Skip to main content

Microsoft

Vendor security scorecard – 787 CVEs in the selected period

Period: 30d 90d 6m 1y All
Risk 2846
787
CVEs
56
Critical
497
High
1
KEV
31
PoC
27
Unpatched C/H
95.4%
Patch Rate
0.4%
Avg EPSS

Severity Breakdown

CRITICAL
56
HIGH
497
MEDIUM
212
LOW
17

Monthly CVE Trend

Top Risky CVEs

CVE Summary Severity CVSS EPSS Priority Signals
CVE-2026-56164 Privilege elevation in Microsoft SharePoint Server (Enterprise Server 2016, Server 2019, and Subscription Edition) lets an unauthenticated network attacker reach a security-critical function that lacks any authentication check (CWE-306), gaining elevated privileges on the target farm. The flaw is confirmed actively exploited (CISA KEV) with publicly available exploit code, and its CVSS 3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N) reflects fully remote, unauthenticated exploitation with high confidentiality, integrity, and availability impact. Microsoft has released a patch via MSRC. CRITICAL 9.8 7.0% 127
KEV PoC
CVE-2026-58644 Remote code execution in Microsoft SharePoint (Enterprise Server 2016, Server 2019, and Server Subscription Edition) allows an unauthenticated network attacker to run arbitrary code on the server by submitting maliciously crafted serialized data (CWE-502). The CVSS 3.1 base score is 9.8 with a fully remote, no-interaction, no-privilege vector (AV:N/AC:L/PR:N/UI:N), placing it among the most severe SharePoint flaws. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but insecure-deserialization RCE in SharePoint has historically been a high-value target for rapid weaponization. CRITICAL 9.8 1.3% 85
PoC
CVE-2026-50522 Remote code execution in Microsoft SharePoint Server (2016, 2019, and Subscription Edition) lets an unauthenticated attacker run arbitrary code by sending a crafted serialized payload over the network. The flaw is an untrusted-data deserialization (CWE-502) rated CVSS 9.8 with PR:N/UI:N, meaning no credentials or user interaction are required. No public exploit identified at time of analysis, but the pre-auth network vector and SharePoint's long history as an attacker target make this a high-priority patch. CRITICAL 9.8 19.7% 74
CVE-2026-49798 Local privilege escalation in the Microsoft Windows Kernel allows an unauthorized attacker to gain elevated (SYSTEM-level) privileges by triggering a use-after-free condition (CWE-416) in kernel memory. The flaw affects a broad range of supported Windows client and server releases, from Windows 10 1607 and Windows Server 2012 through Windows 11 26H1 and Windows Server 2025. Microsoft has released a patch; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV. CRITICAL 9.3 2.2% 74
PoC
CVE-2026-49795 Local privilege escalation in the Windows Kernel lets an already-authenticated attacker corrupt kernel memory via a use-after-free (CWE-416) and gain full control of the host. The CVSS 3.1 vector (AV:L/PR:L, scope-changed with C:H/I:H/A:H) reflects a low-privileged local user escalating to SYSTEM-level compromise across a broad range of Windows 10, Windows 11, and Windows Server builds. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but Microsoft has released a patch. HIGH 8.8 1.8% 64
PoC
CVE-2026-50489 Local privilege escalation in the Windows Win32K kernel subsystem (CWE-122 heap-based buffer overflow) lets an already-authenticated low-privileged attacker corrupt kernel heap memory and gain SYSTEM-level control across a broad range of Windows client and server releases. The flaw carries a CVSS 3.1 base score of 8.8 with a changed scope (S:C), reflecting that a user-mode process can compromise the kernel security boundary. It was reported by Microsoft, a vendor patch is available, and there is no public exploit identified at time of analysis. HIGH 8.8 0.4% 64
PoC
CVE-2020-37254 Wondershare PDFelement 5.2.9 contains a privilege escalation vulnerability due to an unquoted service path in the WsAppService Windows service. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available. HIGH 8.5 0.1% 63
PoC No patch
CVE-2016-20091 Windows Firewall Control 4.8.6.0 contains an unquoted service path vulnerability that allows local attackers to escalate privileges by inserting malicious executables in the service path. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available. HIGH 8.5 0.1% 63
