Microsoft March 2026 Patch Tuesday fixes 2 zero-days, 79 flaws

Tag

CVE ID

CVE Title

Severity

.NET

CVE-2026-26131

.NET Elevation of Privilege Vulnerability

Vital

.NET

CVE-2026-26127

.NET Denial of Service Vulnerability

Vital

Lively Listing Area Companies

CVE-2026-25177

Lively Listing Area Companies Elevation of Privilege Vulnerability

Vital

ASP.NET Core

CVE-2026-26130

ASP.NET Core Denial of Service Vulnerability

Vital

Azure Arc

CVE-2026-26141

Hybrid Employee Extension (Arc-enabled Home windows VMs) Elevation of Privilege Vulnerability

Vital

Azure Compute Gallery

CVE-2026-23651

Microsoft ACI Confidential Containers Elevation of Privilege Vulnerability

Vital

Azure Compute Gallery

CVE-2026-26124

Microsoft ACI Confidential Containers Elevation of Privilege Vulnerability

Vital

Azure Compute Gallery

CVE-2026-26122

Microsoft ACI Confidential Containers Data Disclosure Vulnerability

Vital

Azure Entra ID

CVE-2026-26148

Microsoft Azure AD SSH Login extension for Linux Elevation of Privilege Vulnerability

Vital

Azure IoT Explorer

CVE-2026-26121

Azure IOT Explorer Spoofing Vulnerability

Vital

Azure IoT Explorer

CVE-2026-23662

Azure IoT Explorer Data Disclosure Vulnerability

Vital

Azure IoT Explorer

CVE-2026-23661

Azure IoT Explorer Data Disclosure Vulnerability

Vital

Azure IoT Explorer

CVE-2026-23664

Azure IoT Explorer Data Disclosure Vulnerability

Vital

Azure Linux Digital Machines

CVE-2026-23665

Linux Azure Diagnostic extension (LAD) Elevation of Privilege Vulnerability

Vital

Azure MCP Server

CVE-2026-26118

Azure MCP Server Instruments Elevation of Privilege Vulnerability

Vital

Azure Portal Home windows Admin Middle

CVE-2026-23660

Home windows Admin Middle in Azure Portal Elevation of Privilege Vulnerability

Vital

Azure Home windows Digital Machine Agent

CVE-2026-26117

Arc Enabled Servers – Azure Linked Machine Agent Elevation of Privilege Vulnerability

Vital

Broadcast DVR

CVE-2026-23667

Broadcast DVR Elevation of Privilege Vulnerability

Vital

Linked Gadgets Platform Service (Cdpsvc)

CVE-2026-24292

Home windows Linked Gadgets Platform Service Elevation of Privilege Vulnerability

Vital

GitHub Repo: zero-shot-scfoundation

CVE-2026-23654

GitHub: Zero Shot SCFoundation Distant Code Execution Vulnerability

Vital

Mariner

CVE-2026-23235

f2fs: repair out-of-bounds entry in sysfs attribute learn/write

Vital

Mariner

CVE-2026-23234

f2fs: repair to keep away from UAF in f2fs_write_end_io()

Vital

Mariner

CVE-2026-3713

pnggroup libpng pnm2png pnm2png.c do_pnm2png heap-based overflow

Reasonable

Mariner

CVE-2026-23237

platform/x86: classmate-laptop: Add lacking NULL pointer checks

Reasonable

Mariner

CVE-2026-26017

CoreDNS ACL Bypass

Vital

Mariner

CVE-2026-26018

CoreDNS Loop Detection Denial of Service Vulnerability

Vital

Mariner

CVE-2026-2297

SourcelessFileLoader doesn’t use io.open_code()

Reasonable

Mariner

CVE-2026-0038

In a number of capabilities of mem_protect.c, there’s a doable approach to execute arbitrary code resulting from a logic error within the code. This might result in native escalation of privilege with no extra execution privileges wanted. Consumer interplay will not be wanted for exploitation.

