Microsoft May 2026 Patch Tuesday Fixes 120 Flaws Including 17 Critical RCE Vulnerabilities

Microsoft released its May 2026 Patch Tuesday updates addressing 120 vulnerabilities, with no zero-day exploits disclosed this month.

Vulnerability Breakdown

The update includes 17 "Critical" severity flaws, consisting of 14 remote code execution vulnerabilities, 2 elevation of privilege issues, and 1 information disclosure flaw. The complete distribution across all severity categories includes:

61 Elevation of Privilege Vulnerabilities
31 Remote Code Execution Vulnerabilities
14 Information Disclosure Vulnerabilities
13 Spoofing Vulnerabilities
8 Denial of Service Vulnerabilities
6 Security Feature Bypass Vulnerabilities

Noteworthy Vulnerabilities

Microsoft Office applications received particular attention in this update. Numerous vulnerabilities in Microsoft Office, Word, and Excel that could lead to remote code execution were patched. These flaws can be exploited through malicious file attachments and preview pane interactions, prompting urgent update recommendations for users handling email attachments.

CVE-2026-35421 addresses a Windows GDI remote code execution flaw exploitable through malicious Enhanced Metafile files in Microsoft Paint.

CVE-2026-40365 covers a SharePoint Server vulnerability allowing authenticated attackers to execute remote code on servers.

CVE-2026-41096 involves a Windows DNS Client flaw where specially crafted DNS responses could enable remote code execution.

Additional Security Updates From Other Vendors

Beyond Microsoft's releases, other vendors deployed significant updates this cycle:

Adobe released patches for multiple products
AMD disclosed CPU cache vulnerability fixes
Apple updated macOS, iOS, and related platforms
Cisco released numerous security updates
Fortinet addressed critical FortiSandbox and FortiAuthenticator flaws
Google released Android security bulletin fixes
Ivanti patched exploited zero-day vulnerabilities
Mozilla updated Firefox
Palo Alto Networks warned of an actively exploited firewall authentication portal vulnerability

Recommendations

Organizations should prioritize applying patches for the Office and SharePoint vulnerabilities given their high exploitation likelihood, especially in environments where users routinely open email attachments.