May 2026 Patch Tuesday comes with fixes for 120 Vulnerabilities, no zero-days reported!

May arrives with warmer days, summer plans, and another important Patch Tuesday release from Microsoft. This month’s release fixes 120 vulnerabilities across Windows, Office, and other Microsoft products, with no publicly disclosed zero-days reported. The update includes several critical Remote Code Execution (RCE) and Elevation of Privilege flaws that could allow attackers to gain unauthorized access or execute malicious code on affected systems. Organizations should prioritize applying these updates to reduce security risks and strengthen their defenses against evolving cyber threats. Register for our free Patch Tuesday webinar and get expert insights as we break down this month’s Patch Tuesday updates, key vulnerabilities, and what they mean for your environment.

May 2026 Security Updates Lineup

• Total CVEs fixed: 120
• Critical vulnerabilities: 16

Affected Products, Features, and Roles

Security updates have been released for several critical Microsoft products, including:

• Windows Kernel
• Microsoft Office
• Microsoft Office SharePoint
• SQL Server
• .NET and Visual Studio
• Microsoft Edge
• Azure-related services and components

To view the complete list of affected products, features, and roles, please refer to the MSRC Release Notes.

Vulnerability Breakdown

Patch Tuesday wouldn’t be complete without a breakdown of the vulnerability types. Here’s how this month’s vulnerabilities are distributed:

• Elevation of Privilege Vulnerabilities (58): Attackers could gain admin-level access from a normal user account and take greater control of the system.
• Remote Code Execution Vulnerabilities (29): Attackers could run harmful code on a system remotely, often without needing direct access to the device.
• Information Disclosure Vulnerabilities (9): Sensitive information like credentials or system data could be exposed to unauthorized users.
• Denial of Service Vulnerabilities (8): Attacks that halt services, causing significant disruption.
• Spoofing Vulnerabilities (7): Attackers may pretend to be a trusted user or service to mislead users or gain unauthorized access.
• Security Feature Bypass Vulnerabilities (6): These flaws may let attackers get around built-in security protections and avoid certain defenses.
• Tampering (3): Attackers could modify data, files, or configurations in an unauthorized way, potentially impacting system integrity.

Third-party Security Updates

Several vendors have issued critical security patches this month:

• Adobe released security patches for multiple Creative Cloud and Commerce products.
• AMD fixed a privilege escalation flaw affecting Zen 2-based processors.
• Apple issued security updates across macOS, iOS, iPadOS, watchOS, visionOS, and tvOS.
• Cisco patched multiple vulnerabilities, including a denial-of-service flaw.
• Fortinet addressed two critical flaws in FortiSandbox and FortiAuthenticator.
• Google released Android May updates fixing 10 vulnerabilities.
• Ivanti fixed an actively exploited remote code execution flaw in Endpoint Manager Mobile.
• Mozilla patched five security vulnerabilities in Firefox.
• Palo Alto Networks warned of an actively exploited PAN-OS zero-day vulnerability.
• SAP released fixes for multiple high-severity and critical vulnerabilities.
• vm2 patched a critical vulnerability in its Node.js sandboxing library.

May arrives with brighter days, but the threat landscape shows no signs of clearing. Organizations are encouraged to review this month's updates and apply the necessary patches promptly to maintain a secure and resilient environment. With Endpoint Central, Patch Manager Plus, and Vulnerability Manager Plus, you can streamline the entire patch management process: from testing patches to deploying them to mitigating vulnerabilities effectively. You can also tailor patch tasks according to your enterprise needs.

Register now for our free Patch Tuesday webinar to gain more insights about these Patch Tuesday Updates. Our experts will provide in-depth analysis of the updates, share best practices for managing patches across your network, and deliver key takeaways on the latest trending vulnerability news; keeping you informed, prepared, and ahead of potential threats. You can also ask our experts all your patch and vulnerability-related queries and get live answers in the webinar.