Vital

Mariner

CVE-2026-27601

Underscore.js has limitless recursion in _.flatten and _.isEqual, potential for DoS assault

Vital

Mariner

CVE-2026-23236

fbdev: smscufx: correctly copy ioctl reminiscence to kernelspace

Reasonable

Mariner

CVE-2026-23865

An integer overflow within the tt_var_load_item_variation_store perform of the Freetype library in variations 2.13.2 and a couple of.13.3 could permit for an out of bounds learn operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This concern is mounted in model 2.14.2.

Reasonable

Mariner

CVE-2025-71238

scsi: qla2xxx: Repair bsg_done() inflicting double free

Reasonable

Mariner

CVE-2026-3338

PKCS7_verify Signature Validation Bypass in AWS-LC

Vital

Mariner

CVE-2026-23231

netfilter: nf_tables: repair use-after-free in nf_tables_addchain()

Vital

Mariner

CVE-2026-3381

Compress::Uncooked::Zlib variations by 2.219 for Perl use doubtlessly insecure variations of zlib

Vital

Mariner

CVE-2026-0031

In a number of capabilities of mem_protect.c, there’s a doable out of bounds write resulting from an integer overflow. This might result in native escalation of privilege with no extra execution privileges wanted. Consumer interplay will not be wanted for exploitation.

Vital

Mariner

CVE-2026-23238

romfs: examine sb_set_blocksize() return worth

Reasonable

Mariner

CVE-2026-3494

MariaDB Server Audit Plugin Remark Dealing with Bypass

Reasonable

Mariner

CVE-2026-3336

PKCS7_verify Certificates Chain Validation Bypass in AWS-LC

Vital

Mariner

CVE-2026-0032

In a number of capabilities of mem_protect.c, there’s a doable out-of-bounds write resulting from a logic error within the code. This might result in native escalation of privilege with no extra execution privileges wanted. Consumer interplay will not be wanted for exploitation.

Vital

Microsoft Authenticator

CVE-2026-26123

Microsoft Authenticator Data Disclosure Vulnerability

Vital

Microsoft Brokering File System

CVE-2026-25167

Microsoft Brokering File System Elevation of Privilege Vulnerability

Vital

Microsoft Gadgets Pricing Program

CVE-2026-21536

Microsoft Gadgets Pricing Program Distant Code Execution Vulnerability

Vital

Microsoft Edge (Chromium-based)

CVE-2026-3544

Chromium: CVE-2026-3544 Heap buffer overflow in WebCodecs

Unknown

Microsoft Edge (Chromium-based)

CVE-2026-3540

Chromium: CVE-2026-3540 Inappropriate implementation in WebAudio

Unknown

Microsoft Edge (Chromium-based)

CVE-2026-3536

Chromium: CVE-2026-3536 Integer overflow in ANGLE

Unknown

Microsoft Edge (Chromium-based)

CVE-2026-3538

Chromium: CVE-2026-3538 Integer overflow in Skia

Unknown

Microsoft Edge (Chromium-based)

CVE-2026-3545

Chromium: CVE-2026-3545 Inadequate knowledge validation in Navigation

Unknown

Microsoft Edge (Chromium-based)

CVE-2026-3541

Chromium: CVE-2026-3541 Inappropriate implementation in CSS

Unknown

Microsoft Edge (Chromium-based)

CVE-2026-3543

Chromium: CVE-2026-3543 Inappropriate implementation in V8

Unknown

Microsoft Edge (Chromium-based)

CVE-2026-3539

Chromium: CVE-2026-3539 Object lifecycle concern in DevTools

Unknown

Microsoft Edge (Chromium-based)

