CVE-2025-58160 Tracing logging user input may result in poisoning logs with ANSI escape sequences

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58160

CVE-2026-27171 zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27171

CVE-2026-27141 Sending certain HTTP/2 frames can cause a server to panic in golang.org/x/net

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27141

CVE-2026-27138 Panic in name constraint checking for malformed certificates in crypto/x509

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27138

CVE-2026-27137 Incorrect enforcement of email constraints in crypto/x509

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27137

CVE-2026-3494 MariaDB Server Audit Plugin Comment Handling Bypass

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-3494

CVE-2026-3381 Compress::Raw::Zlib versions through 2.219 for Perl use potentially insecure versions of zlib

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-3381

CVE-2026-31802 node-tar Symlink Path Traversal via Drive-Relative Linkpath

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-31802

CVE-2026-26018 CoreDNS Loop Detection Denial of Service Vulnerability

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26018

CVE-2026-26017 CoreDNS ACL Bypass

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26017

Chromium: CVE-2026-3909 Out of bounds write in Skia

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information. Google is aware that an exploit for CVE-2026-3909 exists in the wild.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-3909

CVE-2026-4105 Systemd: systemd: privilege escalation via improper access control in registermachine d-bus method

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-4105

CVE-2026-2673 OpenSSL TLS 1.3 server may choose unexpected key agreement group

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-2673

CVE-2026-4111 Libarchive: infinite loop denial of service in rar5 decompression via archive_read_data() in libarchive

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-4111

CVE-2026-23942 SFTP root escape via component-agnostic prefix check in ssh_sftpd

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23942

CVE-2026-32777

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32777

CVE-2026-32778

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32778

CVE-2026-32776

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32776

CVE-2026-32249 NFA regex engine NULL pointer dereference affects Vim < 9.2.0137

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32249

CVE-2025-69648

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-69648

CVE-2025-69647

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-69647