May 2026 Patch Tuesday: 137 Vulnerabilities, No Zero-Days

Microsoft's May 2026 Patch Tuesday addresses 137 vulnerabilities (30 Critical), including several high-CVSS remote code execution and elevation-of-privilege flaws such as CVE-2026-42826 (CVSS 10.0) and multiple networking-related RCEs; the release contains no zero-days or reported active exploitation, but organizations are urged to prioritize patching for domain controllers, DNS Client, Netlogon, Dynamics 365 on-premises, Hyper-V, Office/Word, and affected cloud services.