

Android Auto, Apple CarPlay, and the Kenwood apps also utilise Bluetooth in varying capacities.

Interrogating the unit shows a few more Bluetooth services that are not documented; these could be a great area to research. Judging by the service names, they may all be related to Kenwood apps.

Service Name: App0 Service RecHandle: 0x10003 Service Class ID List: UUID 128: 00001101-0000-1000-8000-00805f9b34fb Protocol Descriptor List: "L2CAP" (0x0100) "RFCOMM" (0x0003) Channel: 2 Service Name: App1 Service RecHandle: 0x10004 Service Class ID List: UUID 128: 00000000-deca-fade-deca-deafdecacaff Protocol Descriptor List: "L2CAP" (0x0100) "RFCOMM" (0x0003) Channel: 3 Service Name: App2 Service RecHandle: 0x10005 Service Class ID List: UUID 128: 4de17a00-52cb-11e6-bdf4-0800200c9a66 Protocol Descriptor List: "L2CAP" (0x0100) "RFCOMM" (0x0003) Channel: 4 Service Name: App3 Service RecHandle: 0x10006 Service Class ID List: UUID 128: 4de17a00-52cb-11e6-bdf4-0800200c9a66 Protocol Descriptor List: "L2CAP" (0x0100) "RFCOMM" (0x0003) Channel: 5 Service Name: App4 Service RecHandle: 0x10007 Service Class ID List: UUID 128: 4de17a00-52cb-11e6-bdf4-0800200c9a66 Protocol Descriptor List: "L2CAP" (0x0100) "RFCOMM" (0x0003) Channel: 6 Service Name: App5 Service RecHandle: 0x10008 Service Class ID List: UUID 128: 4de17a00-52cb-11e6-bdf4-0800200c9a66 Protocol Descriptor List: "L2CAP" (0x0100) "RFCOMM" (0x0003) Channel: 7

Wi-Fi

The head unit provides a WiFi access point that is primarily used for wireless Android Auto and Apple CarPlay. There is no intention for the end user to directly connect to this network and there is no officially documented way of acquiring the password. However, internal research has discovered multiple methods to obtain the password.

Once connected to the access point, the following ports are open:

·      TCP: 7000, 8086, 8888, 5355, 22
·      UDP: 67, 5353, 5355, 34613, 50842

TCP 22 is an SSH server and can be logged into. As per the competition rules, "If the entry leverages hardcoded credentials and/or exposed encryption keys, the entry must leverage an additional vulnerability to gain code execution to be in scope."

TCP 7000, 8086, and 8888 are all running non-standard services and are likely great places to research further.

Android Auto and Apple CarPlay

Both wired and wireless Android Auto and Apple CarPlay are supported without the need for a 3rd party app to be installed on the paired mobile phone. When using the wireless versions, the paired phone connects to the aforementioned secured WiFi network to establish a high-bandwidth channel for data to be sent and received.

When connecting using a USB cable, the WiFi network isn't used by Android Auto or Apple CarPlay, but it is still active.

Kenwood

Kenwood offers 2 Android/iOS apps to interface with the DNR1007XR. The first app is the Kenwood Portal App, which allows users to transfer photos from a mobile phone to the head unit over Bluetooth. The transferred photos can then be viewed as a slideshow on the head unit or be used as the wallpaper.

This presents an interesting attack surface, especially if the DNR1007XR itself performs any complex image handling tasks on the received images, such as resizing or converting between different image formats. The user-supplied images also need to be persisted to the head unit's filesystem, further expanding the attack surface.

The second app is the Kenwood Remote S app, which connects to the head unit over Bluetooth and allows for multimedia control such as selecting a radio station, skipping a track, and more. The Bluetooth Audio/Video Remote Control Profile (AVRCP) is designed for this exact task; however, no research was performed to confirm if the Remote S app takes advantage of AVRCP.

There are a few other Kenwood apps available, but they are not listed as supported on the DNR1007XR product page and therefore have not been explored.

Open Source Software

A list of open source licences can be viewed from the head unit by navigating to Settings -> System -> Open Source Licenses. There's no guarantee these open source projects are actually used by the unit.

Summary

We hope that this blog post has provided enough information about the DNR1007XR threat landscape to guide vulnerability research. Not every attack surface has been mentioned, and we encourage researchers to investigate further.

