Patch tracker / KB5094139
KB5094139
Microsoft security update released 2026-06-09. Fixes 8 CVEs.
HighCISA KEV
Download KB5094139
Get the official update for KB5094139. The download and file size for each supported product are on the Microsoft Update Catalog page.
Update summary
Released
2026-06-09
CVEs fixed
8
Max CVSS
8.8
Severity
High
Exploitation and severity
Fixes 8 CVEs. At least one is actively exploited (CISA KEV). Most severe CVSS 8.8 (High). EPSS exploit probability up to 5.6%.
Among the top half of tracked Microsoft updates by EPSS exploit probability.
What to do
Treat as urgent: it is being exploited in the wild (CISA KEV), so patch ahead of items that are not. Senserva flags whether KB5094139 is missing on your devices.
CVEs fixed by this update
Affected products
- Microsoft Exchange Server 2019 Cumulative Update 14
- Microsoft Exchange Server 2019 Cumulative Update 15
- Microsoft Exchange Server Subscription Edition RTM
See this and every Microsoft update ranked by real-world risk on the Microsoft Patch Tracker.