Microsoft’s June 2026 Patch Tuesday updates fix roughly 200 vulnerabilities discovered in the company’s products.
None of the flaws addressed this month appears to have been exploited in the wild, but three issues were publicly disclosed before Microsoft patched them.
One of them is CVE-2026-49160, described as a denial-of-service (DoS) issue affecting Windows. This vulnerability is related to HTTP2/Bomb, an attack technique that could affect hundreds of thousands of websites, and which can be used to knock web servers offline in seconds.
Another disclosed vulnerability is CVE-2026-50507, a Windows BitLocker security bypass that can allow an attacker with physical access to the targeted system to access encrypted data.
The security hole may be related to YellowKey, one of the several exploits released by a researcher known online as Chaotic Eclipse and Nightmare Eclipse, who began leaking PoC code after a disagreement with Microsoft. Several of the exploits leaked by the researcher have been exploited in the wild.