We are looking forward to Automotive Pwn2Own again in Tokyo in January 2026 at Automotive World, and we will see if IVI vendors have improved their product security. Don’t wait until the last minute to ask questions and register! We hope to see you there.

You can find me on Twitter @ByteInsight, and follow the team on Twitter, Mastodon, LinkedIn, or Bluesky for the latest in exploit techniques and security patches.

For the upcoming Pwn2Own Automotive contest, a total of 3 head units have been selected. One of these is the double DIN Kenwood DNR1007XR that offers a variety of functionality such as Android Auto, Apple CarPlay, USB media playback, wireless mirroring and more.

This blog post presents photos of the DNR1007XR including highlighting interesting internal components. A hidden debugging interface is also detailed which can be leveraged to obtain a shell.

Figure 1: Kenwood DNR1007XR

External

Tucked away behind the screen is a full-sized SD card slot that can be accessed by tilting the screen downwards. The SD card is used to play audio/video files as well as updating map data. This seems like an attack surface worth researching.

Figure 2: SD card slot

There's also a single USB port routed from the back of the unit that is used for:

·      Wired Android Auto
·      Wired Apple CarPlay
·      Audio playback
·      Video playback

Internal

Moving on to the internals, the DNR1007XR comprises multiple interconnected boards, with the most interesting board being located at the top of the unit. Removing a few screws and metal plates gives access to this board, which contains the main processor, eMMC, flash, and a Bluetooth / WiFi radio module.

Figure 3: Main board

Towards the center is the main Dolphin+ TCC8034 System on a Chip (SoC), which is marketed as an “IVI and Cluster solution” that supports running Android, Linux, and QNX. The SoC contains two 32-bit ARM cores and is running Linux. Last year's Kenwood target utilized a similar TCC8974 SoC; more information can be found here.

Figure 4: Dolphin+ TCC8034 SoC

Further to the right is a Kioxia THGBMJG7C2LBAU8 16GB eMMC chip which contains the main device firmware.

Figure 5: Kioxia eMMC

Below the eMMC chip and to the left is a Winbond 25Q256JVFM 256Mb serial flash chip that contains unknown data.

Figure 6: Winbond flash

Finally, to the left of the SoC is a Murata radio that handles Wi-Fi and Bluetooth operations. Searching around for the exact model number that's etched onto the radio's shielding doesn't return much information but the FCC documents for the DNR1007XR state that this is the Murata LBEE6ZZ1WD-334. This module has no public datasheet available and isn't listed on Murata's site.

Figure 7: Murata radio

Debug Connector

On the right edge of the main board is a suspicious-looking connector that lines up with a thin gap in the outer housing. This connector exposes a Linux login prompt over UART at 115200bps. Logging in with the correct credentials will spawn a shell.

Figure 8: Debug connector

Summary

Hopefully, this blog post provides enough information to kickstart vulnerability research against the DNR1007XR. Keep an eye out for another blog coming this Friday that covers the threat landscape of the DNR1007XR.

We are looking forward to Automotive Pwn2Own again in January 2026, and we will see if IVI vendors have improved their product security. We hope to see you there.

Until then, you can find me on Twitter @ByteInsight, and follow the team on Twitter, Mastodon, LinkedIn, or Bluesky for the latest in exploit techniques and security patches.

It’s the final patch Tuesday of 2025, but that doesn’t make it any less exciting. Put aside your holiday planning for just a moment as we review the latest security offering from Adobe and Microsoft. If you’d rather watch the full video recap covering the entire release, you can check it out here:

Adobe Patches for December 2025

For December, Adobe released five bulletins addressing 139 unique CVEs in Adobe Reader, ColdFusion, Experience Manager, Creative Cloud Desktop, and the Adobe DNG Software Development Kit (SDK). Don’t panic at that large of a CVE count. Most of those are simple cross-site scripting (XSS) bugs in Adobe Experience Manager. There are a few Critical-rated DOM-based XSS bugs in the mix, so don’t ignore this patch by any means – just don’t panic at the large number of CVEs. I wouldn’t panic over the update for ColdFusion either, but Adobe does set the deployment priority for this fix as 1. They note there are no known active attacks for the CVEs, but there are several arbitrary code execution bugs being fixed. Also, if you’re running ColdFusion, make sure you check out one of their lockdown guides. The one for ColdFusion 2025 can be found here.

