Intel has published 18 new security advisories covering more than 30 vulnerabilities discovered in its products, with fixes already being distributed. The disclosure covers a broad range of Intel hardware, from consumer processors to server and embedded systems.
The highest severity problems on the list register a CVSS score of 8.7, and these both involve improper input validation, which can enable local code execution. Four advisories have an overall severity rating of high. However, the practical risk for most users remains limited by a key constraint: every vulnerability requires attackers to have physical or local access to the target system.
One high-severity advisory describes TDX vulnerabilities discovered in collaboration with Google, including a flaw that could lead to full compromise. Intel partnered with Google to conduct a security review of its Trust Domain Extensions (TDX) technology, which led to the discovery of dozens of vulnerabilities, bugs, and improvement suggestions. TDX is a hardware-based confidential computing technology designed to safeguard sensitive workloads and data in cloud and multi-tenant environments, even against a compromised hypervisor and insiders.
The other high-severity advisories describe privilege escalation issues in Server Firmware Update Utility, DoS and information disclosure flaws in Converged Security and Management Engine (CSME), and privilege escalation and DoS issues in Quick Assist Technology. Medium-severity vulnerabilities have been patched by Intel in server firmware, AI Playground software, Server System Firmware Update Utility, Memory and Storage Tool, Chipset Driver Software installers, Ethernet Adapters 800 Series Controllers, VTune Profiler, TDX, Optane Persistent Memory, Battery Life Diagnostic Tool, and other systems.
The requirement for local access materially reduces the real-world threat. Neither 8.7 severity vulnerability involves special internal knowledge and requires no user interaction, but local access to the device is needed. This means attackers cannot exploit these flaws remotely; they would require physical access to a target's computer or the ability to run code already running on the system.
For enterprise customers and individual users, mitigation is straightforward: apply the patches when they become available. The February 2026 Patch Tuesday advisories address vulnerabilities found recently in Intel and AMD products, and manufacturers are progressively releasing firmware updates. Intel recommends ensuring all security mitigations provided by Intel are applied and systems are running the latest firmware and microcode versions available.
The publication of these vulnerabilities reflects Intel's ongoing commitment to coordinated disclosure. Intel follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available. This approach balances transparency with user safety, giving manufacturers and users time to patch before details become public.