Microsoft’s May 2026 Patch Tuesday Addresses 118 CVEs (CVE-2026-41103)

Title: Microsoft’s May 2026 Patch Tuesday Addresses 118 CVEs (CVE-2026-41103)

URL Source: https://www.tenable.com/blog/microsofts-may-2026-patch-tuesday-addresses-118-cves-cve-2026-41103

Published Time: 2026-05-12T13:42:34-0400

Markdown Content: # May 2026 Microsoft Patch Tuesday | Tenable®

* [Skip to Main Navigation](https://www.tenable.com/blog/microsofts-may-2026-patch-tuesday-addresses-118-cves-cve-2026-41103#site-nav) * * [Skip to Footer](https://www.tenable.com/blog/microsofts-may-2026-patch-tuesday-addresses-118-cves-cve-2026-41103#site-footer)

[Tenable](https://www.tenable.com/)[Platform](https://www.tenable.com/products/tenable-one)[Solutions](https://www.tenable.com/blog/microsofts-may-2026-patch-tuesday-addresses-118-cves-cve-2026-41103)[Why Tenable](https://www.tenable.com/blog/microsofts-may-2026-patch-tuesday-addresses-118-cves-cve-2026-41103)[Resources](https://www.tenable.com/blog/microsofts-may-2026-patch-tuesday-addresses-118-cves-cve-2026-41103)[Company](https://www.tenable.com/blog/microsofts-may-2026-patch-tuesday-addresses-118-cves-cve-2026-41103)[Pricing](https://www.tenable.com/products/tenable-one/pricing)

[contact_icon](https://www.tenable.com/about-tenable/contact-tenable)

[English](https://www.tenable.com/?tns_languageOverride=true)[Deutsch](https://de.tenable.com/?tns_languageOverride=true)[Français (France)](https://fr.tenable.com/?tns_languageOverride=true)[Español (América Latina)](https://es-la.tenable.com/?tns_languageOverride=true)[Português (Brasil)](https://pt-br.tenable.com/?tns_languageOverride=true)[Italiano](https://it.tenable.com/?tns_languageOverride=true)

[简体中文](https://www.tenablecloud.cn/?tns_languageOverride=true)[繁體中文](https://zh-tw.tenable.com/?tns_languageOverride=true)[日本語](https://jp.tenable.com/?tns_languageOverride=true)[한국어](https://kr.tenable.com/?tns_languageOverride=true)[العربية](https://ar.tenable.com/?tns_languageOverride=true)

[Tenable Product Login](https://cloud.tenable.com/)[Community & Support](https://connect.tenable.com/)

[Buy](https://www.tenable.com/buy)[Try](https://www.tenable.com/try)

#### [Exposure Management](https://www.tenable.com/products/tenable-one)

Manage cyber risk with one platform to find, prioritize and eliminate exposures across your attack surface.

[Find out more](https://www.tenable.com/products/tenable-one)

[AI Security](https://www.tenable.com/prod […]

[… 50,598 Zeichen — nächste Zone: keyword-dense paragraphs …]

[CVE-2026-40361](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-40361), [CVE-2026-40364](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-40364), [CVE-2026-40366](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-40366) and [CVE-2026-40367](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-40367) RCE vulnerabilities affecting Microsoft Word. Each of these RCEs were assigned CVSSv3 scores of 8.4 and rated as critical, though CVE-2026-40361 and CVE-2026-40364 were the only ones assessed to be “Exploitation More Likely.” An attacker could exploit these flaws through social engineering by sending the malicious file to an intended target. Successful exploitation would grant code execution privileges to the attacker. Additionally, Microsoft notes that the Preview Pane is an attack vector for each of these vulnerabilities.

[Exposure Management](https://www.tenable.com/products/tenable-one)[AI Security](https://www.tenable.com/products/ai-exposure)[Cloud Security](https://www.tenable.com/cloud-security/products/cnapp)[OT Security](https://www.tenable.com/products/ot-security)[Vulnerability Management](https://www.tenable.com/products/vulnerability-management)[Hexa AI](https://www.tenable.com/products/tenable-one/capabilities/hexa-ai)[Identity Security](https://www.tenable.com/products/identity-exposure)[Patch Management](https://www.tenable.com/products/patch-management)[Attack Surface Management](https://www.tenable.com/products/attack-surface-management)[Web App Scanning](https://www.tenable.com/products/web-app-scanning)[Security Tool Connectors](https://www.tenable.com/products/tenable-one/connectors)

Elevation of Privilege (EoP) vulnerabilities accounted for 48.3% of the vulnerabilities patched this month, followed by remote code execution (RCE) vulnerabilities at 24.6%.

[CVE-2026-41103](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-41103) is an elevation of privilege vulnerability affecting Microsoft Single-Sign-On (SSO) Plugin for Jira & Confluence. It was assigned a CVSSv3 score of 9.1 and is rated as critical.

[CVE-2026-33841](https://msrc.microsoft.com/updat […]

[… 49,940 Zeichen — nächste Zone: tail …]

#### Initial Response Time

P1-Critical: < 2 hr

P2-High: < 4 hr

P3-Medium: < 12 hr

P4-Informational: < 24 hr

#### Support Contacts

Support contacts must be reasonably proficient in the use of information technology, the software they have purchased from Tenable, and familiar with the customer resources that are monitored by means of the software. Support contacts must speak English and conduct support requests in English. Support contacts must provide information reasonably requested by Tenable for the purpose of reproducing any Error or otherwise resolving a support request.