The update for Adobe Reader is smaller than expected, with only two of the four CVEs addressed leading to code execution. Not that I’m complaining – I just expected more. The patch for the Adobe DNG Software Development Kit also fixes four CVEs, with one of those leading to code execution. Finally, the update for Creative Cloud Desktop fixes a single Important-rated bug.

None of the bugs fixed by Adobe this month are listed as publicly known or under active attack at the time of release. Besides the fix for ColdFusion, all of the updates released by Adobe this month are listed as deployment priority 3.

Microsoft Patches for December 2025

Microsoft ends the year by releasing a paltry 56 new CVEs in Windows and Windows components, Office and Office Components, Microsoft Edge (Chromium-based), Exchange Server, Azure, Copilot, PowerShell, and Windows Defender. One of these bugs came through the ZDI program. Of the patches released today, three are rated Critical while the rest are rated Important in severity. Counting the third-party Chromium updates listed in the release, it brings to total number of CVEs to 70.

Counting the CVEs released today, that being Microsoft’s total count to 1,139 CVEs patched in 2025. Again, this is not counting the numerous updates for Azure Linux and CBL Mariner released earlier this month as these should be considered Linux CVEs being applied to Azure properties. That makes 2025 the second-largest year in volume, trailing 2020 by a mere 111 CVEs. AS Microsoft’s portfolio continues to increase and as AI bugs become more prevalent, this number is likely to go higher in 2026.

Microsoft lists one bug under active attack, but two others as publicly known at the time of the release. Let’s take a closer look at some of the more interesting updates for this month, starting with the bug under active attack:

-    CVE-2025-62221 - Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
This is the only bug listed as under active attack for this month, and – at least on the surface – looks similar to a bug patched in October. However, the bug back in October was a race condition where this is a Use After Free (UAF). It allows an attacker to perform a privilege escalation on an affected system. These types of bugs are often combined with a code execution bug to take over a system. It appears to affect every supported version of Windows, so if you must prioritize, this should be on the top of your list.

-    CVE-2025-62554/62557 - Microsoft Office Remote Code Execution Vulnerability
Here we are again, looking at two Office bugs where the Preview Pane is an attack vector. For those counting (like me), that makes 11 months in a row with a Critical-rated Office bug, including the Preview Pane as an attack vector. If you’re a Mac user, you are out of luck, as updates for Office LTSC for Mac 2021 and 2024 are not available. Let’s hope Microsoft gets those out before exploitation begins.

-    CVE-2025-62562 - Microsoft Outlook Remote Code Execution Vulnerability
At first glance, I thought this was another Preview Pane issue, but it isn’t. In fact, this is only rated Critical for SharePoint Enterprise Server 2016 – it’s rated Important for everything else. However, the CVSS is the same (7.8) for all affected platforms. For this bug, the attacker would need to convince a user to reply to a specially crafted email. It’s not clear why this is worse on SharePoint 2016, but if you are running this version in your enterprise, don’t skip this update.

-    CVE-2025-64671 - GitHub Copilot for Jetbrains Remote Code Execution Vulnerability
This is the bug listed as publicly known, and it’s a command injection bug in Copilot that allows an unauthorized user to execute their code on an affected system. It’s listed as local, but it’s likely that a remote attacker could socially engineer someone to trigger the command injection. By exploiting a malicious cross-prompt injection in untrusted files or Model Context Protocol (MCP) servers, an attacker could piggyback extra commands onto those permitted by the user’s terminal auto-approve settings, causing them to be executed without further confirmation. I expect we’ll see many more bugs like these in 2026.

Here’s the full list of CVEs released by Microsoft for December 2025:

