The New Normal: Volume Is Elevated, AI Is In the Stack, and the Next Wave Is Coming.

May 2026 Patch Tuesday arrived today with 120 confirmed Microsoft CVEs, 128 additional Edge/Chromium fixes, and patches landing across AI tooling including M365 Copilot, GitHub Copilot, and Azure ML for the first time as a meaningful attack surface category. We updated our monthly analysis with verified May data alongside the full April record.

This is the second edition of the Brinqa Research Team monthly vulnerability landscape analysis. If you missed April's edition, the background: on April 7, Anthropic announced Project Glasswing and Claude Mythos Preview, a model capable of autonomously finding and chaining zero-day vulnerabilities at a scale and speed that previously required elite human researchers. Anthropic restricted access to a closed coalition of roughly 50 organizations including Microsoft, Google, Apple, Cisco, CrowdStrike, and Palo Alto Networks with a mandate to use it defensively. The April edition covered the initial patch surge that followed.

Five weeks later, May Patch Tuesday landed today and the picture is sharpening. April was the record-setting opening act, with two actively exploited zero-days and simultaneous spikes across every major vendor. May pulls the core count back from that peak but volume is still 43% above the Q1 baseline. What changed this month is the character of what is being patched. AI tooling appeared as a meaningful patch category for the first time, with Microsoft shipping security fixes for M365 Copilot, GitHub Copilot, and Azure Machine Learning. Mozilla disclosed that running Mythos against Firefox 150 before release surfaced 271 vulnerabilities, the first concrete data point on what AI-assisted discovery looks like at scale in a real production codebase. And Oracle restructured its patch release cadence for the first time in two decades.

The coordinated Mythos disclosure wave has not started. The early July window is approximately eight weeks out. Here is the verified monthly data and what it means for your exposure management program.

The Numbers: April Set the Record, May Confirms the New Floor

Each month we pull vendor advisory data and cross-reference it against independent analysis from Tenable, Qualys, CrowdStrike, Rapid7, BleepingComputer, and the Zero Day Initiative. The counting methodologies vary across sources, and we note where they diverge. Here is the verified 2026 picture through today.

Microsoft: April Tied the All-Time Record, May Runs 43% Above the Pre-April Baseline

Microsoft's April Patch Tuesday addressed 167 CVEs, tying the all-time single-month record set in October 2025. Tenable's Senior Staff Research Engineer Satnam Narang confirmed it as "the second-biggest Patch Tuesday ever for Microsoft." On top of those 167, Microsoft shipped patches for 80 additional browser vulnerabilities in a single week.

May came in at 120 core CVEs confirmed by BleepingComputer, a meaningful step down from April's record but still 43% above the Q1 monthly average of 84. Qualys counts 137 when Azure, Copilot, and Edge fixes are included. May is the first Patch Tuesday with no confirmed zero-days at release since June 2024. That is genuinely notable, but it does not change the workload for remediation teams. Twenty-nine of the May CVEs are rated Critical Remote Code Execution (RCE) flaws, several carry CVSS scores above 9.0, and two of the highest-severity Windows flaws are rated Exploitation More Likely by Microsoft's own assessment.

It is also worth noting that Microsoft issued two out-of-band emergency patches after April's release. The first addressed domain controllers entering restart loops. The second, issued April 21, closed CVE-2026-40372, a Critical ASP.NET Core privilege escalation at CVSS 9.1. Teams that applied April updates without the OOB fixes should treat May as a catch-up priority on both counts.

The five-month view tells the real story. The Q1 baseline was 84 CVEs per month. April spiked to 167, exactly double that average. May steps back to 120, which sounds like normalization until you compare it to where the year started. It is still 43% above the Q1 baseline, and two months above the old norm now sit back-to-back. What looked like a one-month shock in April is beginning to look like the new operating range.

The browser column is where the May also provides some insight. Core Windows CVEs fell 28% from April to May. But browser CVEs rose from 80 to 128, a 60% increase. The total patching workload, core plus browser, was 247 in April and 248 in May, or effectively flat. For remediation teams, May did not get easier. The mix shifted.

Google Chrome and Firefox: Browser Volumes Stay Elevated, Mozilla Moves to Weekly Releases

Browser patching tells a different story from the Microsoft core count this month. Qualys confirmed 128 Edge/Chromium CVEs patched by Microsoft earlier in May, separate from the Patch Tuesday release. April's browser total was 80. The browser side of the ledger actually increased month over month even as the core Windows count pulled back. Mozilla has accelerated from monthly to weekly Firefox security releases. Ivanti Senior Product Manager Todd Schell attributed the acceleration directly to the volume of findings coming through Glasswing-adjacent research.

