Patch Tuesday Archive
Patch Tuesday February 2026
Total CVEs
61
Critical
7
Important
51
Exploited
6
Publicly Disclosed
3
All CVEs this month 61
| CVE | Title | Severity | CVSS | Product | Exploited | Disclosed |
|---|---|---|---|---|---|---|
| CVE-2026-21522 | Microsoft ACI Confidential Containers Elevation of Privilege Vulnerability | Critical | 6.7 |
Azure Compute Gallery | - | - |
| CVE-2026-21532 | Azure Function Information Disclosure Vulnerability | Critical | 8.2 |
Azure Function | - | - |
| CVE-2026-21535 | Microsoft Teams Information Disclosure Vulnerability | Critical | 8.2 |
Microsoft Teams | - | - |
| CVE-2026-23655 | Microsoft ACI Confidential Containers Information Disclosure Vulnerability | Critical | 6.5 |
Azure Compute Gallery | - | - |
| CVE-2026-24300 | Azure Front Door Elevation of Privilege Vulnerability | Critical | 9.8 |
Azure Front Door (AFD) | - | - |
| CVE-2026-24302 | Azure Arc Elevation of Privilege Vulnerability | Critical | 8.6 |
Azure Arc | - | - |
| CVE-2026-26119 | Windows Admin Center Elevation of Privilege Vulnerability | Critical | 8.8 |
Windows Admin Center | - | - |
| CVE-2026-20841 | Windows Notepad App Remote Code Execution Vulnerability | Important | 7.8 |
Windows Notepad App | - | - |
| CVE-2026-20846 | GDI+ Denial of Service Vulnerability | Important | 7.5 |
Windows GDI+ | - | - |
| CVE-2026-21218 | .NET Spoofing Vulnerability | Important | 7.5 |
.NET | - | - |
| CVE-2026-21222 | Windows Kernel Information Disclosure Vulnerability | Important | 5.5 |
Windows Kernel | - | - |
| CVE-2026-21228 | Azure Local Remote Code Execution Vulnerability | Important | 8.1 |
Azure Local | - | - |
| CVE-2026-21229 | Power BI Remote Code Execution Vulnerability | Important | 8 |
Power BI | - | - |
| CVE-2026-21231 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7.8 |
Windows Kernel | - | - |
| CVE-2026-21232 | Windows HTTP.sys Elevation of Privilege Vulnerability | Important | 7.8 |
Windows HTTP.sys | - | - |
| CVE-2026-21234 | Windows Connected Devices Platform Service Elevation of Privilege Vulnerability | Important | 7 |
Windows Connected Devices Platform Service | - | - |
| CVE-2026-21235 | Windows Graphics Component Elevation of Privilege Vulnerability | Important | 7.3 |
Microsoft Graphics Component | - | - |
| CVE-2026-21236 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Important | 7.8 |
Windows Ancillary Function Driver for WinSock | - | - |
| CVE-2026-21237 | Windows Subsystem for Linux Elevation of Privilege Vulnerability | Important | 7 |
Windows Subsystem for Linux | - | - |
| CVE-2026-21238 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Important | 7.8 |
Windows Ancillary Function Driver for WinSock | - | - |
| CVE-2026-21239 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7.8 |
Windows Kernel | - | - |
| CVE-2026-21240 | Windows HTTP.sys Elevation of Privilege Vulnerability | Important | 7.8 |
Windows HTTP.sys | - | - |
| CVE-2026-21241 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Important | 7 |
Windows Ancillary Function Driver for WinSock | - | - |
| CVE-2026-21242 | Windows Subsystem for Linux Elevation of Privilege Vulnerability | Important | 7 |
Windows Subsystem for Linux | - | - |
| CVE-2026-21243 | Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability | Important | 7.5 |
