https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Fri, 05 Jun 2026 13:53:31 +0000 https://vulnerability.circl.lu/sighting/01f3be6e-2558-4316-be32-0393bc33db51/export {"uuid": "01f3be6e-2558-4316-be32-0393bc33db51", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-35436", "type": "seen", "source": "https://www.acn.gov.it/portale/w/aggiornamenti-mensili-microsoft-20", "content": "", "creation_timestamp": "2026-05-13T01:08:48.000000Z"} {"uuid": "01f3be6e-2558-4316-be32-0393bc33db51", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-35436", "type": "seen", "source": "https://www.acn.gov.it/portale/w/aggiornamenti-mensili-microsoft-20", "content": "", "creation_timestamp": "2026-05-13T01:08:48.000000Z"} https://vulnerability.circl.lu/sighting/01f3be6e-2558-4316-be32-0393bc33db51/export Wed, 13 May 2026 01:08:48 +0000 https://vulnerability.circl.lu/sighting/d5e291f0-b2f8-4d5a-b227-0a43ce1a7f3e/export {"uuid": "d5e291f0-b2f8-4d5a-b227-0a43ce1a7f3e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-35438", "type": "seen", "source": "https://www.acn.gov.it/portale/w/aggiornamenti-mensili-microsoft-20", "content": "", "creation_timestamp": "2026-05-13T01:08:48.000000Z"} {"uuid": "d5e291f0-b2f8-4d5a-b227-0a43ce1a7f3e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-35438", "type": "seen", "source": "https://www.acn.gov.it/portale/w/aggiornamenti-mensili-microsoft-20", "content": "", "creation_timestamp": "2026-05-13T01:08:48.000000Z"} https://vulnerability.circl.lu/sighting/d5e291f0-b2f8-4d5a-b227-0a43ce1a7f3e/export Wed, 13 May 2026 01:08:48 +0000 https://vulnerability.circl.lu/sighting/68936f1d-f913-44ba-80f7-021f9b8e7189/export {"uuid": "68936f1d-f913-44ba-80f7-021f9b8e7189", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-35435", "type": "seen", "source": "https://www.acn.gov.it/portale/w/aggiornamenti-mensili-microsoft-20", "content": "", "creation_timestamp": "2026-05-13T01:08:48.000000Z"} {"uuid": "68936f1d-f913-44ba-80f7-021f9b8e7189", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-35435", "type": "seen", "source": "https://www.acn.gov.it/portale/w/aggiornamenti-mensili-microsoft-20", "content": "", "creation_timestamp": "2026-05-13T01:08:48.000000Z"} https://vulnerability.circl.lu/sighting/68936f1d-f913-44ba-80f7-021f9b8e7189/export Wed, 13 May 2026 01:08:48 +0000 https://vulnerability.circl.lu/sighting/347cbdf1-6752-446b-b73f-19773f368471/export {"uuid": "347cbdf1-6752-446b-b73f-19773f368471", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-35439", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mlsl35lp3s2v", "content": "\ud83d\udccc CVE-2026-35439 - Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. https://www.cyberhub.blog/cves/CVE-2026-35439", "creation_timestamp": "2026-05-14T10:07:07.957448Z"} {"uuid": "347cbdf1-6752-446b-b73f-19773f368471", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-35439", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mlsl35lp3s2v", "content": "\ud83d\udccc CVE-2026-35439 - Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. https://www.cyberhub.blog/cves/CVE-2026-35439", "creation_timestamp": "2026-05-14T10:07:07.957448Z"} https://vulnerability.circl.lu/sighting/347cbdf1-6752-446b-b73f-19773f368471/export Thu, 14 May 2026 10:07:07 +0000 https://vulnerability.circl.lu/sighting/51b2fb5c-888a-48f2-bf09-25afae0cc165/export {"uuid": "51b2fb5c-888a-48f2-bf09-25afae0cc165", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-35433", "type": "seen", "source": "https://gist.github.com/alon710/dfd3811f977636ed8980add016a1bc17", "content": "# CVE-2026-35433: CVE-2026-35433: Heap-Based Buffer Overflow and Privilege Escalation in .NET Desktop Runtime\n\n> **CVSS Score:** 7.3\n> **Published:** 2026-05-18\n> **Full Report:** https://cvereports.com/reports/CVE-2026-35433\n\n## Summary\nCVE-2026-35433 is a high-severity Elevation of Privilege (EoP) vulnerability affecting the .NET Desktop Runtime. The flaw originates from a heap-based buffer overflow in the Windows Forms and WPF components due to improper input validation and integer overflow during binary data parsing. Successful exploitation allows a local attacker to execute arbitrary code with the privileges of the compromised application.\n\n## TL;DR\nA local attacker can trigger a heap buffer overflow in .NET Desktop Runtime (WinForms/WPF) by supplying malformed resource files or serialized payloads, potentially resulting in code execution and privilege escalation.