DURING Q1 2026, exploit kits targeting user systems expanded again, adding new exploits for the Microsoft Office platform as well as Windows and Linux operating systems. Notable new entries include CVE-2026-21509 and CVE-2026-21514, which are security feature bypass vulnerabilities that can allow malicious code to run even with Protected View enabled, and CVE-2026-21513, a vulnerability in the Internet Explorer MSHTML engine that bypasses restrictions on untrusted network sources.
These three vulnerabilities were used together in a single chain during attacks on Windows-based systems, though it is expected that the chain may be deployed individually as entry vectors in phishing campaigns. On Linux, exploits frequently detected include CVE-2022-0847 (Dirty Pipe), CVE-2019-13272, CVE-2021-22555 and CVE-2023-32233, all associated with privilege escalation or processing of network requests.
The report also notes ongoing exploitation of high-profile vulnerabilities in web applications and Office products, reinforcing the need for timely patching and robust vulnerability management. Overall, the Q1 2026 data shows continued growth in vulnerability registrations and exploit-driven attacks, with a particular emphasis on Office and web-related flaws.