CVE-2026-23656
Insufficient verification of data authenticity in Windows App Installer allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-21517
Improper link resolution before file access ('link following') in Windows App for Mac allows an authorized attacker to elevate privileges locally.