Adobe: 52 CVEs Across 10 Products in May

Adobe shipped 52 CVEs across 10 advisories in May covering Premiere Pro, Media Encoder, After Effects, Commerce, Connect, Illustrator, Substance 3D Designer, Content Credentials SDK, Substance 3D Sampler, and Substance 3D. This compares to 61 CVEs across 12 products in April. No zero-days confirmed at release. ColdFusion carries a Priority 1 rating given its history as an actively targeted platform.

New This Month: AI Tooling Is Now a Patch Category

Microsoft patched spoofing and security feature bypass vulnerabilities in M365 Copilot for Desktop and Android, GitHub Copilot with Visual Studio, and Azure Machine Learning notebooks. These represent the first time AI-specific attack surface has appeared as a meaningful patch category in a standard monthly release.

The implications are practical and immediate. M365 Copilot and Azure ML are primarily cloud services patched by Microsoft without customer action. But the M365 Copilot for Desktop client, the GitHub Copilot extensions in VS Code, Visual Studio, and JetBrains, and the Azure ML SDK and notebook environments all have client-side components that require active updates. Most organisations have not yet included AI tooling in their vulnerability management scope, which means these patches are currently invisible to most exposure management programs.

What the Security Industry Is Saying

We track analyst and vendor commentary each month alongside the advisory data. Tenable, ZDI, and Rapid7 all published May 12 analysis and we use those directly below. Qualys published their May review this morning and we summarise their findings. Oracle and Mozilla structural changes are covered in the section above.

Oracle announced that beginning May 28 it will deliver a monthly Critical Security Patch Update (CSPU) in addition to its existing quarterly releases, adding a faster lane for critical issues between quarterly release dates. Oracle cited AI-driven vulnerability discovery rates as the driver. Mozilla has now been shipping weekly Firefox security updates for several weeks. Two of the largest enterprise software ecosystems in the world just restructured their patch release cadence because existing cycles are no longer fast enough for the discovery environment they are operating in.

Rapid7 — May 12, 2026 Analysis

Rapid7 identified three headline concerns in May's release: the Windows Netlogon stack-based buffer overflow at CVSS 9.8 that grants SYSTEM privileges on domain controllers with no credentials or user interaction required; the Windows DNS Client RCE exploitable by influencing DNS responses across the enterprise; and the Entra ID authentication bypass allowing an unauthorised attacker to impersonate an existing user. Rapid7 noted all three require patching in the same maintenance window without exception.

Tenable — Satnam Narang, Senior Research Engineer (May 12, 2026)

"The May 2026 Patch Tuesday Release breaks a long-standing streak as the first release in nearly two years not to include a zero-day. Every release since July 2024 has included at least one zero-day either exploited or publicly disclosed, averaging 3.5 per month across a 22-month streak." On the four critical Word RCE bugs: "These flaws could be exploited by an attacker who sends a malicious document to a target. A target doesn't need to even open the document to trigger the exploit. Exploitation is possible just by viewing a malicious document in the Preview Pane."

Qualys — May 12, 2026 Analysis

Qualys confirmed 137 CVEs in May including 128 Edge/Chromium fixes patched earlier in the month. Their analysis flagged a type confusion vulnerability in Microsoft Word allowing unauthenticated RCE, an Adobe Commerce release with 15 bugs and a deployment priority of 2, and the Adobe Connect patch covering two CVSS 9-rated vulnerabilities. Qualys noted May reinforces "the ongoing need for timely patching in an increasingly threat-heavy landscape" as volume remains structurally elevated from the pre-April baseline.

Zero Day Initiative — Dustin Childs (May 12, 2026)

"This large volume of fixes follows the largest monthly release in Microsoft's history and reflects the trend across the industry of a high number of submissions. While not all of these bugs were found by AI, it's likely they had an AI-related component." On the DNS Client RCE: "An attacker with a position to influence DNS responses, whether through a MitM position or a rogue server, could achieve unauthenticated RCE across your enterprise." On Netlogon: "a compromised domain controller is a compromised domain."

A common these here is that the gap between finding more vulnerabilities and knowing which ones matter in your specific environment does not close by adding more scanners.

