Microsoft’s May 2026 Patch Tuesday Addresses 118 CVEs (CVE-2026-41103)

Microsoft's May 2026 Patch Tuesday addressed 118 CVEs (16 critical, 102 important), with elevation-of-privilege issues comprising ~48.3% and remote code execution ~24.6% of fixes. Notable fixes include a critical Microsoft SSO Plugin for Jira & Confluence EoP (CVE-2026-41103, CVSS 9.1, Exploitation More Likely), multiple Windows Kernel EoPs (CVE-2026-33841, CVE-2026-35420, CVE-2026-40369), several Microsoft Word RCEs exploitable via emailed/malicious documents, and a high-severity Netlogon RCE (CVE-2026-41089, CVSS 9.8) assessed as “Exploitation Less Likely.” Tenable recommends prompt patching and scanning to identify unpatched systems; Microsoft reported no zero-days observed exploited in the wild for this release.