CVE Title Severity CVSS Public Exploited Type CVE-2025-62221 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Important 7.8 No Yes EoP CVE-2025-64671 GitHub Copilot for Jetbrains Remote Code Execution Vulnerability Important 8.4 Yes No RCE CVE-2025-54100 † PowerShell Remote Code Execution Vulnerability Important 7.8 Yes No RCE CVE-2025-62554 Microsoft Office Remote Code Execution Vulnerability Critical 8.4 No No RCE CVE-2025-62557 Microsoft Office Remote Code Execution Vulnerability Critical 8.4 No No RCE CVE-2025-62562 Microsoft Outlook Remote Code Execution Vulnerability Critical 7.8 No No RCE CVE-2025-62572 Application Information Service Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-62550 Azure Monitor Agent Remote Code Execution Vulnerability Important 8.8 No No RCE CVE-2025-62463 DirectX Graphics Kernel Denial of Service Vulnerability Important 6.5 No No DoS CVE-2025-62465 DirectX Graphics Kernel Denial of Service Vulnerability Important 6.5 No No DoS CVE-2025-62573 DirectX Graphics Kernel Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2025-62552 Microsoft Access Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2025-62469 Microsoft Brokering File System Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2025-62569 Microsoft Brokering File System Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2025-62553 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2025-62556 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2025-62560 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2025-62561 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2025-62563 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2025-62564 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2025-64666 † Microsoft Exchange Server Elevation of Privilege Vulnerability Important 7.5 No No EoP CVE-2025-64667 † Microsoft Exchange Server Spoofing Vulnerability Important 5.3 No No Spoofing CVE-2025-62455 Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-64672 Microsoft SharePoint Server Spoofing Vulnerability Important 8.8 No No Spoofing CVE-2025-62555 Microsoft Word Remote Code Execution Vulnerability Important 7 No No RCE CVE-2025-62558 Microsoft Word Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2025-62559 Microsoft Word Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2025-62458 Win32k Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-62570 Windows Camera Frame Server Monitor Information Disclosure Vulnerability Important 7.1 No No Info CVE-2025-62466 Windows Client-Side Caching Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-62454 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-62457 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-62470 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-62468 Windows Defender Firewall Service Information Disclosure Vulnerability Important 4.4 No No Info CVE-2025-64670 Windows DirectX Information Disclosure Vulnerability Important 6.5 No No Info CVE-2025-64679 Windows DWM Core Library Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-64680 Windows DWM Core Library Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-62565 Windows File Explorer Elevation of Privilege Vulnerability Important 7.3 No No EoP CVE-2025-64658 Windows File Explorer Elevation of Privilege Vulnerability Important 7.5 No No EoP CVE-2025-62567 Windows Hyper-V Denial of Service Vulnerability Important 5.3 No No DoS CVE-2025-62571 Windows Installer Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-55233 Windows Projected File System Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-62461 Windows Projected File System Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-62462 Windows Projected File System Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-62464 Windows Projected File System Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-62467 Windows Projected File System Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-62472 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-62474 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-62456 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability Important 8.8 No No RCE CVE-2025-62473 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Important 6.5 No No Info CVE-2025-62549 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Important 8.8 No No RCE CVE-2025-64678 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Important 8.8 No No EoP CVE-2025-64661 Windows Shell Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-59516 Windows Storage VSP Driver Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-59517 Windows Storage VSP Driver Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-64673 Windows Storage VSP Driver Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-62223 * Microsoft Edge (Chromium-based) for Mac Spoofing Vulnerability Low 4.3 No No Spoofing CVE-2025-13630 * Chromium: CVE-2025-13630 Type Confusion in V8 High N/A No No RCE CVE-2025-13631 * Chromium: CVE-2025-13631 Inappropriate implementation in Google Updater High N/A No No RCE CVE-2025-13632 * Chromium: CVE-2025-13632 Inappropriate implementation in DevTools High N/A No No RCE CVE-2025-13633 * Chromium: CVE-2025-13633 Use after free in Digital Credentials High N/A No No RCE CVE-2025-13634 * Chromium: CVE-2025-13634 Inappropriate implementation in Downloads Medium N/A No No Info CVE-2025-13720 * Chromium: CVE-2025-13720 Bad cast in Loader Medium N/A No No SFB CVE-2025-13721 * Chromium: CVE-2025-13721 Race in v8 Medium N/A No No RCE CVE-2025-13635 * Chromium: CVE-2025-13635 Inappropriate implementation in Downloads Low N/A No No Info CVE-2025-13636 * Chromium: CVE-2025-13636 Inappropriate implementation in Split View Low N/A No No Info CVE-2025-13637 * Chromium: CVE-2025-13637 Inappropriate implementation in Downloads Low N/A No No Info CVE-2025-13638 * Chromium: CVE-2025-13638 Use after free in Media Stream Low N/A No No RCE CVE-2025-13639 * Chromium: CVE-2025-13639 Inappropriate implementation in WebRTC Low N/A No No Info CVE-2025-13640 * Chromium: CVE-2025-13640 Inappropriate implementation in Passwords Low N/A No No Info

* Indicates this CVE had been released by a third party and is now being included in Microsoft releases.