Windows LDAP - Lightweight Directory Access Protocol | - | - |
| CVE-2026-21244 | Windows Hyper-V Remote Code Execution Vulnerability | Important | 7.3 |
Role: Windows Hyper-V | - | - |
| CVE-2026-21245 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7.8 |
Windows Kernel | - | - |
| CVE-2026-21246 | Windows Graphics Component Elevation of Privilege Vulnerability | Important | 7.8 |
Microsoft Graphics Component | - | - |
| CVE-2026-21247 | Windows Hyper-V Remote Code Execution Vulnerability | Important | 7.3 |
Role: Windows Hyper-V | - | - |
| CVE-2026-21248 | Windows Hyper-V Remote Code Execution Vulnerability | Important | 7.3 |
Role: Windows Hyper-V | - | - |
| CVE-2026-21249 | Windows NTLM Spoofing Vulnerability | Important | 3.3 |
Windows NTLM | - | - |
| CVE-2026-21250 | Windows HTTP.sys Elevation of Privilege Vulnerability | Important | 7.8 |
Windows HTTP.sys | - | - |
| CVE-2026-21251 | Cluster Client Failover (CCF) Elevation of Privilege Vulnerability | Important | 7.8 |
Windows Cluster Client Failover | - | - |
| CVE-2026-21253 | Mailslot File System Elevation of Privilege Vulnerability | Important | 7 |
Mailslot File System | - | - |
| CVE-2026-21255 | Windows Hyper-V Security Feature Bypass Vulnerability | Important | 8.8 |
Role: Windows Hyper-V | - | - |
| CVE-2026-21256 | GitHub Copilot and Visual Studio Remote Code Execution Vulnerability | Important | 8.8 |
GitHub Copilot and Visual Studio | - | - |
| CVE-2026-21257 | GitHub Copilot and Visual Studio Elevation of Privilege Vulnerability | Important | 8 |
GitHub Copilot and Visual Studio | - | - |
| CVE-2026-21258 | Microsoft Excel Information Disclosure Vulnerability | Important | 5.5 |
Microsoft Office Excel | - | - |
| CVE-2026-21259 | Microsoft Excel Elevation of Privilege Vulnerability | Important | 7.8 |
Microsoft Office Excel | - | - |
| CVE-2026-21260 | Microsoft Outlook Spoofing Vulnerability | Important | 7.5 |
Microsoft Office Outlook | - | - |
| CVE-2026-21261 | Microsoft Excel Information Disclosure Vulnerability | Important | 5.5 |
Microsoft Office Excel | - | - |
| CVE-2026-21508 | Windows Storage Elevation of Privilege Vulnerability | Important | 7 |
Windows Storage | - | - |
| CVE-2026-21510 | Windows Shell Security Feature Bypass Vulnerability | Important | 8.8 |
Windows Shell | Yes | Yes |
| CVE-2026-21511 | Microsoft Outlook Spoofing Vulnerability | Important | 7.5 |
Microsoft Office Outlook | - | - |
| CVE-2026-21512 | Azure DevOps Server Cross-Site Scripting Vulnerability | Important | 6.5 |
Azure DevOps Server | - | - |
| CVE-2026-21513 | MSHTML Framework Security Feature Bypass Vulnerability | Important | 8.8 |
MSHTML Framework | Yes | Yes |
| CVE-2026-21514 | Microsoft Word Security Feature Bypass Vulnerability | Important | 7.8 |
Microsoft Office Word | Yes | Yes |
| CVE-2026-21516 | GitHub Copilot for Jetbrains Remote Code Execution Vulnerability | Important | 8.8 |
Github Copilot | - | - |
| CVE-2026-21517 | Windows App for Mac Installer Elevation of Privilege Vulnerability | Important | 4.7 |
Windows App for Mac | - | - |
| CVE-2026-21518 | GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability | Important | 8.8 |
GitHub Copilot and Visual Studio Code | - | - |
| CVE-2026-21519 | Desktop Window Manager Elevation of Privilege Vulnerability | Important | 7.8 |
