- 117/2026
- Critical
Microsoft has released security updates to address several vulnerabilities affecting multiple Microsoft products.
The addressed vulnerabilities could allow the attacker to obtain sensitive information, conduct spoofing attacks, execute arbitrary code, or gain elevated privileges on the affected systems.
Sample of the addressed vulnerabilities:
1. Microsoft Azure DevOps Information Disclosure Vulnerability (CVE-2026- 42826):
- CVSS: 10.0
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Obtain Information
2. Microsoft Azure Managed Instance for Apache Cassandra Remote Code Execution Vulnerability (CVE-2026-33109):
- CVSS: 9.9
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Remote Code Execution
Sample of the affected products:
- Azure DevOps.
- Microsoft Teams.
- Microsoft Enterprise Security Token Service (ESTS).
- Azure Managed Instance for Apache Cassandra.
- Copilot Chat (Microsoft Edge).
- Microsoft 365 Copilot’s Business Chat.
Vulnerabilities
- CVE-2026-42826
- CVE-2026-35428
- CVE-2026-35435
- CVE-2026-34327
- CVE-2026-33844
- CVE-2026-33823
- CVE-2026-32207
- CVE-2026-40379
- CVE-2026-33109
- CVE-2026-33111
- CVE-2026-41105
- CVE-2026-26129
- CVE-2026-26164
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.