† Indicates further administrative actions are required to fully address the vulnerability.

 

Since we’ve already covered all of the Critical-rated CVEs, let’s move straight into looking at the other code execution bugs patched in the December release. As expected, most are Office-related open-and-own bugs where the Preview Pane is not an attack vector. There’s also the now ubiquitous bug in the RRaS service. There’s a bug in the Windows Resilient File System (ReFS) resulting from a heap overflow that could be reached over the network, but authentication is required. That’s similar to the bug in Azure Monitor. According to Microsoft, “An attacker with local network access to an Azure Linux Virtual Machine running Azure Monitor could exploit a heap overflow to escalate privileges to the syslog user, enabling execution of arbitrary commands.” The fix for the PowerShell bug is the other publicly known vulnerability this month and will require more than just a patch. The bug itself is a simple command injection, but after applying the update, when you use the Invoke-WebRequest command, you’ll receive a security warning message. You’ll also likely need to reboot after installing the patch, so make sure you complete that to fully address the vulnerability.

Moving on to the privilege escalation bugs receiving patches this month, most simply lead to SYSTEM-level code execution or administrative privileges if an authenticated user runs specially crafted code. The bug in Windows Shell could lead to elevating levels of code execution integrity – moving from Low to Medium integrity to escape AppContainer isolation. The vulnerability in RRAS requires an authenticated and domain-joined user, but it could allow an attacker to execute code on a target system. There’s an odd bug in the Brokering File System that’s listed as Elevation of Privilege, but it reads as a Denial of Service (DoS). A standard user could crash a system through a UAF. That sure does sound like a local DoS to me. Finally, there’s a bug in Exchange server that was reported by the National Security Agency (NSA). Microsoft says exploitation is unlikely, but NSA. It does seem like a fair amount of preparation is needed to exploit this bug, but NSA. Also, updates for Exchange Server 2016 and 2019 are not available as they are out of support. If you’re still using those you need to upgrade to the Extended Security Update (ESU) program.

Speaking of Exchange, there’s also a spoofing bug in the server that allows attackers to spoof the “From” email address displayed to the user. This bug was not reported by the NSA, but still, the UI misrepresentation could be used by attackers to spoof critical information. Kudos to Microsoft for deciding to fix the issue. The other spoofing bug corrected this month is in SharePoint and manifests as a cross-site scripting (XSS) bug.  

There are only four information disclosure bugs getting patched this month, and fortunately, all of these bugs only result in info leaks consisting of unspecified memory contents or memory addresses. The bug in Windows Defender also requires the attacker to be a part of a specific user group.

The December release contains fixes for three Denial-of-Service (DoS) bugs, and their descriptions mirror what we saw in the November release. While they all state that an attacker could deny service over a network (or locally) to that component, the two DirectX Graphics Kernel bugs state they could be used by a low-privilege Hyper-V guest to cause a DoS on the Hyper-V environment. It’s not clear how this would occur, but it if you’re running Hyper-V, don’t overlook these patches.

No new advisories are being released this month.

Looking Ahead

We start the patch process again in 2026 on January 13, and I’ll be back then with my analysis and thoughts about the release. Until then, merry christmahanakwanzika, stay safe, happy patching, and may all your reboots be smooth and clean!

I’ve made it through Pwn2Own Ireland, and while many are celebrated those who served their country in the armed services, patch Tuesday stops for no one. So affix your poppy accordingly, and let’s take a look at the latest security offerings from Adobe and Microsoft. If you’d rather watch the full video recap covering the entire release, you can check it out here:

Adobe Patches for November 2025

For November, Adobe released eight bulletins addressing 29 unique CVEs in Adobe InDesign, InCopy, Photoshop, Illustrator, Illustrator Mobile, Substance 3D Stager, Format Plugins, and Adobe Pass. Nine of these CVEs were reported by Trend ZDI researcher Michel DePlante. He discovered the bugs fixed by the patch for Adobe Format Plugins. If you must prioritize, the update for InDesign fixes four Critical-rated bugs. All could lead to arbitrary code execution. The fix for Illustrator for iPad also fixes five Critical-rated code execution bugs. However, the update for Illustrator only has two code execution CVEs. It’s interesting to see the difference between the mobile and desktop versions. The patch for Photoshop addresses a single code execution bug. There are four Critical-rated code execution bugs fixed by the Substance 3D Stager update. The patch for InCopy corrects three code execution bugs. The final patch from Adobe this month fixes a privilege escalation bug in Adobe Pass.

