Microsoft security advisories
60 threat alerts tracking vulnerabilities and security advisories that affect Microsoft products.
Vulnios monitors Microsoft CVE feeds, vendor advisories, CISA KEV listings, and exploit-prediction data continuously. Each alert below is enriched with severity, exploitation status, affected products, and a remediation path. Use this page to scan recent Microsoft security news in one place, or click into an individual alert for full detail.
GigaWiper: Anatomy of a destructive backdoor assembled from multiple malware
GigaWiper is a destructive backdoor that combines multiple wiping and ransomware-like capabilities into a single operational platform. This blog analyzes how the malware incorporates code from several
criticalUSN-8507-1: Linux kernel (NVIDIA) vulnerabilities
It was discovered that some AMD processors did not properly clear data in the floating point divider unit during speculative execution. A local attacker could use this to expose sensitive information.
criticalCVE-2025-54505Chromium: CVE-2026-14144 Incorrect security UI in Views
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) f
criticalCVE-2026-14144Chromium: CVE-2026-13930 Insufficient policy enforcement in Actor
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) f
criticalCVE-2026-13930Chromium: CVE-2026-13891 Insufficient validation of untrusted input in Extensions
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) f
criticalCVE-2026-13891Chromium: CVE-2026-14149 Use after free in Audio
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) f
criticalCVE-2026-14149Chromium: CVE-2026-13984 Incorrect security UI in TabStrip
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) f
criticalCVE-2026-13984Chromium: CVE-2026-14098 Inappropriate implementation in CSS
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) f
criticalCVE-2026-14098Chromium: CVE-2026-14076 Policy bypass in Network
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) f
criticalCVE-2026-14076Chromium: CVE-2026-14023 Insufficient validation of untrusted input in SanitizerAPI
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) f
criticalCVE-2026-14023Chromium: CVE-2026-14006 Use after free in Navigation
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) f
criticalCVE-2026-14006Chromium: CVE-2026-13837 Inappropriate implementation in CSS
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) f
criticalCVE-2026-13837Chromium: CVE-2026-14150 Insufficient validation of untrusted input in Speech
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) f
criticalCVE-2026-14150CVE-2026-56646 Microsoft Edge (Chromium-based) Spoofing Vulnerability
Exposure of sensitive information to an unauthorized actor in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
criticalCVE-2026-56646Chromium: CVE-2026-13821 Use after free in Canvas
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) f
criticalCVE-2026-13821Chromium: CVE-2026-14000 Inappropriate implementation in XML
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) f
criticalCVE-2026-14000Chromium: CVE-2026-14083 Insufficient validation of untrusted input in HTML
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) f
criticalCVE-2026-14083Chromium: CVE-2026-13848 Use after free in Forms
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) f
criticalCVE-2026-13848Chromium: CVE-2026-14121 Use after free in Chromoting
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) f
criticalCVE-2026-14121Chromium: CVE-2026-13920 Insufficient validation of untrusted input in Media
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) f
criticalCVE-2026-13920Chromium: CVE-2026-13925 Inappropriate implementation in Downloads
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) f
criticalCVE-2026-13925Chromium: CVE-2026-14071 Side-channel information leakage in WebAudio
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) f
criticalCVE-2026-14071CVE-2026-58286 Microsoft Edge (Chromium-based) Spoofing Vulnerability
Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
criticalCVE-2026-58286Chromium: CVE-2026-14132 Inappropriate implementation in WebXR
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) f
criticalCVE-2026-14132Chromium: CVE-2026-13988 Inappropriate implementation in Paint
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) f
criticalCVE-2026-13988Chromium: CVE-2026-14030 Incorrect security UI in SplitView
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) f
criticalCVE-2026-14030CVE-2026-58297 Microsoft Edge for Android Information Disclosure Vulnerability
Exposure of private personal information to an unauthorized actor in Microsoft Edge for Android allows an unauthorized attacker to disclose information over a network.