The Exploitation Window Is Already Collapsing

CrowdStrike's 2026 Global Threat Report found AI-enabled adversary attacks increased 89% year over year. The fastest recorded attacker breakout time is now 27 seconds. Average is 29 minutes. Qualys's Broken Physics of Remediation report, analysing over one billion CISA KEV records across 10,000 organisations, found that 88% of critical actively weaponized vulnerabilities were remediated slower than attackers exploited them, and 63% of critical flaws were still open at Day 7 in 2025. Qualys TRU research found half of actively weaponized critical vulnerabilities were exploited before a patch was available, and Google M-Trends 2026 puts the average time-to-exploit for the most serious vulnerabilities at minus seven days.

That gap between exploitation and remediation is the operational reality for every unpatched vulnerability in the environment today.

The NVD Enrichment Gap: One Month In

We covered this in the April edition. The short version for new readers: on April 15, NIST announced the National Vulnerability Database can no longer enrich all CVEs and began prioritizing only those in the CISA KEV catalog, federal software, and EO 14028 critical software. Everything else is lowest priority. CVEs reported before March 1 that remain unenriched may never receive enrichment.

One month on, the practical consequences are becoming clearer. The daily CVE disclosure rate is running at approximately 175 per day in 2026, which is over 1,200 new CVEs entering the ecosystem every week. At that rate, the unenriched backlog is not stable and is growing. When newly disclosed CVEs arrive without enriched severity data, teams relying on NVD CVSS scores for triage have no automated signal at the moment they need it most.

The May Patch Tuesday release makes this concrete. Of the 120 core Microsoft CVEs patched today, a meaningful share will enter scanner feeds without enriched metadata for organizations whose tools depend on NVD as their primary scoring source. The same applies to Adobe's 52 CVEs and the Linux kernel advisories. This is the operating condition for vulnerability management programs right now, and it worsens every month as CVE volume stays elevated.

Sources: Jerry Gamblin 2025 CVE Data Review; NIST VulnCon26; FIRST. 263% CVE growth 2020-2025. Q1 2026 +33% above Q1 2025.

The Real Wave Has Not Hit Yet — But We Are Getting Concrete Numbers

The April spike was not primarily Mythos. Rapid7's Glasswing analysis confirmed the browser CVE spike was already in testing pipelines before the April 7 announcement. What we saw in April reflects AI-assisted vulnerability tooling broadly across the entire research community, not just Glasswing partners.

The Mythos wave is still queued. But May gave us the first concrete public data point on what that wave looks like at scale.

Mozilla disclosed that running Mythos against Firefox 150 before release found 271 vulnerabilities. Mozilla has since shifted from monthly to weekly security releases. Ivanti's Todd Schell noted this is "the beginning" of AI reshaping how the industry approaches patch management. Red Hat published a formal Glasswing FAQ confirming they are actively monitoring Mythos disclosures against RHEL and OpenShift.

VulnCheck researcher Patrick Garrity's full CVE database scan still shows only one CVE directly attributable to Glasswing: CVE-2026-4747, the FreeBSD NFS remote code execution bug. Anthropic confirmed over 99% of Mythos-found vulnerabilities remain undisclosed. The 90-day report is due in early July, putting the coordinated disclosure window approximately eight weeks out.

When the July disclosures start moving, organisations running software across Glasswing member stacks, which is essentially every enterprise, will face coordinated patch releases from multiple vendors simultaneously. Qualys SVP Shailesh Athalye framed it well: "A vulnerability found by any tool does not automatically make it a risk in your environment. A moderate-severity flaw in an exposed, unpatched internet-facing service with active exploit code in the wild very much is."

Beyond Microsoft: Linux, Apache, and Oracle Join the Surge

The Linux kernel saw its second universal local privilege escalation vulnerability in eight days this month. The first, Copy Fail, landed April 29. The second, Dirty Frag, was disclosed May 7 with a working public proof-of-concept available the same day, before major distributions had shipped patched kernels. Both allow an unprivileged local user to reach root on most Linux distributions, and security researchers confirmed Dirty Frag additionally enables container escape scenarios in unconstrained Docker and Kubernetes environments. Ubuntu, Red Hat, and AlmaLinux all published advisories within 24 hours of disclosure.

Apache HTTP Server received a significant patch for CVE-2026-23918, a double-free memory corruption flaw in the HTTP/2 protocol handling rated CVSS 8.8. The issue affects only version 2.4.66 and is confirmed to enable denial-of-service on default deployments. Researchers demonstrated Remote Code Execution (RCE) in lab conditions on Debian-packaged Apache and official Docker images. If your Apache deployments are not yet confirmed running 2.4.67, that confirmation belongs on this week's list.