Overall, this month’s Adobe release is (thankfully) not that exciting. None of the bugs fixed by Adobe this month are listed as publicly known or under active attack at the time of release. All of the updates released by Adobe this month are listed as deployment priority 3.

Microsoft Patches for November 2025

This month, Microsoft took pity on patch managers around the world and released a mere 63 CVEs Windows and Windows Components, Office and Office Components, Microsoft Edge (Chromium-based), Azure Monitor Agent, Dynamics 365, Hyper-V, SQL Server, and the Windows Subsystem for Linux GUI. Of the patches released today, four are rated Critical and 59 are rated Important in severity. One of these CVEs came through the Trend ZDI program. Counting the third-party Chromium updates listed in the release, it brings to total number of CVEs to 68.

This release is a far cry from the 177 CVEs we saw last month, although I don’t think anyone will complain. That brings the total CVEs addressed by Microsoft so far this year to 1,084. This is not counting the numerous updates for Azure Linux and CBL Mariner released earlier this month, as these should be considered Linux CVEs being applied to Azure properties. This drop could also be due to the fact that this is the first month where Windows 10 is not receiving updates. We will see what December brings and how close we end up to the record total of CVEs set back in 2020.  

Microsoft lists one bug under active attack, but none are publicly known at the time of release. Let’s take a closer look at some of the more interesting updates for this month, starting with the bug under active attack:

-    CVE-2025-62215 - Windows Kernel Elevation of Privilege Vulnerability
This is the bug currently under exploit, but Microsoft offers no indication of the extent of the exploitation. It’s also interesting to note there’s a race condition here, and it shows that some race conditions are more reliable than others. Bugs like these are often paired with a code execution bug by malware to completely take over a system. If you must prioritize, this should be at the top of your list.

-    CVE-2025-62199 - Microsoft Office Remote Code Execution Vulnerability
Another month – another Office bug where the Preview Pane is an attack vector. Interestingly, Microsoft notes user interaction is required despite the Preview Pane, so it’s not clear how this would be exploited. Maybe if a user previews an attachment? Still, at this point, it’s time to consider disabling the Preview Pane in Office until Microsoft clears these bugs up.

-    CVE-2025-60709 - Windows Common Log File System (CLFS) Driver Elevation of Privilege Vulnerability
While this bug is not under active attack and simply leads to executing code as SYSTEM, I highlight this bug as CLFS has been exploited multiple times over the last few years. I will admit that I may have some recency bias with this as I just saw a presentation at the Countermeasure conference in Ottawa discussing CLFS exploitation. Still, the presentation showed how CLFS has been recently abused by threat actors.

 -    CVE-2025-62222 - Agentic AI and Visual Studio Code Remote Code Execution Vulnerability
While there have been a few bugs impacting CoPilot, this is the first bug specifically calling out Agentic AI with a code execution bug. Based on the description, exploitation of this vulnerability would not be trivial. However, with a little bit of social engineering, it could allow remote attackers to execute their code on a target GitHub repository. There are several bugs impacting CoPilot receiving patches this month, but this one stands out above the others. If you’re using Agentic AI, pay attention here, or you could find yourself dealing with something more than just AI hallucinations.

Here’s the full list of CVEs released by Microsoft for November 2025:

