Common Vulnerabilities and Exposures (CVE)

CVE-2026-21520

Jan 22, 2026 22:47:33 UTC

Exposure of Sensitive Information to an Unauthorized Actor in Copilot Studio allows a unauthenticated attacker to view sensitive information through network attack vector

CVE-2026-21223

Jan 22, 2026 22:47:32 UTC

Microsoft Edge Elevation Service exposes a privileged COM interface that inadequately validates the privileges of the calling process. A standard (non‑administrator) local user can invoke the IElevatorEdge interface method LaunchUpdateCmdEl...

CVE-2026-21226

Jan 22, 2026 22:47:32 UTC

Deserialization of untrusted data in Azure Core shared client library for Python allows an authorized attacker to execute code over a network.

CVE-2026-20941

Jan 22, 2026 22:47:31 UTC

Improper link resolution before file access ('link following') in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally.

CVE-2026-20958

Jan 22, 2026 22:47:30 UTC

Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to disclose information over a network.

CVE-2026-20957

Jan 22, 2026 22:47:30 UTC

Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-20952

Jan 22, 2026 22:47:29 UTC

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2026-20950

Jan 22, 2026 22:47:28 UTC

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-20949

Jan 22, 2026 22:47:28 UTC

Improper access control in Microsoft Office Excel allows an unauthorized attacker to bypass a security feature locally.

CVE-2026-20948

Jan 22, 2026 22:47:27 UTC

Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVE-2026-20939

Jan 22, 2026 22:47:26 UTC

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.

CVE-2026-20937

Jan 22, 2026 22:47:25 UTC

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.

CVE-2026-20936

Jan 22, 2026 22:47:25 UTC

Out-of-bounds read in Windows NDIS allows an authorized attacker to disclose information with a physical attack.

CVE-2026-20935

Jan 22, 2026 22:47:24 UTC

Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an unauthorized attacker to disclose information locally.

CVE-2026-20931

Jan 22, 2026 22:47:24 UTC

External control of file name or path in Windows Telephony Service allows an authorized attacker to elevate privileges over an adjacent network.