CVE-2026-20958: Microsoft SharePoint Information Disclosure Vulnerability

CVE-2026-20957: Microsoft Excel Remote Code Execution Vulnerability

CVE-2026-21226: Azure Core shared client library for Python Remote Code Execution Vulnerability

CVE-2026-20941: Host Process for Windows Tasks Elevation of Privilege Vulnerability

CVE-2026-20935: Windows Virtualization-Based Security (VBS) Information Disclosure Vulnerability

Time-of-check time-of-use (toctou) race condition in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Headline

CVE-2026-20831: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Microsoft Security Response Center: Latest News