Skip to content
Auto-CTI
Back to all deep dives
ZERO DAY INITIATIVE - BLOG

The May 2026 Security Update Review

MEDIUM patch-tuesday adobe-commerce microsoft-edge elevation-of-privilege
The May 2026 Security Update Review

Strategic summary

Microsoft and Adobe released their May 2026 security updates. Microsoft addresses 138 vulnerabilities, 30 of which are critical, including severe DNS and Netlogon flaws allowing remote code execution. Adobe fixes 52 CVEs in products such as Commerce and Connect. No active attacks are known, but immediate patching is advised.

Key findings

  • Microsoft patches 138 vulnerabilities, including a critical DNS client flaw (CVE-2026-41096) enabling unauthenticated remote code execution via malicious DNS responses.
  • The Netlogon vulnerability (CVE-2026-41089, CVSS 9.8) allows a wormable attack on domain controllers without authentication or user interaction.
  • In Dynamics 365 On-Premises (CVE-2026-42898, CVSS 9.9), an authenticated user can inject code and break out to affect other components.
  • Adobe fixes 52 CVEs, prioritizing Commerce (15 bugs) and Connect (two CVSS 9-rated issues).
  • None of the Microsoft vulnerabilities are currently under active attack or publicly known, but immediate patching is critical due to severity.

Relevance for you

Patch Tuesday roundup covering Adobe and Microsoft products (Commerce, Connect, Edge, Visual Studio) used in manufacturing and office environments; no active exploitation reported; informational value for vulnerability tracking.

Mentioned CVEs

Risk score

Review required 61
cvss base
98.00
kev bonus
0.00
epss bonus
10.00
poc bonus
15.00
raw before weight
123.00
industry weight
1.21
freshness factor
0.50
exploitability factor
1.00
days old
57.00
vendor mismatch penalty
0.00
consensus penalty
-13.00

Path: operational

Consensus check

The pipeline self-checks before delivery. These rules lowered the score:

  • CVSS_LOW_RISK High CVSS despite low-risk wording −8
  • VENDOR_MISMATCH Vendor not found in alert title −5
Consensus penalty:
−13.0
Total penalty:
−13.0

MITRE ATT&CK mapping

5 TTPs
Recon
Resource Dev
Persistence
Def. Evasion
Cred. Access
Discovery
Lateral Mov.
C2
Exfiltration
Impact
Conf.: high medium low

Procedure details

Technique Tactic Procedure Conf. Source
T1190
Exploit Public-Facing Application
Initial Access CVE-2026-41089 describes a CVSS 9.8 stack-based buffer overflow in Windows Netlogon allowing an unauthenticated remote attacker to execute code on a domain controller by sending a specially crafted network request with no credentials or user interaction required. high llm
T1068
Exploitation for Privilege Escalation
Privilege Escalation The majority of Microsoft's May 2026 patches address Elevation of Privilege bugs across Windows components, Azure, Edge, and Visual Studio, allowing local attackers to execute code at SYSTEM-level or administrative privileges, with some enabling sandbox escapes. high llm
T1059
Command and Scripting Interpreter
Execution Multiple Adobe vulnerabilities described as 'open-and-own code executions' in products such as After Effects, Illustrator, Media Encoder, Premiere Pro, and Substance 3D allow arbitrary code execution when a user opens a malicious file. medium llm
T1189
Drive-by Compromise
Initial Access Adobe Connect CVEs rated CVSS 9 and cross-site scripting (XSS) vulnerabilities across multiple Adobe products could be leveraged to execute malicious scripts in a victim's browser without requiring explicit file download. medium llm
T1530
Data from Cloud Storage
Collection Azure elevation of privilege bugs patched this month allow an attacker to access data otherwise hidden from them within Azure cloud environments. medium llm
ESC