criticalCVE-2026-58297Chromium: CVE-2026-14064 Use after free in PageInfo
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) f
criticalCVE-2026-14064Chromium: CVE-2026-14046 Inappropriate implementation in CustomTabs
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) f
criticalCVE-2026-14046Chromium: CVE-2026-14001 Inappropriate implementation in Network
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) f
criticalCVE-2026-14001Chromium: CVE-2026-13962 Insufficient data validation in PDF
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) f
criticalCVE-2026-13962Chromium: CVE-2026-14135 Insufficient validation of untrusted input in Network
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) f
criticalCVE-2026-14135CVE-2026-57992 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
criticalCVE-2026-57992Chromium: CVE-2026-14118 Insufficient data validation in DevTools
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) f
criticalCVE-2026-14118CVE-2026-57981 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
criticalCVE-2026-57981CVE-2026-26145 Microsoft Azure Synapse Elevation of Privilege Vulnerability
Improper access control in Azure Synapse allows an authorized attacker to elevate privileges over a network.
criticalCVE-2026-26145Chromium: CVE-2026-13956 Incorrect security UI in PageInfo
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) f
criticalCVE-2026-13956Chromium: CVE-2026-14024 Use after free in Ozone
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) f
criticalCVE-2026-14024CVE-2026-57988 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Relative path traversal in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
criticalCVE-2026-57988Chromium: CVE-2026-14078 Policy bypass in WebRTC
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) f
criticalCVE-2026-14078Chromium: CVE-2026-14033 Insufficient policy enforcement in Media
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) f
criticalCVE-2026-14033Chromium: CVE-2026-13832 Use after free in Headless
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) f
criticalCVE-2026-13832Chromium: CVE-2026-13931 Inappropriate implementation in Media
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) f
criticalCVE-2026-13931Chromium: CVE-2026-13954 Insufficient policy enforcement in XML
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) f
criticalCVE-2026-13954Chromium: CVE-2026-14054 Insufficient policy enforcement in Network
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) f
criticalCVE-2026-14054Chromium: CVE-2026-13817 Insufficient validation of untrusted input in Glic
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) f
criticalCVE-2026-13817Chromium: CVE-2026-13963 Inappropriate implementation in DevTools
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) f
criticalCVE-2026-13963Chromium: CVE-2026-13838 Inappropriate implementation in CSS
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) f
criticalCVE-2026-13838CVE-2026-57975 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
criticalCVE-2026-57975Chromium: CVE-2026-13800 Inappropriate implementation in Updater
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) f
criticalCVE-2026-13800Chromium: CVE-2026-13796 Integer overflow in Chromecast
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) f
criticalCVE-2026-13796Chromium: CVE-2026-13966 Inappropriate implementation in History
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) f
criticalCVE-2026-13966Chromium: CVE-2026-13811 Use after free in IME
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) f
criticalCVE-2026-13811CVE-2026-58299 Microsoft Edge for Android Remote Code Execution Vulnerability
Time-of-check time-of-use (toctou) race condition in Microsoft Edge for Android allows an unauthorized attacker to execute code over a network.
criticalCVE-2026-58299Chromium: CVE-2026-14113 Use after free in Updater
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) f
criticalCVE-2026-14113Chromium: CVE-2026-13869 Use after free in Device
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) f
criticalCVE-2026-13869Chromium: CVE-2026-14013 Inappropriate implementation in SVG
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) f
criticalCVE-2026-14013Chromium: CVE-2026-13882 Inappropriate implementation in USB
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) f
criticalCVE-2026-13882Chromium: CVE-2026-13960 Inappropriate implementation in Passwords
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) f
criticalCVE-2026-13960Chromium: CVE-2026-14018 Use after free in Updater
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) f
criticalCVE-2026-14018
Showing the 60 most recent. Older alerts are archived but still reachable via search and the main feed.
Track Microsoft exposure across your environment
Vulnios automatically cross-references your asset inventory against new Microsoft CVEs and surfaces only what affects you. No more sifting manually — actionable findings only.
Start a free scan