\n\n## Technical Details\n\n- **Primary CWE**: CWE-122 (Heap-based Buffer Overflow)\n- **Attack Vector**: Local (User Interaction Required)\n- **CVSS v3.1 Score**: 7.3\n- **EPSS Score**: 0.00122 (30.67%)\n- **Impact**: Elevation of Privilege / Arbitrary Code Execution\n- **Exploit Status**: None (No public PoC)\n- **CISA KEV**: Not Listed\n\n## Affected Systems\n\n- Windows Desktop environments running .NET applications\n- Systems executing WinForms applications\n- Systems executing WPF applications\n- **.NET 10.0**: 10.0.0 <= version < 10.0.8 (Fixed in: `10.0.8`)\n- **.NET 9.0**: 9.0.0 <= version < 9.0.16 (Fixed in: `9.0.16`)\n- **.NET 8.0**: 8.0.0 <= version < 8.0.27 (Fixed in: `8.0.27`)\n- **.NET Framework**: 3.5, 4.7.2, 4.8, 4.8.1 (Fixed in: `4.8.9334.0`)\n\n## Mitigation\n\n- Apply vendor-provided patches updating the .NET runtime to secure versions.\n- Restrict the processing of untrusted .resx, .ico, and binary-serialized objects from external sources.\n- Implement strict input validation for any application handling external UI resources.\n\n**Remediation Steps:**\n1. Identify all systems running vulnerable versions of .NET 8.0, 9.0, 10.0, or .NET Framework 3.5 - 4.8.1.\n2. Deploy .NET 10.0.8, 9.0.16, or 8.0.27 to all endpoints and application servers as applicable.\n3. Deploy the May 2026 Cumulative Update for Windows environments running legacy .NET Framework versions.\n4. Restart affected applications and services to ensure the patched runtime libraries are loaded into memory.\n\n## References\n\n- [Microsoft Security Update Guide](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35433)\n- [CVE.org Record](https://www.cve.org/CVERecord?id=CVE-2026-35433)\n- [WPF Dependency Update Commit](https://github.com/dotnet/wpf/commit/09e72ae8c9b1c5410ca8ad45636c52c45a2a7f29)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-35433) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-05-18T20:10:49.000000Z"} {"uuid": "51b2fb5c-888a-48f2-bf09-25afae0cc165", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-35433", "type": "seen", "source": "https://gist.github.com/alon710/dfd3811f977636ed8980add016a1bc17", "content": "# CVE-2026-35433: CVE-2026-35433: Heap-Based Buffer Overflow and Privilege Escalation in .NET Desktop Runtime\n\n> **CVSS Score:** 7.3\n> **Published:** 2026-05-18\n> **Full Report:** https://cvereports.com/reports/CVE-2026-35433\n\n## Summary\nCVE-2026-35433 is a high-severity Elevation of Privilege (EoP) vulnerability affecting the .NET Desktop Runtime. The flaw originates from a heap-based buffer overflow in the Windows Forms and WPF components due to improper input validation and integer overflow during binary data parsing. Successful exploitation allows a local attacker to execute arbitrary code with the privileges of the compromised application.\n\n## TL;DR\nA local attacker can trigger a heap buffer overflow in .NET Desktop Runtime (WinForms/WPF) by supplying malformed resource files or serialized payloads, potentially resulting in code execution and privilege escalation.\n\n## Technical Details\n\n- **Primary CWE**: CWE-122 (Heap-based Buffer Overflow)\n- **Attack Vector**: Local (User Interaction Required)\n- **CVSS v3.1 Score**: 7.3\n- **EPSS Score**: 0.00122 (30.67%)\n- **Impact**: Elevation of Privilege / Arbitrary Code Execution\n- **Exploit Status**: None (No public PoC)\n- **CISA KEV**: Not Listed\n\n## Affected Systems\n\n- Windows Desktop environments running .NET applications\n- Systems executing WinForms applications\n- Systems executing WPF applications\n- **.NET 10.0**: 10.0.0 <= version < 10.0.8 (Fixed in: `10.0.8`)\n- **.NET 9.0**: 9.0.0 <= version < 9.0.16 (Fixed in: `9.0.16`)\n- **.NET 8.0**: 8.0.0 <= version < 8.0.27 (Fixed in: `8.0.27`)\n- **.NET Framework**: 3.5, 4.7.2, 4.8, 4.8.1 (Fixed in: `4.8.9334.0`)\n\n## Mitigation\n\n- Apply vendor-provided patches updating the .NET runtime to secure versions.\n- Restrict the processing of untrusted .resx, .ico, and binary-serialized objects from external sources.\n- Implement strict input validation for any application handling external UI resources.\n\n**Remediation Steps:**\n1. Identify all systems running vulnerable versions of .NET 8.0, 9.0, 10.0, or .NET Framework 3.5 - 4.8.1.\n2. Deploy .NET 10.0.8, 9.0.16, or 8.0.27 to all endpoints and application servers as applicable.\n3. Deploy the May 2026 Cumulative Update for Windows environments running legacy .NET Framework versions.\n4. Restart affected applications and services to ensure the patched runtime libraries are loaded into memory.