Microsoft May 2026 Patch Tuesday Addresses 137 Vulnerabilities
Microsoft has released its May 2026 security updates, addressing 137 vulnerabilities, including 30 rated as critical.
Microsoft has released its May 2026 security updates, addressing 137 vulnerabilities across its product ecosystem. While none of these vulnerabilities are currently known to be exploited in the wild, the release is significant due to the high volume of critical-rated flaws, with 30 vulnerabilities classified as critical and 14 earning a CVSS severity rating of 9.0 or higher [Rapid7][The Register].
The vulnerabilities affect a wide range of Windows components. Security teams are urged to prioritize remediation of [CVE-2026-41089], a critical stack-based buffer overflow in Windows Netlogon. With a CVSS v3 base score of 9.8, successful exploitation allows an attacker to achieve remote code execution (RCE) with SYSTEM privileges on the domain controller [Rapid7].
In addition to the Patch Tuesday release, Microsoft has addressed 133 browser-related vulnerabilities so far this month, which are not included in the primary Patch Tuesday count [Rapid7]. Security professionals should prepare for continued large-scale patch releases, as Microsoft increasingly utilizes AI-driven tools to identify and address vulnerabilities [The Register].