The Microsoft May 2026 security updates have been released and consist of 132 new CVEs to Microsoft products and 128 non-Microsoft CVEs for Chromium.
Of the Microsoft CVEs released, 30 are rated Critical, 3 are rated Moderate and the rest are rated Low in severity. At the time of release, none are listed as publicly known or as being actively exploited.
The security updates apply to the following products, features and roles: Windows and Windows components, Office and Office Components, Microsoft Edge (Chromium-based), Azure, .NET and Visual Studio, Copilot Chat, Github Copilot, M365 Copilot, SQL Server, TCP/IP, and the Telnet Client.
Information regarding known issues with KBs included in the security updates can be found at the bottom of the page at May 2026 Security Updates - Release Notes - Security Update Guide - Microsoft (https://msrc.microsoft.com/update-guide/releaseNote/2026-May).
Recommended Reading: See Dustin Childs complete review and analysis in Zero Day Initiative -- The May 2026 Security Update Review (https://www.zerodayinitiative.com/blog/2026/5/12/the-may-2026-security-update-review).