Technology11 sources · 11 articles

Microsoft patches 137 vulnerabilities in May 2026 Patch Tuesday

Microsoft's May 2026 Patch Tuesday addressed 137 CVEs across its product line, with sources citing between 13 and 30 rated critical and no actively exploited zero-days reported.

First reported

By Cisco Talos on May 11, 2026 at 8:00 PM EDT

Last update

May 14, 2026 at 5:14 AM EDT

11 sources · 11 articles

11 sources write about this

CyberScoopDark ReadingSecurityWeekCisco TalosThe RegisterSANS Internet Storm CenterSplashtopLansweeper

Framing Analytics

How the story is being framed

Signals that separate source coverage from tone, framing, factual density, and emotional pull.

Not a truth score

Reality Gap

0/100

Broad agreement in the source set

Shared realitySeparate realities

Hype Meter

15/100

Mostly restrained tone

Fact Density

90% facts

10% opinion, speculation, or commentary

90%

Hard facts

10%

Opinion / framing

Emotion Radar

Fear 0/10

Detected emotional pull in coverage

0/10

Fear

0/10

Anger

0/10

Hope

0/10

Joy / Pride

Coverage Spectrum

Center coverage leads this sample

This is not a truth score. It shows which parts of the media landscape are covering the story.

Center

Left

100%

Center

Right

No tracked coverage from left or right sources in this sample.

Blindspot: Coverage is concentrated among mainstream national outlets; partisan, local, and niche publishers may still be underrepresented in this sample.

Microsoft patches 137 vulnerabilities in May 2026 Patch Tuesday — Photo: Image via unsplash (Image for illustrative purposes only)

In brief

Microsoft's May 2026 Patch Tuesday addressed 137 CVEs across its product line, with sources citing between 13 and 30 rated critical and no actively exploited zero-days reported.

Facts about this story

1
Microsoft's May 2026 Patch Tuesday addressed a total of 137 CVEs, as reported by the majority of sources.
2
The number of critical-rated vulnerabilities varies by source, with figures ranging from 13 to 30 depending on classification methodology.
3
No zero-day vulnerabilities under active exploitation were included in the May 2026 release.
4
Cisco Talos and SOCRadar published Snort rules and prioritization guidance alongside the update.
5
The release follows Microsoft's standard second-Tuesday-of-the-month patch cadence.

How outlets are covering it

CyberScoop

2 days ago

Microsoft addresses 137 vulnerabilities in May’s Patch Tuesday, including 13 rated critical

“CyberScoop leads with the headline CVE total and critical count, framing the release as a significant but zero-day-free monthly update.”

Read original source

Dark Reading

2 days ago

It's Patch Tuesday for Microsoft & Not a Zero-Day In Sight

“Dark Reading emphasizes the absence of zero-days as the defining characteristic of this release.”

Read original source

SecurityWeek

1 day ago

Microsoft Patches 137 Vulnerabilities

“SecurityWeek takes a straightforward volume-focused approach, leading with the aggregate CVE count.”

Read original source

Cisco Talos

2 days ago

Microsoft Patch Tuesday for May 2026 — Snort rules and prominent vulnerabilities

“Cisco Talos provides practitioner-oriented coverage, pairing vulnerability analysis with ready-to-deploy Snort detection rules.”

Read original source

The Register

1 day ago

Doozy of a Patch Tuesday includes 30 critical Microsoft CVEs

“The Register reports a higher critical count of 30, reflecting a broader classification scope, and frames the release as unusually large.”

Read original source

SANS Internet Storm Center

1 day ago

Microsoft May 2026 Patch Tuesday

“SANS Internet Storm Center offers a technical digest aimed at security operations teams.”

Read original source

Splashtop

2 days ago

May 2026 Patch Tuesday - 137 CVEs to Prioritize

“Splashtop frames the release through a prioritization lens for IT administrators managing endpoints.”

Read original source

Lansweeper

1 day ago

Microsoft Patch Tuesday – May 2026

“Lansweeper provides asset-management-oriented coverage to help teams inventory affected systems.”

Read original source

Tenable

1 day ago

Microsoft’s May 2026 Patch Tuesday Addresses 118 CVEs

“Tenable reports a lower CVE count of 118, reflecting a scoping difference, and highlights one specific CVE identifier in its analysis.”

Read original source

Eastern Herald

1 day ago

Microsoft Fixes 120 Windows Flaws in Massive May 2026 Patch Tuesday

“Eastern Herald focuses specifically on the Windows platform subset of the broader release, citing a figure of 120 flaws.”

Read original source

X/Twitter: SOCRadar

2 days ago

May 2026 Patch Tuesday: 137 Vulnerabilities, No Zero-Days

“SOCRadar's social post concisely confirms the 137-CVE total and the absence of zero-days, consistent with mainstream reporting.”

Read original source

Background

Microsoft's Patch Tuesday is a monthly structured disclosure cycle, released on the second Tuesday of each month, through which the company addresses security vulnerabilities across Windows, Office, Azure, and related software. The format allows enterprise IT and security teams to plan, test, and stage updates systematically, though the urgency of any given month's release depends on the severity and exploitability of included flaws. The absence of zero-days in May 2026 is a notable distinction from several recent cycles in which Microsoft disclosed vulnerabilities already under active exploitation at time of patching. Variation in reported CVE and critical-flaw counts across outlets reflects differing scoping conventions - some vendors exclude third-party or advisory-only entries - rather than factual disagreement about the underlying release.