Common Vulnerabilities and Exposures (CVE)

CVE-2026-41105

May 15, 2026 17:13:43 UTC

Server-side request forgery (ssrf) in Azure Notification Service allows an authorized attacker to elevate privileges over a network.

CVE-2026-42826

May 15, 2026 17:13:42 UTC

Exposure of sensitive information to an unauthorized actor in Azure DevOps allows an unauthorized attacker to disclose information over a network.

CVE-2026-35435

May 15, 2026 17:13:41 UTC

Improper access control in Azure AI Foundry M365 published agents allows an unauthorized attacker to elevate privileges over a network.

CVE-2026-35428

May 15, 2026 17:13:41 UTC

Improper neutralization of special elements used in a command ('command injection') in Azure Cloud Shell allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-34327

May 15, 2026 17:13:40 UTC

Externally controlled reference to a resource in another sphere in Microsoft Partner Center allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-33844

May 15, 2026 17:13:39 UTC

Improper input validation in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network.

CVE-2026-33823

May 15, 2026 17:13:39 UTC

Improper authorization in Microsoft Teams allows an authorized attacker to disclose information over a network.

CVE-2026-26164

May 15, 2026 17:13:38 UTC

Improper neutralization of special elements in output used by a downstream component ('injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.

CVE-2026-33111

May 15, 2026 17:13:37 UTC

Improper neutralization of special elements used in a command ('command injection') in Copilot Chat (Microsoft Edge) allows an unauthorized attacker to disclose information over a network.

CVE-2026-26129

May 15, 2026 17:13:36 UTC

Improper neutralization of special elements in M365 Copilot allows an unauthorized attacker to disclose information over a network.

CVE-2026-33821

May 15, 2026 17:13:35 UTC

Improper privilege management in Microsoft Dynamics 365 Customer Insights allows an authorized attacker to elevate privileges over a network.

CVE-2026-42893

May 15, 2026 17:13:34 UTC

Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to perform tampering over a network.

Improper neutralization of special elements in output used by a downstream component ('injection') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to elevate privileges over a network.

CVE-2026-40416

May 15, 2026 17:13:33 UTC

User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-42833

May 15, 2026 17:13:33 UTC

Execution with unnecessary privileges in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.

Page: 2