Microsoft

Microsoft has a medium-severity information disclosure vulnerability (CVSS 4.3) that can be exploited remotely by an unauthenticated attacker through a network connection, requiring only user interaction such as clicking a link. The vulnerability results in limited confidentiality impact with no ability to modify or disable systems. Security teams should monitor for patches in the June 2026 timeframe and watch for any exploit activity targeting users who may click malicious links, though the limited severity suggests this is not an immediate critical threat.