CVE-2026-26018 CoreDNS Loop Detection Denial of Service Vulnerability

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26018

CVE-2026-26017 CoreDNS ACL Bypass

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26017

Chromium: CVE-2026-3909 Out of bounds write in Skia

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information. Google is aware that an exploit for CVE-2026-3909 exists in the wild.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-3909

CVE-2026-4105 Systemd: systemd: privilege escalation via improper access control in registermachine d-bus method

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-4105

CVE-2026-2673 OpenSSL TLS 1.3 server may choose unexpected key agreement group

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-2673

CVE-2026-4111 Libarchive: infinite loop denial of service in rar5 decompression via archive_read_data() in libarchive

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-4111

CVE-2026-23942 SFTP root escape via component-agnostic prefix check in ssh_sftpd

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23942

CVE-2026-32777

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32777

CVE-2026-32778

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32778

CVE-2026-32776

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32776

CVE-2026-32249 NFA regex engine NULL pointer dereference affects Vim < 9.2.0137

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32249

CVE-2025-69648

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-69648

CVE-2025-69647

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-69647

CVE-2026-23943 Pre-auth SSH DoS via unbounded zlib inflate

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23943

CVE-2026-23941 Request smuggling via first-wins Content-Length parsing in inets httpd

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23941

CVE-2026-32775

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32775

CVE-2026-23069 vsock/virtio: fix potential underflow in virtio_transport_get_credit()

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23069

CVE-2026-1703 Limited path traversal when installing wheel archives

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-1703

CVE-2026-23066 rxrpc: Fix recvmsg() unconditional requeue

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23066

CVE-2025-71239 audit: add fchmodat2() to change attributes class

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-71239

CVE-2026-23241 audit: add missing syscalls to read class

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23241