CVE Title Severity CVSS Public Exploited Type CVE-2025-62215 Windows Kernel Elevation of Privilege Vulnerability Important 7 No Yes EoP CVE-2025-60716 DirectX Graphics Kernel Elevation of Privilege Vulnerability Critical 7 No No EoP CVE-2025-62199 Microsoft Office Remote Code Execution Vulnerability Critical 7.8 No No RCE CVE-2025-30398 † Nuance PowerScribe 360 Information Disclosure Vulnerability Critical 8.1 No No Info CVE-2025-62214 Visual Studio Remote Code Execution Vulnerability Critical 6.7 No No RCE CVE-2025-62222 Agentic AI and Visual Studio Code Remote Code Execution Vulnerability Important 8.8 No No RCE CVE-2025-59504 Azure Monitor Agent Remote Code Execution Vulnerability Important 7.3 No No RCE CVE-2025-47179 Configuration Manager Elevation of Privilege Vulnerability Important 6.7 No No EoP CVE-2025-59512 Customer Experience Improvement Program (CEIP) Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-60723 DirectX Graphics Kernel Denial of Service Vulnerability Important 6.3 No No DoS CVE-2025-59506 DirectX Graphics Kernel Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2025-62210 † Dynamics 365 Field Service (online) Spoofing Vulnerability Important 7.3 No No Spoofing CVE-2025-62211 † Dynamics 365 Field Service (online) Spoofing Vulnerability Important 8.7 No No Spoofing CVE-2025-60724 GDI+ Remote Code Execution Vulnerability Important 9.8 No No RCE CVE-2025-62453 GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability Important 5 No No SFB CVE-2025-60710 Host Process for Windows Tasks Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-62206 Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability Important 6.5 No No Info CVE-2025-59240 Microsoft Excel Information Disclosure Vulnerability Important 5.5 No No Info CVE-2025-60726 Microsoft Excel Information Disclosure Vulnerability Important 7.1 No No Info CVE-2025-60728 Microsoft Excel Information Disclosure Vulnerability Important 4.3 No No Info CVE-2025-62202 Microsoft Excel Information Disclosure Vulnerability Important 7.1 No No Info CVE-2025-60727 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2025-62200 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2025-62201 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2025-62203 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2025-62205 Microsoft Office Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2025-62216 Microsoft Office Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2025-60722 Microsoft OneDrive for Android Elevation of Privilege Vulnerability Important 6.5 No No EoP CVE-2025-62204 Microsoft SharePoint Remote Code Execution Vulnerability Important 8 No No RCE CVE-2025-59499 † Microsoft SQL Server Elevation of Privilege Vulnerability Important 8.8 No No EoP CVE-2025-59514 Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-62449 Microsoft Visual Studio Code CoPilot Chat Extension Security Feature Bypass Vulnerability Important 6.8 No No SFB CVE-2025-62218 Microsoft Wireless Provisioning System Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2025-62219 Microsoft Wireless Provisioning System Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2025-60707 Multimedia Class Scheduler Service (MMCSS) Driver Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-60708 Storvsp.sys Driver Denial of Service Vulnerability Important 6.5 No No DoS CVE-2025-60718 Windows Administrator Protection Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-60721 Windows Administrator Protection Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-60719 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2025-62213 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2025-62217 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2025-59513 Windows Bluetooth RFCOM Protocol Driver Information Disclosure Vulnerability Important 5.5 No No Info CVE-2025-59515 Windows Broadcast DVR User Service Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2025-60717 Windows Broadcast DVR User Service Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2025-60705 Windows Client-Side Caching Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-60709 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-60706 Windows Hyper-V Information Disclosure Vulnerability Important 5.5 No No Info CVE-2025-60704 Windows Kerberos Elevation of Privilege Vulnerability Important 7.5 No No EoP CVE-2025-62208 Windows License Manager Information Disclosure Vulnerability Important 5.5 No No Info CVE-2025-62209 Windows License Manager Information Disclosure Vulnerability Important 5.5 No No Info CVE-2025-60714 Windows OLE Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2025-60703 Windows Remote Desktop Services Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-59510 Windows Routing and Remote Access Service (RRAS) Denial of Service Vulnerability Important 5.5 No No DoS CVE-2025-60713 Windows Routing and Remote Access Service (RRAS) Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-60715 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Important 8 No No RCE CVE-2025-62452 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Important 8 No No RCE CVE-2025-59505 Windows Smart Card Reader Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-59508 Windows Speech Recognition Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2025-59509 Windows Speech Recognition Information Disclosure Vulnerability Important 5.5 No No Info CVE-2025-59507 Windows Speech Runtime Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2025-62220 † Windows Subsystem for Linux GUI Remote Code Execution Vulnerability Important 8.8 No No RCE CVE-2025-60720 Windows Transport Driver Interface (TDI) Translation Driver Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-59511 Windows WLAN Service Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-12725 * Chromium: CVE-2025-12725 Out of bounds write in WebGPU High N/A No No RCE CVE-2025-12726 * Chromium: CVE-2025-12726 Inappropriate implementation in Views. High N/A No No RCE CVE-2025-12727 * Chromium: CVE-2025-12727 Inappropriate implementation in V8 High N/A No No RCE CVE-2025-12728 * Chromium: CVE-2025-12728 Inappropriate implementation in Omnibox Medium N/A No No RCE CVE-2025-12729 * Chromium: CVE-2025-12729 Inappropriate implementation in Omnibox Medium N/A No No RCE

* Indicates this CVE had been released by a third party and is now being included in Microsoft releases.

