CVE-2025-58186 Lack of limit when parsing cookies can cause memory exhaustion in net/http
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58186
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58186
CVE-2025-61725 Excessive CPU consumption in ParseAddress in net/mail
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61725
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61725
CVE-2025-58183 Unbounded allocation when parsing GNU sparse map in archive/tar
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58183
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58183
CVE-2025-58188 Panic when validating certificates with DSA public keys in crypto/x509
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58188
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58188
CVE-2025-61727 Improper application of excluded DNS name constraints when verifying wildcard names in crypto/x509
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61727
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61727
CVE-2025-61729 Excessive resource consumption when printing error string for host certificate validation in crypto/x509
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61729
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61729
CVE-2026-26133 M365 Copilot Information Disclosure Vulnerability
Ai command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26133
Ai command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26133
CVE-2026-26030 GitHub: CVE-2026-26030 Microsoft Semantic Kernel InMemoryVectorStore filter functionality vulnerable
Acknowledgement added. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26030
Acknowledgement added. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26030
CVE-2026-20841 Windows Notepad App Remote Code Execution Vulnerability
To comprehensively address CVE-2026-20841, Microsoft has released February 2026 security updates for the Windows Notepad App. Microsoft recommends that customers install the update to be fully protected from the vulnerability.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
To comprehensively address CVE-2026-20841, Microsoft has released February 2026 security updates for the Windows Notepad App. Microsoft recommends that customers install the update to be fully protected from the vulnerability.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
CVE-2026-3805 use after free in SMB connection reuse
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-3805
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-3805
CVE-2026-3904
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-3904
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-3904
CVE-2026-21256 GitHub Copilot and Visual Studio Remote Code Execution Vulnerability
Changes made to the security updates links and information. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21256
Changes made to the security updates links and information. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21256
CVE-2026-21257 GitHub Copilot and Visual Studio Elevation of Privilege Vulnerability
Changes made to the security updates links and information. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21257
Changes made to the security updates links and information. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21257
CVE-2026-25172 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
The hotpatch has been re‑released to ensure comprehensive coverage across all affected scenarios. Customers are advised to apply the updated release to ensure full protection.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25172
The hotpatch has been re‑released to ensure comprehensive coverage across all affected scenarios. Customers are advised to apply the updated release to ensure full protection.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25172
CVE-2026-25173 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
The hotpatch has been re‑released to ensure comprehensive coverage across all affected scenarios. Customers are advised to apply the updated release to ensure full protection.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25173
The hotpatch has been re‑released to ensure comprehensive coverage across all affected scenarios. Customers are advised to apply the updated release to ensure full protection.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25173
CVE-2026-26111 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
The hotpatch has been re‑released to ensure comprehensive coverage across all affected scenarios. Customers are advised to apply the updated release to ensure full protection.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26111
The hotpatch has been re‑released to ensure comprehensive coverage across all affected scenarios. Customers are advised to apply the updated release to ensure full protection.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26111
Chromium: CVE-2026-3930 Unsafe navigation in Navigation
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-3930
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-3930
CVE-2026-0385 Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-0385
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-0385
Chromium: CVE-2026-3913 Heap buffer overflow in WebML
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-3913
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-3913
Chromium: CVE-2026-3914 Integer overflow in WebML
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-3914
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-3914
Chromium: CVE-2026-3916 Out of bounds read in Web Speech
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-3916
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-3916