CVE-2026-3542

Chromium: CVE-2026-3542 Inappropriate implementation in WebAssembly

Unknown

Microsoft Graphics Element

CVE-2026-25169

Home windows Graphics Element Denial of Service Vulnerability

Vital

Microsoft Graphics Element

CVE-2026-25180

Home windows Graphics Element Data Disclosure Vulnerability

Vital

Microsoft Graphics Element

CVE-2026-25168

Home windows Graphics Element Denial of Service Vulnerability

Vital

Microsoft Graphics Element

CVE-2026-23668

Home windows Graphics Element Elevation of Privilege Vulnerability

Vital

Microsoft Workplace

CVE-2026-26110

Microsoft Workplace Distant Code Execution Vulnerability

Vital

Microsoft Workplace

CVE-2026-26113

Microsoft Workplace Distant Code Execution Vulnerability

Vital

Microsoft Workplace

CVE-2026-26134

Microsoft Workplace Elevation of Privilege Vulnerability

Vital

Microsoft Workplace Excel

CVE-2026-26144

Microsoft Excel Data Disclosure Vulnerability

Vital

Microsoft Workplace Excel

CVE-2026-26109

Microsoft Excel Distant Code Execution Vulnerability

Vital

Microsoft Workplace Excel

CVE-2026-26108

Microsoft Excel Distant Code Execution Vulnerability

Vital

Microsoft Workplace Excel

CVE-2026-26107

Microsoft Excel Distant Code Execution Vulnerability

Vital

Microsoft Workplace Excel

CVE-2026-26112

Microsoft Excel Distant Code Execution Vulnerability

Vital

Microsoft Workplace SharePoint

CVE-2026-26105

Microsoft SharePoint Server Spoofing Vulnerability

Vital

Microsoft Workplace SharePoint

CVE-2026-26114

Microsoft SharePoint Server Distant Code Execution Vulnerability

Vital

Microsoft Workplace SharePoint

CVE-2026-26106

Microsoft SharePoint Server Distant Code Execution Vulnerability

Vital

Microsoft Semantic Kernel Python SDK

CVE-2026-26030

GitHub: CVE-2026-26030 Microsoft Semantic Kernel InMemoryVectorStore filter performance susceptible

Vital

Fee Orchestrator Service

CVE-2026-26125

Fee Orchestrator Service Elevation of Privilege Vulnerability

Vital

Push Message Routing Service

CVE-2026-24282

Push message Routing Service Elevation of Privilege Vulnerability

Vital

Position: Home windows Hyper-V

CVE-2026-25170

Home windows Hyper-V Elevation of Privilege Vulnerability

Vital

SQL Server

CVE-2026-21262

SQL Server Elevation of Privilege Vulnerability

Vital

SQL Server

CVE-2026-26116

SQL Server Elevation of Privilege Vulnerability

Vital

SQL Server

CVE-2026-26115

SQL Server Elevation of Privilege Vulnerability

Vital

System Middle Operations Supervisor

CVE-2026-20967

System Middle Operations Supervisor (SCOM) Elevation of Privilege Vulnerability

Vital

Home windows Accessibility Infrastructure (ATBroker.exe)

CVE-2026-25186

Home windows Accessibility Infrastructure (ATBroker.exe) Data Disclosure Vulnerability

Vital

Home windows Accessibility Infrastructure (ATBroker.exe)

CVE-2026-24291

Home windows Accessibility Infrastructure (ATBroker.exe) Elevation of Privilege Vulnerability

Vital

Home windows Ancillary Perform Driver for WinSock

CVE-2026-25179

Home windows Ancillary Perform Driver for WinSock Elevation of Privilege Vulnerability

Vital

Home windows Ancillary Perform Driver for WinSock

CVE-2026-24293

Home windows Ancillary Perform Driver for WinSock Elevation of Privilege Vulnerability

Vital

Home windows Ancillary Perform Driver for WinSock

CVE-2026-25176

Home windows Ancillary Perform Driver for WinSock Elevation of Privilege Vulnerability

Vital

Home windows Ancillary Perform Driver for WinSock

CVE-2026-25178

Home windows Ancillary Perform Driver for WinSock Elevation of Privilege Vulnerability

Vital

Home windows App Installer

CVE-2026-23656

Home windows App Installer Spoofing Vulnerability

Vital

Home windows Authentication Strategies

CVE-2026-25171

Home windows Authentication Elevation of Privilege Vulnerability

Vital

Home windows Bluetooth RFCOM Protocol Driver

CVE-2026-23671

Home windows Bluetooth RFCOM Protocol Driver Elevation of Privilege Vulnerability

