CVE-2026-40372 ASP.NET Core Elevation of Privilege Vulnerability
Published April 22, 2026
Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network.
Microsoft Security Response Center Blog Alerts
CVE-2026-26168 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Published April 22, 2026
Acknowledgement added. This is an informational change only.
CVE-2026-32288 Unbounded allocation for old GNU sparse in archive/tar
Published April 22, 2026
Information published.
CVE-2026-41254
Published April 22, 2026
Information published.
CVE-2026-32077 Windows UPnP Device Host Elevation of Privilege Vulnerability
Published April 22, 2026
Added Security Only packages to Windows Server 2012 security updates. This is an informational change only.
CVE-2026-21523 GitHub Copilot and Visual Studio Code Remote Code Execution Vulnerability
Published April 22, 2026
Added acknowledgements. This is an informational change only.
Chromium: CVE-2026-6362 Use after free in Codecs
Published April 19, 2026
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-6297 Use after free in Proxy
Published April 19, 2026
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-6296 Heap buffer overflow in ANGLE
Published April 19, 2026
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-6364 Out of bounds read in Skia
Published April 19, 2026
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