\n\n## References\n\n- [Microsoft Security Update Guide](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35433)\n- [CVE.org Record](https://www.cve.org/CVERecord?id=CVE-2026-35433)\n- [WPF Dependency Update Commit](https://github.com/dotnet/wpf/commit/09e72ae8c9b1c5410ca8ad45636c52c45a2a7f29)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-35433) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-05-18T20:10:49.000000Z"} https://vulnerability.circl.lu/sighting/51b2fb5c-888a-48f2-bf09-25afae0cc165/export Mon, 18 May 2026 20:10:49 +0000 https://vulnerability.circl.lu/sighting/44d1b27d-cbfa-42a0-8915-83f07609da7c/export {"uuid": "44d1b27d-cbfa-42a0-8915-83f07609da7c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-35436", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mma3lemt7p2f", "content": "\ud83d\udccc CVE-2026-35436 - Insufficient granularity of access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally. https://www.cyberhub.blog/cves/CVE-2026-35436", "creation_timestamp": "2026-05-19T19:07:08.330502Z"} {"uuid": "44d1b27d-cbfa-42a0-8915-83f07609da7c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-35436", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mma3lemt7p2f", "content": "\ud83d\udccc CVE-2026-35436 - Insufficient granularity of access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally. https://www.cyberhub.blog/cves/CVE-2026-35436", "creation_timestamp": "2026-05-19T19:07:08.330502Z"} https://vulnerability.circl.lu/sighting/44d1b27d-cbfa-42a0-8915-83f07609da7c/export Tue, 19 May 2026 19:07:08 +0000 https://vulnerability.circl.lu/sighting/15cf3078-baac-4c25-8728-c4525c15966e/export {"uuid": "15cf3078-baac-4c25-8728-c4525c15966e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-35430", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmilu4cbmg2i", "content": "CVE-2026-35430 - Azure Privileged Identity Management (PIM) Elevation of Privilege Vulnerability\nCVE ID : CVE-2026-35430\n \n Published : May 22, 2026, 10:03 p.m. | 2\u00a0hours, 27\u00a0minutes ago\n \n Description : None\n \n Severity: 8.8 | HIGH\n \n Visit the link for more details, such as ...", "creation_timestamp": "2026-05-23T04:21:06.366222Z"} {"uuid": "15cf3078-baac-4c25-8728-c4525c15966e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-35430", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmilu4cbmg2i", "content": "CVE-2026-35430 - Azure Privileged Identity Management (PIM) Elevation of Privilege Vulnerability\nCVE ID : CVE-2026-35430\n \n Published : May 22, 2026, 10:03 p.m. | 2\u00a0hours, 27\u00a0minutes ago\n \n Description : None\n \n Severity: 8.8 | HIGH\n \n Visit the link for more details, such as ...", "creation_timestamp": "2026-05-23T04:21:06.366222Z"} https://vulnerability.circl.lu/sighting/15cf3078-baac-4c25-8728-c4525c15966e/export Sat, 23 May 2026 04:21:06 +0000 https://vulnerability.circl.lu/sighting/58e77471-0513-4389-8399-f0898b530db4/export {"uuid": "58e77471-0513-4389-8399-f0898b530db4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-35430", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mmumpujzgr2w", "content": "\ud83d\udccc CVE-2026-35430 - Authorization bypass through user-controlled key in Azure Privileged Identity Management (PIM) allows an authorized attacker to elevate privileges ove... https://www.cyberhub.blog/cves/CVE-2026-35430", "creation_timestamp": "2026-05-27T23:07:07.508968Z"} {"uuid": "58e77471-0513-4389-8399-f0898b530db4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-35430", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mmumpujzgr2w", "content": "\ud83d\udccc CVE-2026-35430 - Authorization bypass through user-controlled key in Azure Privileged Identity Management (PIM) allows an authorized attacker to elevate privileges ove... https://www.cyberhub.blog/cves/CVE-2026-35430", "creation_timestamp": "2026-05-27T23:07:07.508968Z"} https://vulnerability.circl.lu/sighting/58e77471-0513-4389-8399-f0898b530db4/export Wed, 27 May 2026 23:07:07 +0000 https://vulnerability.circl.lu/sighting/fc8bc20e-5d52-4e14-92d7-84e11b663883/export {"uuid": "fc8bc20e-5d52-4e14-92d7-84e11b663883", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-35438", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mmx6ufm33k2w", "content": "\ud83d\udccc CVE-2026-35438 - Missing authorization in Windows Admin Center allows an authorized attacker to elevate privileges over a network. https://www.cyberhub.blog/cves/CVE-2026-35438", "creation_timestamp": "2026-05-28T23:37:06.928742Z"} {"uuid": "fc8bc20e-5d52-4e14-92d7-84e11b663883", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-35438", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mmx6ufm33k2w", "content": "\ud83d\udccc CVE-2026-35438 - Missing authorization in Windows Admin Center allows an authorized attacker to elevate privileges over a network. https://www.cyberhub.blog/cves/CVE-2026-35438", "creation_timestamp": "2026-05-28T23:37:06.928742Z"} https://vulnerability.circl.lu/sighting/fc8bc20e-5d52-4e14-92d7-84e11b663883/export Thu, 28 May 2026 23:37:06 +0000 https://vulnerability.circl.lu/sighting/a62ca109-437b-4f56-a4ff-9c609f3644fe/export {"uuid": "a62ca109-437b-4f56-a4ff-9c609f3644fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-35438", "type": "seen", "source": "https://advisories.ncsc.nl/advisory?id=NCSC-2026-0141", "content": "Microsoft heeft kwetsbaarheden verholpen in Windows. Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorie\u00ebn schade:\n\n- Denial-of-Service (DoS)\n- Uitvoeren van willekeurige code (root/admin-rechten)\n- Uitvoeren van willekeurige code (gebruikersrechten)\n- Verkrijgen van verhoogde rechten\n- Omzeilen van een beveiligingsmaatregel\n- Toegang tot gevoelige gegevens\n\nDe ernstigste kwetsbaarheden hebben kenmerken CVE-2026-40402, CVE-2026-41089 en CVE-2026-41096 toegewezen gekregen en bevinden zich respectievelijk in Hyper-V, NETLOGON en de DNS Client. De kwetsbaarheid in Hyper-V stelt een geauthenticeerde kwaadwillende in staat om uit de Guest-VM te breken en toegang te krijgen tot geheugen van de host en mogelijk willekeurige code uit te voeren op de host. De kwetsbaarheden in NETLOGON en de DNS Client stellen een ongeauthenticeerde kwaadwillende op afstand in staat om willekeurige code uit te voeren op het kwetsbare systeem.\n\n**Met name Domain Controllers die toegankelijk zijn vanaf externe netwerken lopen een hoog risico voor actief misbruik van de kwetsbaarheid in NETLOGON.**\n\nHet verdient altijd aanbeveling om een systeem met de rol van Domain Controller niet publiek toegankelijk te hebben en, indien dit noodzakelijk is, additionele maatregelen te hebben genomen.\n\n**Update:** Inmiddels wordt door diverse partijen actief misbruik gemeld van CVE-2026-41089, de kwetsbaarheid in NETLOGON.\n\n```\nWindows Projected File System: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-34340 | 7.00 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Application Identity (AppID) Subsystem: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-34343 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nUndisclosed: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-41095 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Remote Desktop: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-40398 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nMicrosoft Windows DNS: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-41096 | 9.80 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nWindows Ancillary Function Driver for WinSock: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-34344 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-34345 | 7.00 | Verkrijgen van verhoogde rechten | \n| CVE-2026-35416 | 7.00 | Verkrijgen van verhoogde rechten | \n| CVE-2026-41088 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Kernel: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-33841 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-35420 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-40369 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Secure Boot: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-41097 | 6.70 | Omzeilen van beveiligingsmaatregel | \n|----------------|------|-------------------------------------|\n\nWindows Native WiFi Miniport Driver: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-32161 | 7.50 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nWindows Kernel-Mode Drivers: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-40408 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-34332 | 8.00 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nTelnet Client: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-35423 | 5.40 | Toegang tot gevoelige gegevens | \n|----------------|------|-------------------------------------|\n\nWindows Print Spooler Components: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-34342 | 7.00 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows SMB Client: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-40410 | 7.00 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Storage Spaces Controller: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-35415 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Filtering Platform (WFP): \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-32209 | 4.40 | Omzeilen van beveiligingsmaatregel | \n|----------------|------|-------------------------------------|\n\nWindows Volume Manager Extension Driver: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-40380 | 6.20 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nWindows Cryptographic Services: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-40377 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Win32K - GRFX: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-33839 | 7.00 | Verkrijgen van verhoogde rechten | \n| CVE-2026-34330 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-34331 | 7.00 | Verkrijgen van verhoogde rechten | \n| CVE-2026-34333 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-34347 | 7.00 | Verkrijgen van verhoogde rechten | \n| CVE-2026-40403 | 8.80 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nWindows Admin Center: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-35438 | 8.30 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Hyper-V: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-40402 | 9.30 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Rich Text Edit Control: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-32170 | 6.70 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Event Logging Service: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-33834 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Internet Key Exchange (IKE) Protocol: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-35424 | 7.50 | Denial-of-Service | \n|----------------|------|-------------------------------------|\n\nWindows Netlogon: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-41089 | 9.80 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nWindows Storport Miniport Driver: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-34350 | 6.50 | Denial-of-Service | \n|----------------|------|-------------------------------------|\n\nWindows Common Log File System Driver: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-40407 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-40397 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Cloud Files Mini Filter Driver: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-35418 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-33835 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-34337 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Win32K - ICOMP: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-33840 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-35417 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows GDI: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-35421 | 7.80 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nWindows Rich Text Edit: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-21530 | 6.70 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows TCP/IP: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-34351 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-35422 | 6.50 | Omzeilen van beveiligingsmaatregel | \n| CVE-2026-40399 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-40405 | 7.50 | Denial-of-Service | \n| CVE-2026-40406 | 7.50 | Toegang tot gevoelige gegevens | \n| CVE-2026-40414 | 7.40 | Denial-of-Service | \n| CVE-2026-40415 | 8.10 | Uitvoeren van willekeurige code | \n| CVE-2026-33837 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-34334 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-40401 | 6.20 | Denial-of-Service | \n| CVE-2026-40413 | 7.40 | Denial-of-Service | \n|----------------|------|-------------------------------------|\n\nWindows LDAP - Lightweight Directory Access Protocol: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-34339 | 5.50 | Denial-of-Service | \n|----------------|------|-------------------------------------|\n\nWindows Telephony Service: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-42825 | 7.00 | Verkrijgen van verhoogde rechten | \n| CVE-2026-34338 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-40382 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Message Queuing: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-34329 | 8.80 | Uitvoeren van willekeurige code | \n| CVE-2026-33838 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows DWM Core Library: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-35419 | 5.50 | Toegang tot gevoelige gegevens | \n| CVE-2026-42896 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-34336 | 7.80 | Toegang tot gevoelige gegevens | \n|----------------|------|-------------------------------------|\n\nWindows Link-Layer Discovery Protocol (LLDP): \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-34341 | 7.00 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\n```", "creation_timestamp": "2026-06-02T09:33:41.000000Z"} {"uuid": "a62ca109-437b-4f56-a4ff-9c609f3644fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-35438", "type": "seen", "source": "https://advisories.ncsc.nl/advisory?id=NCSC-2026-0141", "content": "Microsoft heeft kwetsbaarheden verholpen in Windows. Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorie\u00ebn schade:\n\n- Denial-of-Service (DoS)\n- Uitvoeren van willekeurige code (root/admin-rechten)\n- Uitvoeren van willekeurige code (gebruikersrechten)\n- Verkrijgen van verhoogde rechten\n- Omzeilen van een beveiligingsmaatregel\n- Toegang tot gevoelige gegevens\n\nDe ernstigste kwetsbaarheden hebben kenmerken CVE-2026-40402, CVE-2026-41089 en CVE-2026-41096 toegewezen gekregen en bevinden zich respectievelijk in Hyper-V, NETLOGON en de DNS Client. De kwetsbaarheid in Hyper-V stelt een geauthenticeerde kwaadwillende in staat om uit de Guest-VM te breken en toegang te krijgen tot geheugen van de host en mogelijk willekeurige code uit te voeren op de host. De kwetsbaarheden in NETLOGON en de DNS Client stellen een ongeauthenticeerde kwaadwillende op afstand in staat om willekeurige code uit te voeren op het kwetsbare systeem.\n\n**Met name Domain Controllers die toegankelijk zijn vanaf externe netwerken lopen een hoog risico voor actief misbruik van de kwetsbaarheid in NETLOGON.**\n\nHet verdient altijd aanbeveling om een systeem met de rol van Domain Controller niet publiek toegankelijk te hebben en, indien dit noodzakelijk is, additionele maatregelen te hebben genomen.\n\n**Update:** Inmiddels wordt door diverse partijen actief misbruik gemeld van CVE-2026-41089, de kwetsbaarheid in NETLOGON.\n\n```\nWindows Projected File System: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-34340 | 7.00 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Application Identity (AppID) Subsystem: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-34343 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nUndisclosed: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-41095 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Remote Desktop: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-40398 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nMicrosoft Windows DNS: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-41096 | 9.80 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nWindows Ancillary Function Driver for WinSock: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-34344 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-34345 | 7.00 | Verkrijgen van verhoogde rechten | \n| CVE-2026-35416 | 7.00 | Verkrijgen van verhoogde rechten | \n| CVE-2026-41088 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Kernel: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-33841 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-35420 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-40369 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Secure Boot: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-41097 | 6.70 | Omzeilen van beveiligingsmaatregel | \n|----------------|------|-------------------------------------|\n\nWindows Native WiFi Miniport Driver: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-32161 | 7.50 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nWindows Kernel-Mode Drivers: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-40408 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-34332 | 8.00 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nTelnet Client: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-35423 | 5.40 | Toegang tot gevoelige gegevens | \n|----------------|------|-------------------------------------|\n\nWindows Print Spooler Components: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-34342 | 7.00 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows SMB Client: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-40410 | 7.00 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Storage Spaces Controller: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-35415 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Filtering Platform (WFP): \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-32209 | 4.40 | Omzeilen van beveiligingsmaatregel | \n|----------------|------|-------------------------------------|\n\nWindows Volume Manager Extension Driver: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-40380 | 6.20 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nWindows Cryptographic