⚡ TL;DR | Go Straight to the February 2026 Patch Tuesday Audit Report
Patch Tuesday is once again upon us. As always, our team has put together the monthly Patch Tuesday Report to help you manage your update progress. The audit report gives you a quick and clear overview of your Windows machines and their patching status. The February 2026 edition of Patch Tuesday brings us 57 fixes, with 3 rated as critical, 6 of which is actively exploited. We’ve listed the most important changes below.
Windows Shell Security Feature Bypass Vulnerability
The first exploited vulnerability this month is CVE-2026-21510, a Windows Shell security feature bypass where a remote attacker, with no privileges, can trick a user into opening a malicious link or shortcut to bypass protections like SmartScreen and Windows Shell security prompts, potentially allowing attacker-controlled content to execute without warning.
Microsoft indicates exploitation has been detected.
MSHTML Framework Security Feature Bypass Vulnerability
The second exploited vulnerability this month is CVE-2026-21513, a security feature bypass in the MSHTML Framework where a remote attacker with no privileges can trick a user into opening a malicious HTML file or .lnk shortcut (via link/email/download) to bypass file execution prompts, potentially enabling attacker-controlled content to run and leading to code execution.
Microsoft Word Security Feature Bypass Vulnerability
Last but not least is a third exploited vulnerability CVE-2026-21514, a Microsoft Word security feature bypass where a user opening a booby-trapped Office document can cause Word to make security decisions based on untrusted input, undermining Microsoft 365/Office protections designed to block risky COM/OLE behavior (it does not trigger via the Preview Pane).
Run the Patch Tuesday February 2026 Audit
To help manage your update progress, we’ve created the Patch Tuesday Audit that checks if the assets in your network are on the latest patch updates. The report has been color-coded to see which machines are up-to-date and which ones still need to be updated. As always, system administrators are urged to update their environment as soon as possible to ensure all endpoints are secured.
The Lansweeper Patch Tuesday report is automatically added to your Lansweeper Site. Lansweeper Sites is included in all our licenses without any additional cost and allows you to federate all your installations into one single view so all you need to do is look at one report, automatically added every patch Tuesday!
Patch Tuesday February 2026 CVE Codes & Titles
| CVE Number | CVE Title |
| CVE-2026-23655 | Microsoft ACI Confidential Containers Information Disclosure Vulnerability |
| CVE-2026-21537 | Microsoft Defender for Endpoint Linux Extension Remote Code Execution Vulnerability |
| CVE-2026-21533 | Windows Remote Desktop Services Elevation of Privilege Vulnerability |
| CVE-2026-21531 | Azure SDK for Python Remote Code Execution Vulnerability |
| CVE-2026-21529 | Azure HDInsight Spoofing Vulnerability |
| CVE-2026-21528 | Azure IoT Explorer Information Disclosure Vulnerability |
| CVE-2026-21527 | Microsoft Exchange Server Spoofing Vulnerability |
| CVE-2026-21525 | Windows Remote Access Connection Manager Denial of Service Vulnerability |
| CVE-2026-21523 | GitHub Copilot and Visual Studio Code Remote Code Execution Vulnerability |
| CVE-2026-21522 | Microsoft ACI Confidential Containers Elevation of Privilege Vulnerability |
| CVE-2026-21519 | Desktop Window Manager Elevation of Privilege Vulnerability |
| CVE-2026-21518 | GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability |
| CVE-2026-21517 | Windows App for Mac Installer Elevation of Privilege Vulnerability |
| CVE-2026-21516 | GitHub Copilot for Jetbrains Remote Code Execution Vulnerability |
| CVE-2026-21514 | Microsoft Word Security Feature Bypass Vulnerability |
| CVE-2026-21513 | MSHTML Framework Security Feature Bypass Vulnerability |
| CVE-2026-21512 | Azure DevOps Server Cross-Site Scripting Vulnerability |
| CVE-2026-21511 | Microsoft Outlook Spoofing Vulnerability |
| CVE-2026-21510 | Windows Shell Security Feature Bypass Vulnerability |
| CVE-2026-21508 | Windows Storage Elevation of Privilege Vulnerability |
| CVE-2026-21261 | Microsoft Excel Information Disclosure Vulnerability |
| CVE-2026-21260 | Microsoft Outlook Spoofing Vulnerability |
| CVE-2026-21259 | Microsoft Excel Elevation of Privilege Vulnerability |
| CVE-2026-21258 | Microsoft Excel Information Disclosure Vulnerability |
| CVE-2026-21257 | GitHub Copilot and Visual Studio Elevation of Privilege Vulnerability |
| CVE-2026-21256 | GitHub Copilot and Visual Studio Remote Code Execution Vulnerability |
| CVE-2026-21255 | Windows Hyper-V Security Feature Bypass Vulnerability |
| CVE-2026-21253 | Mailslot File System Elevation of Privilege Vulnerability |
| CVE-2026-21251 | Cluster Client Failover (CCF) Elevation of Privilege Vulnerability |
| CVE-2026-21250 | Windows HTTP.sys Elevation of Privilege Vulnerability |
| CVE-2026-21249 | Windows NTLM Spoofing Vulnerability |
| CVE-2026-21248 | Windows Hyper-V Remote Code Execution Vulnerability |
| CVE-2026-21247 | Windows Hyper-V Remote Code Execution Vulnerability |
| CVE-2026-21246 | Windows Graphics Component Elevation of Privilege Vulnerability |
| CVE-2026-21245 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2026-21244 | Windows Hyper-V Remote Code Execution Vulnerability |
| CVE-2026-21243 | Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability |
| CVE-2026-21242 | Windows Subsystem for Linux Elevation of Privilege Vulnerability |
| CVE-2026-21241 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability |
| CVE-2026-21240 | Windows HTTP.sys Elevation of Privilege Vulnerability |
| CVE-2026-21239 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2026-21238 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability |
| CVE-2026-21237 | Windows Subsystem for Linux Elevation of Privilege Vulnerability |
| CVE-2026-21236 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability |
| CVE-2026-21235 | Windows Graphics Component Elevation of Privilege Vulnerability |
| CVE-2026-21234 | Windows Connected Devices Platform Service Elevation of Privilege Vulnerability |
| CVE-2026-21232 | Windows HTTP.sys Elevation of Privilege Vulnerability |
| CVE-2026-21231 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2026-21229 | Power BI Remote Code Execution Vulnerability |
| CVE-2026-21228 | Azure Local Remote Code Execution Vulnerability |
| CVE-2026-21222 | Windows Kernel Information Disclosure Vulnerability |
| CVE-2026-21218 | .NET Spoofing Vulnerability |
| CVE-2026-20846 | GDI+ Denial of Service Vulnerability |
| CVE-2026-20841 | Windows Notepad App Remote Code Execution Vulnerability |
| CVE-2023-2804 | Red Hat, Inc. CVE-2023-2804: Heap Based Overflow libjpeg-turbo |
| CVE-2025-2884 | Cert CC: CVE-2025-2884 Out-of-Bounds read vulnerability in TCG TPM2.0 reference implementation |
| CVE-2016-9535 | MITRE CVE-2016-9535: LibTIFF Heap Buffer Overflow Vulnerability |