Desktop Window Manager | Yes | - |
| CVE-2026-21523 | GitHub Copilot and Visual Studio Code Remote Code Execution Vulnerability | Important | 8 |
GitHub Copilot and Visual Studio | - | - |
| CVE-2026-21527 | Microsoft Exchange Server Spoofing Vulnerability | Important | 6.5 |
Microsoft Exchange Server | - | - |
| CVE-2026-21528 | Azure IoT Explorer Information Disclosure Vulnerability | Important | 6.5 |
Azure IoT Explorer | - | - |
| CVE-2026-21529 | Azure HDInsight Spoofing Vulnerability | Important | 5.7 |
Azure HDInsights | - | - |
| CVE-2026-21531 | Azure SDK for Python Remote Code Execution Vulnerability | Important | 9.8 |
Azure SDK | - | - |
| CVE-2026-21533 | Windows Remote Desktop Services Elevation of Privilege Vulnerability | Important | 7.8 |
Windows Remote Desktop | Yes | - |
| CVE-2026-21537 | Microsoft Defender for Endpoint Linux Extension Remote Code Execution Vulnerability | Important | 8.8 |
Microsoft Defender for Linux | - | - |
| CVE-2026-0391 | Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability | Moderate | 6.5 |
Microsoft Edge for Android | - | - |
| CVE-2026-21525 | Windows Remote Access Connection Manager Denial of Service Vulnerability | Moderate | 6.2 |
Windows Remote Access Connection Manager | Yes | - |
| CVE-2026-0102 | Microsoft Edge (Chromium-based) Defense in Depth Vulnerability | Low | 3.1 |
Microsoft Edge (Chromium-based) | - | - |
Threat Categories 7
| Threat Category | CVEs | Critical |
|---|---|---|
| Elevation of Privilege | 26 | 4 |
| Remote Code Execution | 11 | - |
| Spoofing | 8 | - |
| Information Disclosure | 7 | 3 |
| Security Feature Bypass | 5 | - |
| Denial of Service | 3 | - |
| Defense in Depth | 1 | - |
Affected Products 43
| Product | CVEs | Exploited |
|---|---|---|
| Windows Kernel | 4 | - |
| Role: Windows Hyper-V | 4 | - |
| Windows HTTP.sys | 3 | - |
| Windows Ancillary Function Driver for WinSock | 3 | - |
| GitHub Copilot and Visual Studio | 3 | - |
| Microsoft Office Excel | 3 | - |
| Azure Compute Gallery | 2 | - |
| Microsoft Graphics Component | 2 | - |
| Windows Subsystem for Linux | 2 | - |
| Microsoft Office Outlook | 2 | - |
| Azure Function | 1 | - |
| Microsoft Teams | 1 | - |
| Azure Front Door (AFD) | 1 | - |
| Azure Arc | 1 | - |
| Windows Admin Center | 1 | - |
| Windows Notepad App | 1 | - |
| Windows GDI+ | 1 | - |
| .NET | 1 | - |
| Azure Local | 1 | - |
| Power BI | 1 | - |
| Windows Connected Devices Platform Service | 1 | - |
| Windows LDAP - Lightweight Directory Access Protocol | 1 | - |
| Windows NTLM | 1 | - |
| Windows Cluster Client Failover | 1 | - |
| Mailslot File System | 1 | - |
| Windows Storage | 1 | - |
| Windows Shell | 1 | 1 |
| Azure DevOps Server | 1 | - |
| MSHTML Framework | 1 | 1 |
| Microsoft Office Word | 1 | 1 |
| Github Copilot | 1 | - |
| Windows App for Mac | 1 | - |
| GitHub Copilot and Visual Studio Code | 1 | - |
| Desktop Window Manager | 1 | 1 |
| Microsoft Exchange Server | 1 | - |
| Azure IoT Explorer | 1 | - |
| Azure HDInsights | 1 | - |
| Azure SDK | 1 | - |
| Windows Remote Desktop | 1 | 1 |
| Microsoft Defender for Linux | 1 | - |
| Microsoft Edge for Android | 1 | - |
| Windows Remote Access Connection Manager | 1 | 1 |
| Microsoft Edge (Chromium-based) | 1 | - |