CVE Brief - May 24, 2026

Sunday, May 24, 2026

Today's Security Snapshot

Critical vulnerabilities, curated daily for security professionals

🎯 SSCV Profile

See how vulnerabilities affect your specific environment

CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework

Select your system profile:

Risk scores will be adjusted based on your selected environment

Today's Security Brief

Sunday's vulnerability landscape is dominated by ten actively exploited CVEs spanning Microsoft Defender, Trend Micro Apex One, Drupal Core, and a cluster of long-standing Microsoft client-side flaws. No new Critical or High-priority CVEs were disclosed yesterday, matching the prior day's zero Critical count and reflecting a -100% change in High-priority disclosures. Notable exploited issues include CVE-2026-41091 and CVE-2026-45498 in Microsoft Defender, CVE-2026-34926 in Trend Micro Apex One, and CVE-2026-9082 in Drupal Core, all rated CVSS 9.5. Endpoint security platforms and content management systems remain the focal point for attackers, alongside continued opportunistic exploitation of decade-old Microsoft Internet Explorer and DirectX vulnerabilities against unpatched environments. With zero new disclosures requiring triage, defenders should redirect capacity toward verifying patch coverage on the exploited products listed below.

Microsoft Defender and Trend Micro Apex One headline active exploitation, signaling attacker focus on endpoint security tooling itself
Zero new Critical CVEs disclosed (unchanged from prior day)
Zero new High-priority CVEs disclosed (-100% from prior day's 6)
Exploitation patterns span modern enterprise security products (Defender, Apex One, Langflow) and legacy Microsoft client software (IE, DirectX, Windows)
Patch availability for newly disclosed CVEs is 0% because no new CVEs were published; patches exist for all 10 actively exploited items
10 CVEs on the actively exploited list, including CVE-2026-9082 (Drupal Core) and CVE-2025-34291 (Langflow)

Immediate action: Prioritize patch verification on Microsoft Defender (CVE-2026-41091, CVE-2026-45498), Trend Micro Apex One (CVE-2026-34926), Drupal Core (CVE-2026-9082), and Langflow (CVE-2025-34291), since these are confirmed under active exploitation. Vendor patches are available for all ten exploited CVEs, so today's effort should focus on coverage gap analysis and confirming deployment across endpoint security and public-facing web stacks.

💡 Tip: Swipe CVE cards left to ⭐ star, right to ❌ remove

CISA Known Exploited Vulnerabilities

⚠️ CISA KEV URGENT

CVE-2026-9082

9.5

Drupal Core May 21, 2026

⏰ Federal Deadline: May 26, 2026 (3 days remaining)

Drupal Core SQL Injection Vulnerability - Active in CISA KEV catalog.

CVSS Base 9.5

→

CRS Select profile

⚠️ CISA KEV

CVE-2008-4250

9.5 📜 Late Disclosure

Microsoft Windows May 19, 2026

⏰ Federal Deadline: June 2, 2026 (10 days remaining)

Microsoft Windows Buffer Overflow Vulnerability - Active in CISA KEV catalog.

CVSS Base 9.5

→

CRS Select profile

⚠️ CISA KEV

CVE-2009-1537

9.5 📜 Late Disclosure

Microsoft DirectX May 19, 2026

⏰ Federal Deadline: June 2, 2026 (10 days remaining)

Microsoft DirectX NULL Byte Overwrite Vulnerability - Active in CISA KEV catalog.

CVSS Base 9.5

→

CRS Select profile

⚠️ CISA KEV

CVE-2009-3459

9.5 📜 Late Disclosure

Adobe Acrobat and Reader May 19, 2026

⏰ Federal Deadline: June 2, 2026 (10 days remaining)

Adobe Acrobat and Reader Heap-Based Buffer Overflow Vulnerability - Active in CISA KEV catalog.

CVSS Base 9.5

→

CRS Select profile

⚠️ CISA KEV

CVE-2010-0249

9.5 📜 Late Disclosure

Microsoft Internet Explorer May 19, 2026

⏰ Federal Deadline: June 2, 2026 (10 days remaining)

Microsoft Internet Explorer Use-After-Free Vulnerability - Active in CISA KEV catalog.

CVSS Base 9.5

→

CRS Select profile

⚠️ CISA KEV

CVE-2010-0806

9.5 📜 Late Disclosure

Microsoft Internet Explorer May 19, 2026

⏰ Federal Deadline: June 2, 2026 (10 days remaining)

Microsoft Internet Explorer Use-After-Free Vulnerability - Active in CISA KEV catalog.

CVSS Base 9.5

→

CRS Select profile

⚠️ CISA KEV

CVE-2026-41091

9.5

Microsoft Defender May 19, 2026

⏰ Federal Deadline: June 2, 2026 (10 days remaining)

Microsoft Defender Link Following Vulnerability - Active in CISA KEV catalog.

CVSS Base 9.5

→

CRS Select profile

⚠️ CISA KEV

CVE-2026-45498

9.5

Microsoft Defender May 19, 2026

⏰ Federal Deadline: June 2, 2026 (10 days remaining)

Microsoft Defender Denial of Service Vulnerability - Active in CISA KEV catalog.

CVSS Base 9.5

→

CRS Select profile

⚠️ CISA KEV

CVE-2025-34291

9.5

Langflow Langflow May 20, 2026

⏰ Federal Deadline: June 3, 2026 (11 days remaining)

Langflow Origin Validation Error Vulnerability - Active in CISA KEV catalog.

CVSS Base 9.5

→

CRS Select profile

⚠️ CISA KEV

CVE-2026-34926

9.5

Trend Micro Apex One May 20, 2026

⏰ Federal Deadline: June 3, 2026 (11 days remaining)

Trend Micro Apex One (On-Premise) Directory Traversal Vulnerability - Active in CISA KEV catalog.

CVSS Base 9.5

→

CRS Select profile

CVE Brief Security Intelligence

Today's Security Snapshot

🎯 SSCV Profile

Today's Security Brief

CISA Known Exploited Vulnerabilities

CVE-2026-9082

CVE-2008-4250

CVE-2009-1537

CVE-2009-3459

CVE-2010-0249

CVE-2010-0806

CVE-2026-41091

CVE-2026-45498

CVE-2025-34291

CVE-2026-34926

⭐ Starred CVEs

Today's Security Snapshot

🎯 SSCV Profile

📊 Today's Security Brief

Section Navigation

⚠️ CISA Known Exploited Vulnerabilities

⭐ Starred CVEs

Today's Security Brief

CISA Known Exploited Vulnerabilities