Vital

Home windows Gadget Affiliation Service

CVE-2026-24296

Home windows Gadget Affiliation Service Elevation of Privilege Vulnerability

Vital

Home windows Gadget Affiliation Service

CVE-2026-24295

Home windows Gadget Affiliation Service Elevation of Privilege Vulnerability

Vital

Home windows DWM Core Library

CVE-2026-25189

Home windows DWM Core Library Elevation of Privilege Vulnerability

Vital

Home windows Extensible File Allocation

CVE-2026-25174

Home windows Extensible File Allocation Desk Elevation of Privilege Vulnerability

Vital

Home windows File Server

CVE-2026-24283

A number of UNC Supplier Kernel Driver Elevation of Privilege Vulnerability

Vital

Home windows GDI

CVE-2026-25190

GDI Distant Code Execution Vulnerability

Vital

Home windows GDI+

CVE-2026-25181

GDI+ Data Disclosure Vulnerability

Vital

Home windows Kerberos

CVE-2026-24297

Home windows Kerberos Safety Function Bypass Vulnerability

Vital

Home windows Kernel

CVE-2026-26132

Home windows Kernel Elevation of Privilege Vulnerability

Vital

Home windows Kernel

CVE-2026-24289

Home windows Kernel Elevation of Privilege Vulnerability

Vital

Home windows Kernel

CVE-2026-24287

Home windows Kernel Elevation of Privilege Vulnerability

Vital

Home windows MapUrlToZone

CVE-2026-23674

MapUrlToZone Safety Function Bypass Vulnerability

Vital

Home windows Cellular Broadband

CVE-2026-24288

Home windows Cellular Broadband Driver Distant Code Execution Vulnerability

Vital

Home windows NTFS

CVE-2026-25175

Home windows NTFS Elevation of Privilege Vulnerability

Vital

Home windows Efficiency Counters

CVE-2026-25165

Efficiency Counters for Home windows Elevation of Privilege Vulnerability

Vital

Home windows Print Spooler Parts

CVE-2026-23669

Home windows Print Spooler Distant Code Execution Vulnerability

Vital

Home windows Projected File System

CVE-2026-24290

Home windows Projected File System Elevation of Privilege Vulnerability

Vital

Home windows Resilient File System (ReFS)

CVE-2026-23673

Home windows Resilient File System (ReFS) Elevation of Privilege Vulnerability

Vital

Home windows Routing and Distant Entry Service (RRAS)

CVE-2026-26111

Home windows Routing and Distant Entry Service (RRAS) Distant Code Execution Vulnerability

Vital

Home windows Routing and Distant Entry Service (RRAS)

CVE-2026-25173

Home windows Routing and Distant Entry Service (RRAS) Distant Code Execution Vulnerability

Vital

Home windows Routing and Distant Entry Service (RRAS)

CVE-2026-25172

Home windows Routing and Distant Entry Service (RRAS) Distant Code Execution Vulnerability

Vital

Home windows Shell Hyperlink Processing

CVE-2026-25185

Home windows Shell Hyperlink Processing Spoofing Vulnerability

Vital

Home windows SMB Server

CVE-2026-26128

Home windows SMB Server Elevation of Privilege Vulnerability

Vital

Home windows SMB Server

CVE-2026-24294

Home windows SMB Server Elevation of Privilege Vulnerability

Vital

Home windows System Picture Supervisor

CVE-2026-25166

Home windows System Picture Supervisor Evaluation and Deployment Package (ADK) Distant Code Execution Vulnerability

Vital

Home windows Telephony Service

CVE-2026-25188

Home windows Telephony Service Elevation of Privilege Vulnerability

Vital

Home windows Common Disk Format File System Driver (UDFS)

CVE-2026-23672

Home windows Common Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability

Vital

Home windows Win32K

CVE-2026-24285

Win32k Elevation of Privilege Vulnerability

Vital

Winlogon

CVE-2026-25187

Winlogon Elevation of Privilege Vulnerability

Vital