CVE-2026-23240 tls: Fix race condition in tls_sw_cancel_work_tx()
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23240
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23240
CVE-2026-23239 espintcp: Fix race condition in espintcp_close()
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23239
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23239
CVE-2026-3783 token leak with redirect and netrc
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-3783
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-3783
CVE-2026-23868
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23868
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23868
CVE-2026-25679 Incorrect parsing of IPv6 host literals in net/url
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25679
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25679
CVE-2025-61724 Excessive CPU consumption in Reader.ReadResponse in net/textproto
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61724
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61724
CVE-2025-58186 Lack of limit when parsing cookies can cause memory exhaustion in net/http
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58186
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58186
CVE-2025-61725 Excessive CPU consumption in ParseAddress in net/mail
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61725
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61725
CVE-2025-58183 Unbounded allocation when parsing GNU sparse map in archive/tar
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58183
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58183
CVE-2025-58188 Panic when validating certificates with DSA public keys in crypto/x509
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58188
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58188
CVE-2025-61727 Improper application of excluded DNS name constraints when verifying wildcard names in crypto/x509
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61727
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61727
CVE-2025-61729 Excessive resource consumption when printing error string for host certificate validation in crypto/x509
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61729
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61729
CVE-2026-26133 M365 Copilot Information Disclosure Vulnerability
Ai command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26133
Ai command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26133
CVE-2026-26030 GitHub: CVE-2026-26030 Microsoft Semantic Kernel InMemoryVectorStore filter functionality vulnerable
Acknowledgement added. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26030
Acknowledgement added. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26030
CVE-2026-20841 Windows Notepad App Remote Code Execution Vulnerability
To comprehensively address CVE-2026-20841, Microsoft has released February 2026 security updates for the Windows Notepad App. Microsoft recommends that customers install the update to be fully protected from the vulnerability.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
To comprehensively address CVE-2026-20841, Microsoft has released February 2026 security updates for the Windows Notepad App. Microsoft recommends that customers install the update to be fully protected from the vulnerability.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
CVE-2026-3805 use after free in SMB connection reuse
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-3805
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-3805
CVE-2026-3904
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-3904
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-3904
CVE-2026-21256 GitHub Copilot and Visual Studio Remote Code Execution Vulnerability
Changes made to the security updates links and information. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21256
Changes made to the security updates links and information. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21256
CVE-2026-21257 GitHub Copilot and Visual Studio Elevation of Privilege Vulnerability
Changes made to the security updates links and information. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21257
Changes made to the security updates links and information. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21257
CVE-2026-25172 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
The hotpatch has been re‑released to ensure comprehensive coverage across all affected scenarios. Customers are advised to apply the updated release to ensure full protection.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25172
The hotpatch has been re‑released to ensure comprehensive coverage across all affected scenarios. Customers are advised to apply the updated release to ensure full protection.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25172
CVE-2026-25173 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
The hotpatch has been re‑released to ensure comprehensive coverage across all affected scenarios. Customers are advised to apply the updated release to ensure full protection.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25173
The hotpatch has been re‑released to ensure comprehensive coverage across all affected scenarios. Customers are advised to apply the updated release to ensure full protection.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25173