Oracle announced that beginning May 28 it will issue monthly Critical Security Patch Updates (CSPUs) in addition to its existing quarterly cycle. Oracle cited AI-driven vulnerability discovery rates as the driver. For organisations running Oracle Database, Fusion Middleware, or E-Business Suite on-premises, the patching cadence they have operated under for over two decades is changing. The quarterly cycle continues, but critical patches will now also land mid-quarter.

The Instinct to Add More Scanners Is Wrong

Your scanners are built to answer one question: what vulnerabilities exist in my environment? That question just got significantly harder. But the question your team actually needs to answer is different: which of these vulnerabilities represent real, exploitable risk to my business right now, with my compensating controls in place, against my most critical assets?

Scanners do not answer that question. They surface raw findings. The gap between a scanner finding and a remediated risk passes through deduplication, context enrichment, prioritization, routing, ticketing, tracking, and validation. Every handoff is a delay. Every delay is exposure time. And the NVD enrichment pullback means the raw severity data feeding into that process is increasingly incomplete for a growing share of CVEs.

Where Brinqa Fits in This Environment

Brinqa's CyberRisk Graph™ normalizes vulnerability findings from across your scanner ecosystem including Tenable, Qualys, Rapid7, CrowdStrike, Microsoft Defender, and more, and correlates them against actual asset context, business criticality, compensating controls, and real-world exploit intelligence. That correlation is what turns raw CVE volume into actionable, prioritized risk.

• Aggregation across scanners. When April delivered 247 Microsoft CVEs and May followed with 248, Brinqa deduplicates, normalizes, and scores across both months against your specific environment rather than a generic CVSS baseline that NVD may no longer be enriching.
• Context-aware prioritization. A critical CVE on an internet-facing unpatched asset with active exploit code is not the same risk as the same CVE on an air-gapped system behind compensating controls. Brinqa knows the difference. Your scanner does not.
• Cross-scanner deduplication. When Tenable, Qualys, and CrowdStrike all flag the same vulnerability, Brinqa collapses it to a single finding with full source attribution. Three tools reporting the same CVE is not three times the risk, and it should not generate three times the tickets.
• SmartFlow-driven remediation routing. Findings route automatically to the right owners with context, SLA enforcement, and escalation. This is how you begin closing the gap where 88% of critical KEV vulnerabilities are currently remediated slower than attackers exploit them.
• Exploitation signal integration via BrinqaIQ. Your team works the vulnerabilities attackers are actually using, not the ones with the highest CVSS scores, some of which may no longer carry enriched NVD data.

Five Recommendations for your Patching Process Before July

1. Audit your scanner-to-ticket pipeline now.

If findings still require manual triage before reaching a remediation owner, that process will not hold at the volume levels we are seeing. Map every handoff and start automating the ones that do not require human judgement. The coordinated Mythos disclosure wave is not going to pause for change management approval cycles.

2. Rethink your primary metric.

Mean time to remediate is a compliance metric. The metric that maps to actual risk in this environment is Average Window of Exposure: the time between a confirmed exploitable vulnerability entering your environment and its validated closure. Most organisations cannot currently calculate that number, which is the problem worth solving before July.

3. Audit your legacy software surface.

The Linux kernel vulnerabilities patched this month date back to code introduced in 2017. Mythos has surfaced flaws that are 13, 16, and 27 years old in widely deployed production software. If your environment includes open-source components, edge infrastructure, or OT systems without a recent deep security review, the working assumption should be that undiscovered vulnerabilities exist in them.

4. Compress your emergency patch timeline.

April included unauthenticated RCE flaws rated CVSS 9.8. May has a Windows Netlogon RCE at CVSS 9.8 affecting every domain controller running a supported Windows Server version. If your change management process takes two weeks to approve an emergency patch on a Tier 1 internet-facing asset, that timeline needs to shrink to hours. Build and test that process now while it is still planned.

5. Prepare now for the July disclosure window.

Anthropic's 90-day summary report is due around July 6. When it publishes, coordinated CVE disclosures across multiple Glasswing vendors will follow. Based on Mozilla's 271 pre-release findings in Firefox alone, the July wave will likely exceed anything April delivered. The organisations that are ready will have pre-staged intake workflows, triage automation, and escalation paths already built.