PoC No patch
CVE-2026-58583 Local privilege escalation in the FluxInk (formerly Sunia SPB Peripheral) Color Management Driver TcnPeripheral64.sys version 1.0.7.2 lets a standard user map arbitrary physical memory via the \Device\PhysicalMemory object and gain kernel-level control. The flaw affects Lenovo systems shipping this signed color-management driver and is fixed in version 1.0.7.6. Publicly available exploit code exists; there is no public exploit identified as actively exploited (not in CISA KEV), though the vulnerability was reported by CISA (cisa-cg). HIGH 8.4 0.1% 62
PoC
CVE-2026-54128 Local code execution in the Windows DHCP Client service stems from a use-after-free (CWE-416) memory-corruption flaw affecting a broad range of Windows 10, Windows 11, and Windows Server releases (Server 2012 through Server 2025). Per the CVSS vector an unauthenticated attacker with local access can achieve high-impact code execution with no user interaction. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; Microsoft has released a patch through the MSRC update guide. HIGH 8.4 0.3% 62
PoC
CVE-2026-54992 Local code execution in the Microsoft Message Queuing (MSMQ) Queue Manager affects a broad range of Windows client and server releases from Windows 10 1607 and Windows Server 2012 through Windows 11 26H1 and Windows Server 2025. A heap-based buffer overflow (CWE-122) lets an attacker who can reach the local MSMQ service run arbitrary code with high confidentiality, integrity, and availability impact; the CVSS 3.1 base score is 8.4 with a local attack vector but no privileges or user interaction required. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the vendor (Microsoft) has released a patch. HIGH 8.4 0.4% 62
PoC
CVE-2026-50518 Remote code execution in the Microsoft Windows DHCP Server role allows an unauthenticated network attacker to run arbitrary code by triggering a heap-based buffer overflow (CWE-122) in the service's packet handling. The flaw carries a critical CVSS 9.8 (AV:N/AC:L/PR:N/UI:N) and affects Windows Server 2012 through 2025 as well as the underlying Windows 10 1607/1809 code base. There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV, but the unauthenticated network RCE profile makes it a high-priority patch. CRITICAL 9.8 7.4% 61
CVE-2026-55040 Security feature bypass in Microsoft SharePoint (Enterprise Server 2016, Server 2019, and Server Subscription Edition) lets a network-based, unauthenticated attacker defeat a weak-authentication protection mechanism (CWE-1390) to gain high-impact access to confidentiality and integrity. Rated CVSS 9.1 with no attacker privileges or user interaction required, this is a serious pre-authentication issue in a widely deployed collaboration platform. Microsoft has published a fix, and there is no public exploit identified at time of analysis. CRITICAL 9.1 0.7% 61
CVE-2026-50655 Local code execution in the Windows Media component of supported Windows 10, Windows 11, and Windows Server (2016 through 2025) releases lets an unauthorized attacker run arbitrary code when a victim opens a maliciously crafted media file. The flaw is a heap-based buffer overflow (CWE-122) reported by Microsoft with a vendor patch available; there is no public exploit identified at time of analysis. CVSS is 7.8 (High), driven by full confidentiality, integrity, and availability impact but gated by local vector and required user interaction. HIGH 7.8 0.5% 59
PoC
CVE-2026-50423 Local privilege escalation in the Microsoft Windows Kernel allows an already-authenticated attacker to elevate to SYSTEM-level privileges across a wide range of Windows 10, Windows 11, and Windows Server builds. The flaw stems from improper access control (CWE-284) in kernel-mode code and requires local low-privileged access with no user interaction. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the trivial attack complexity and SYSTEM-level impact make it a standard patch-Tuesday priority. HIGH 7.8 2.5% 59
PoC

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy