Common Vulnerabilities and Exposures (CVE)

CVE-2026-42826

May 20, 2026 23:29:17 UTC

Exposure of sensitive information to an unauthorized actor in Azure DevOps allows an unauthorized attacker to disclose information over a network.

CVE-2026-35435

May 20, 2026 23:29:17 UTC

Improper access control in Azure AI Foundry M365 published agents allows an unauthorized attacker to elevate privileges over a network.

CVE-2026-35428

May 20, 2026 23:29:16 UTC

Improper neutralization of special elements used in a command ('command injection') in Azure Cloud Shell allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-34327

May 20, 2026 23:29:16 UTC

Externally controlled reference to a resource in another sphere in Microsoft Partner Center allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-33844

May 20, 2026 23:29:15 UTC

Improper input validation in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network.

CVE-2026-33823

May 20, 2026 23:29:14 UTC

Improper authorization in Microsoft Teams allows an authorized attacker to disclose information over a network.

CVE-2026-26164

May 20, 2026 23:29:14 UTC

Improper neutralization of special elements in output used by a downstream component ('injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.

CVE-2026-33111

May 20, 2026 23:29:13 UTC

Improper neutralization of special elements used in a command ('command injection') in Copilot Chat (Microsoft Edge) allows an unauthorized attacker to disclose information over a network.

CVE-2026-26129

May 20, 2026 23:29:13 UTC

Improper neutralization of special elements in M365 Copilot allows an unauthorized attacker to disclose information over a network.

CVE-2026-42822

May 20, 2026 23:29:11 UTC

Improper authentication in Azure Local Disconnected Operations allows an unauthorized attacker to elevate privileges over a network.

CVE-2026-45495

May 20, 2026 23:29:10 UTC

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

CVE-2026-45494

May 20, 2026 23:29:10 UTC

Microsoft Edge (Chromium-based) Spoofing Vulnerability

CVE-2026-45492

May 20, 2026 23:29:09 UTC

Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.

CVE-2026-33821

May 20, 2026 23:29:08 UTC

Improper privilege management in Microsoft Dynamics 365 Customer Insights allows an authorized attacker to elevate privileges over a network.

CVE-2026-42893

May 20, 2026 23:29:08 UTC

Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to perform tampering over a network.