Services: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-40377 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Win32K - GRFX: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-33839 | 7.00 | Verkrijgen van verhoogde rechten | \n| CVE-2026-34330 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-34331 | 7.00 | Verkrijgen van verhoogde rechten | \n| CVE-2026-34333 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-34347 | 7.00 | Verkrijgen van verhoogde rechten | \n| CVE-2026-40403 | 8.80 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nWindows Admin Center: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-35438 | 8.30 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Hyper-V: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-40402 | 9.30 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Rich Text Edit Control: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-32170 | 6.70 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Event Logging Service: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-33834 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Internet Key Exchange (IKE) Protocol: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-35424 | 7.50 | Denial-of-Service | \n|----------------|------|-------------------------------------|\n\nWindows Netlogon: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-41089 | 9.80 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nWindows Storport Miniport Driver: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-34350 | 6.50 | Denial-of-Service | \n|----------------|------|-------------------------------------|\n\nWindows Common Log File System Driver: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-40407 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-40397 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Cloud Files Mini Filter Driver: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-35418 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-33835 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-34337 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Win32K - ICOMP: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-33840 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-35417 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows GDI: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-35421 | 7.80 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nWindows Rich Text Edit: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-21530 | 6.70 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows TCP/IP: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-34351 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-35422 | 6.50 | Omzeilen van beveiligingsmaatregel | \n| CVE-2026-40399 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-40405 | 7.50 | Denial-of-Service | \n| CVE-2026-40406 | 7.50 | Toegang tot gevoelige gegevens | \n| CVE-2026-40414 | 7.40 | Denial-of-Service | \n| CVE-2026-40415 | 8.10 | Uitvoeren van willekeurige code | \n| CVE-2026-33837 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-34334 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-40401 | 6.20 | Denial-of-Service | \n| CVE-2026-40413 | 7.40 | Denial-of-Service | \n|----------------|------|-------------------------------------|\n\nWindows LDAP - Lightweight Directory Access Protocol: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-34339 | 5.50 | Denial-of-Service | \n|----------------|------|-------------------------------------|\n\nWindows Telephony Service: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-42825 | 7.00 | Verkrijgen van verhoogde rechten | \n| CVE-2026-34338 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-40382 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Message Queuing: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-34329 | 8.80 | Uitvoeren van willekeurige code | \n| CVE-2026-33838 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows DWM Core Library: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-35419 | 5.50 | Toegang tot gevoelige gegevens | \n| CVE-2026-42896 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-34336 | 7.80 | Toegang tot gevoelige gegevens | \n|----------------|------|-------------------------------------|\n\nWindows Link-Layer Discovery Protocol (LLDP): \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-34341 | 7.00 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\n```", "creation_timestamp": "2026-06-02T09:33:41.000000Z"} https://vulnerability.circl.lu/sighting/a62ca109-437b-4f56-a4ff-9c609f3644fe/export Tue, 02 Jun 2026 09:33:41 +0000