† Indicates further administrative actions are required to fully address the vulnerability.

 

Looking at the remaining Critical patches, the update for Nuance PowerScribe 360 stands out not for impact, but for servicing. To update to a non-affected version, you will need to either contact your Customer Success Manager (CSM) or Technical Support for the latest version. So much for “just patch”. There’s an elevation of privilege (EoP) in DirectX that could lead to SYSTEM privileges, but there’s no indication why this one is Critical while an identical one is Important. The final Critical patch for November addresses a command injection in Visual Studio. The only interesting thing here is that exploitation would require prompt injection, CoPilot Agent interaction, and triggering a build. That’s far from trivial, but I would love to see what sort of CoPilot interaction is required.

Moving on to the remaining code execution bugs, there are a half-dozen open-and-own in various Office components. In these cases, the Preview Pane is not an attack vector. The bug in Azure Monitor Agent sounds more severe than its Important rating. An unauthenticated attacker could execute their code on affected systems without user interaction. While it doesn’t fall into the realm of wormable, it definitely lands in the world of yikes. The bug in GDI+ also garners a yikes from me as it gets the highest CVSS rating this month at 9.8. An attacker could get code execution over the network without user interaction. GDI+ bugs typically involve viewing an image, but this bug could impact web services that “are parsing documents that contain a specially crafted metafile, without the involvement of a victim user.” The SharePoint bug is another deserialization bug – similar to the one we saw exploited in-the-wild back in July. This requires authentication, but in previous attacks, this type of bug was paired with an auth bypass to exploit affected systems. The bug in the Windows Subsystem for Linux GUI requires user interaction, but patching means updating from the command line versus installing a patch. Finally, there are a couple of bugs in the RRAS protocol, which always seem to have something fixed each month.

Looking at the privilege escalation bugs receiving patches this month, most simply lead to SYSTEM-level code execution or administrative privileges if an authenticated user runs specially crafted code. Others could lead to elevating levels of code execution integrity – moving from Low to Medium integrity or Medium to Local System for code execution. The EoP in Configuration Manager allows attackers to get configuration manager administrator privileges. The bugs in Administration Protection could allow an attack to bypass these protections and execute code as an administrator. There’s an interesting bug in OneDrive for Android that allows attackers to “gain unauthorized access to system resources,” which could then be used for further compromise. Finally, the patch for SQL Server corrects a SQL injection bug. The attacker would get the privileges of the process running the query, so if the query has elevated privileges, so does the attacker.

There are only two Security Feature Bypass (SFB) patches in November, and both have CoPilot as a component. One is a simple path traversal in the Visual Studio Code CoPilot Chat Extension. An attacker could use this to bypass file protections. The other bug is due to the improper validation of generative AI output by CoPilot on Visual Studio. This could also be used to bypass file protections.

There are only a few information disclosure bugs getting patched this month, and fortunately, the majority of these bugs only result in info leaks consisting of unspecified memory contents or memory addresses. The bug in Dynamics 365 (On-Premises) leaks the ever-elusive “sensitive information”. I should also point out that the bugs in License Manager were silently patched last month and are now being documented. I won’t shout from this soapbox for too long, but these are definitely a bad thing™ and should not be done.

The November release contains fixes for three Denial-of-Service (DoS) bugs, and their descriptions are somewhat – obtuse. While they all state that an attacker could deny service over a network (or locally) to that component, two of them state they could be used by a low-privilege Hyper-V guest to cause a DoS on the Hyper-V environment. It’s not clear how this would occur, but it if you’re running Hyper-V, don’t overlook these patches.

Finally, there are two spoofing bugs in Dynamics 365 Field Service (online) that manifest as cross-site scripting (XSS) bugs. Of course, a simple patch won’t fix these. Instead, you’ll need to go to the Power Platform admin center and apply the updates from there.

No new advisories are being released this month. However, there was an update to the latest servicing stack updates ADV990001.

Looking Ahead

The final Patch Tuesday of 2025 will be on December 9, and I’ll be back then with my analysis and thoughts about the release. Until then, stay safe, happy patching, and may all your reboots be smooth and clean!