Common Vulnerabilities and Exposures (CVE)
CVE-2026-21529
Improper neutralization of input during web page generation ('cross-site scripting') in Azure HDInsights allows an authorized attacker to perform spoofing over a network.
CVE-2026-21537
Improper control of generation of code ('code injection') in Microsoft Defender for Linux allows an unauthorized attacker to execute code over an adjacent network.
CVE-2026-21510
Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21531
Deserialization of untrusted data in Azure SDK allows an unauthorized attacker to execute code over a network.
CVE-2026-21528
Binding to an unrestricted ip address in Azure IoT SDK allows an unauthorized attacker to disclose information over a network.
CVE-2026-21527
User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-21522
Improper neutralization of special elements used in a command ('command injection') in Azure Compute Gallery allows an authorized attacker to elevate privileges locally.
CVE-2026-0391
User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-21513
Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21533
Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.
CVE-2026-21229
Improper input validation in Power BI allows an authorized attacker to execute code over a network.
CVE-2026-21523
Time-of-check time-of-use (toctou) race condition in GitHub Copilot and Visual Studio allows an authorized attacker to execute code over a network.