Blame AI: Patch Tuesday Hits Record 206 CVEs

Voluminous patch updates could soon be the norm, as artificial intelligence accelerates the speed and scale of vulnerability discovery.

June 9, 2026

Microsoft's June 2026 Patch Tuesday update with fixes for a record 206 unique CVEs is the latest sign of what is quickly becoming the new normal for organizations as AI accelerates vulnerability discovery.

Three of the flaws in the mammoth update are previously disclosed zero-day bugs. They are part of a broader set of 13 vulnerabilities Microsoft flagged as "Exploitation More Likely," indicating heightened near-term risk for organizations. The update also includes 32 critical-severity vulnerabilities, five of which carry CVSS scores of 9.0 or higher on the 10-point scale.

As has been the case recently, a high percentage of vulnerabilities in the release are either remote code execution (RCE) vulnerabilities or elevation of privilege (EoP) bugs. Other, relatively less common vulnerability types include those that enable denial-of-service conditions, data theft, and security features bypass.