Common Vulnerabilities and Exposures (CVE)

CVE-2026-26164

May 18, 2026 17:11:28 UTC

Improper neutralization of special elements in output used by a downstream component ('injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.

CVE-2026-33111

May 18, 2026 17:11:27 UTC

Improper neutralization of special elements used in a command ('command injection') in Copilot Chat (Microsoft Edge) allows an unauthorized attacker to disclose information over a network.

CVE-2026-26129

May 18, 2026 17:11:26 UTC

Improper neutralization of special elements in M365 Copilot allows an unauthorized attacker to disclose information over a network.

CVE-2026-45495

May 18, 2026 17:11:26 UTC

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

CVE-2026-45494

May 18, 2026 17:11:25 UTC

Microsoft Edge (Chromium-based) Spoofing Vulnerability

CVE-2026-45492

May 18, 2026 17:11:24 UTC

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

CVE-2026-33821

May 18, 2026 17:11:24 UTC

Improper privilege management in Microsoft Dynamics 365 Customer Insights allows an authorized attacker to elevate privileges over a network.

CVE-2026-42893

May 18, 2026 17:11:23 UTC

Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to perform tampering over a network.

Improper neutralization of special elements in output used by a downstream component ('injection') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to elevate privileges over a network.

CVE-2026-40416

May 18, 2026 17:11:22 UTC

User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-42833

May 18, 2026 17:11:21 UTC

Execution with unnecessary privileges in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.

CVE-2026-42832

May 18, 2026 17:11:20 UTC

Improper access control in Microsoft Office allows an unauthorized attacker to perform spoofing locally.

CVE-2026-42830

May 18, 2026 17:11:19 UTC

Untrusted search path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.

CVE-2026-42823

May 18, 2026 17:11:19 UTC

Improper access control in Azure Logic Apps allows an authorized attacker to elevate privileges over a network.

CVE-2026-41613

May 18, 2026 17:11:18 UTC

Session fixation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.

Page: 2