April set the baseline and May confirms it was not a one-time event. Volume is elevated, the new Linux kernel flaws and Apache HTTP/2 patch reinforce this is not a Microsoft-specific story, AI tooling is now part of what gets patched every month, Oracle added a monthly patch cadence alongside quarterly for the first time, and the Mythos coordinated disclosure is approximately eight weeks out. Security teams that treat May as a quieter month relative to April are reading the wrong indicator.

We will publish the June edition on the next Patch Tuesday.

FAQs

SOURCES AND REFERENCES — UPDATED MAY 12, 2026

1. Anthropic, Claude Mythos Preview / Project Glasswing, April 7, 2026. red.anthropic.com

2. BleepingComputer: Jan 114, Feb 58, Mar 79, Apr 167, May 120 CVEs. bleepingcomputer.com/tag/patch-tuesday

3. Tenable, April 2026 Patch Tuesday — 163 CVEs, April 14, 2026. Satnam Narang: "second-biggest Patch Tuesday ever." tenable.com

4. CrowdStrike, April 2026 Patch Tuesday Analysis, April 14, 2026. crowdstrike.com

5. Rapid7, Patch Tuesday April 2026, April 14, 2026. Adam Barnett: "A safe conclusion is that this increase in volume is driven by ever-expanding AI capabilities." rapid7.com

6. Zero Day Initiative, April 2026 Security Update Review, April 14, 2026. "Our incoming rate has essentially tripled." zerodayinitiative.com

7. Qualys, The Mythos Inflection Point, Shailesh Athalye SVP, April 16, 2026. blog.qualys.com

8. IANS Research, Project Glasswing Exposes the Next Challenge for Vulnerability Management, April 13, 2026. iansresearch.com

9. BankInfoSecurity, Claude Mythos Preview Creates Early Edge for Cyber Titans, April 9, 2026. Forrester: "This will break the vulnerability management playbook." bankinfosecurity.com

10. CrowdStrike 2026 Global Threat Report. AI attacks +89% YoY; 27-second fastest breakout; 29-min avg; 42% increase in zero-days exploited pre-disclosure. crowdstrike.com

11. VulnCheck (Patrick Garrity) via The Register, Project Glasswing CVE Count Is Still Guesswork, April 15, 2026. theregister.com

12. NIST, NIST Updates NVD Operations to Address Record CVE Growth, April 15, 2026. CVE submissions +263% 2020-2025. nist.gov

13. Infosecurity Magazine, NIST Drops NVD Enrichment for Pre-March 2026 Vulnerabilities, April 15, 2026. infosecurity-magazine.com

14. Jerry Gamblin, 2025 CVE Data Review, January 1, 2026. 48,185 CVEs in 2025. jerrygamblin.com

15. VulnCheck KEV Research, The 2025 Spike in Vulnerabilities Is Not the Full Story, January 2026. 32% exploited before or within 24 hrs of disclosure. vulncheck.com

16. Internet Governance Project, AI, Project Glasswing, April 16, 2026. internetgovernance.org

17. BleepingComputer, Microsoft May 2026 Patch Tuesday Fixes 120 Flaws, No Zero-Days, May 12, 2026. bleepingcomputer.com

18. Qualys, Microsoft and Adobe Patch Tuesday May 2026 Security Update Review, May 12, 2026. 137 total Microsoft CVEs; 52 Adobe CVEs. blog.qualys.com

19. Tenable, Microsoft May 2026 Patch Tuesday Addresses 118 CVEs, May 12, 2026. tenable.com

20. Help Net Security / Ivanti (Todd Schell), May 2026 Patch Tuesday Forecast, May 8, 2026. Mozilla found 271 vulns in Firefox 150 via Mythos. helpnetsecurity.com

21. Red Hat Customer Portal, Navigating Mythos and Project Glasswing Findings, May 2026. access.redhat.com

22. CyberSecurityNews, Microsoft Patch Tuesday May 2026, May 12, 2026. cybersecuritynews.com

23. Oracle Security Blog, Accelerating Vulnerability Detection and Response at Oracle, May 2026. Monthly CSPU begins May 28. blogs.oracle.com

24. Qualys, The Broken Physics of Remediation, March 2026. 88% of critical KEVs remediated slower than exploitation; 63% open at Day 7. blog.qualys.com

25. Sysdig, Dirty Frag (CVE-2026-43284, CVE-2026-43500), May 8, 2026. sysdig.com

26. Ubuntu Security Blog, Dirty Frag Linux Vulnerability Fixes Available, May 8, 2026. ubuntu.com

27. Red Hat, RHSB-2026-003 Dirty Frag Privilege Escalation, May 2026. access.redhat.com