CVE-2026-20929 Windows HTTP.sys Elevation of Privilege Vulnerability
Published January 16, 2026
Improper access control in Windows HTTP.sys allows an authorized attacker to elevate privileges over a network.
Microsoft Security Response Center Blog Alerts
CVE-2026-20867 Windows Management Services Elevation of Privilege Vulnerability
Published January 16, 2026
Concurrent execution using shared resource with improper synchronization (‘race condition’) in Windows Management Services allows an authorized attacker to elevate privileges locally.
CVE-2026-20849 Windows Kerberos Elevation of Privilege Vulnerability
Published January 16, 2026
Reliance on untrusted inputs in a security decision in Windows Kerberos allows an authorized attacker to elevate privileges over a network.
Chromium: CVE-2026-0908 Use after free in ANGLE
Published January 16, 2026
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.
Chromium: CVE-2026-0907 Incorrect security UI in Split View
Published January 16, 2026
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.
Chromium: CVE-2026-0905 Insufficient policy enforcement in Network
Published January 16, 2026
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.
Chromium: CVE-2026-0906 Incorrect security UI
Published January 16, 2026
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.
Chromium: CVE-2026-0904 Incorrect security UI in Digital Credentials
Published January 16, 2026
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.
Chromium: CVE-2026-0903 Insufficient validation of untrusted input in Downloads
Published January 16, 2026
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.
Chromium: CVE-2026-0902 Inappropriate implementation in V8
Published January 16, 2026
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.
