Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    2363 vulnerabilities found for office by microsoft

    CERTFR-2026-AVI-0868

    Vulnerability from certfr_avis - Published: 2026-07-15 - Updated: 2026-07-15

    De multiples vulnérabilités ont été découvertes dans Microsoft Office. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Microsoft Office Microsoft Office LTSC 2021 pour éditions 64 bits
    Microsoft Office Microsoft Office LTSC pour Mac 2024 versions antérieures à 16.111.26071215
    Microsoft Office Microsoft Word 2016 (édition 32 bits) versions antérieures à 16.0.5561.1000
    Microsoft Office Microsoft Office LTSC 2021 pour éditions 32 bits
    Microsoft Office Microsoft Office 365 pour Mac versions antérieures à 16.111.26071215
    Microsoft Office Microsoft Office pour Android versions antérieures à 16.0.20228.20042
    Microsoft Office Microsoft Office LTSC pour Mac 2021 versions antérieures à 16.111.26071215
    Microsoft Office Microsoft Office 2019 pour éditions 32 bits
    Microsoft Office Microsoft 365 Apps pour Enterprise pour systèmes 64 bits
    Microsoft Office Microsoft Office 2016 (édition 64 bits) versions antérieures à 16.0.5561.1000
    Microsoft Office Microsoft PowerPoint 2016 (édition 64 bits) versions antérieures à 16.0.5561.1000
    Microsoft Office Microsoft Office 2019 pour éditions 64 bits
    Microsoft Office Microsoft Office 2016 (édition 32 bits) versions antérieures à 16.0.5561.1000
    Microsoft Office Microsoft Word 2016 (édition 64 bits) versions antérieures à 16.0.5561.1000
    Microsoft Office Microsoft Office 2016 (édition 64 bits) versions antérieures à 16.0.5561.1001
    Microsoft Office Microsoft Office LTSC 2024 pour éditions 64 bits
    Microsoft Office Microsoft 365 Copilot pour Android
    Microsoft Office Microsoft Office 2016 (édition 32 bits) versions antérieures à 16.0.5561.1001
    Microsoft Office Microsoft 365 Copilot pour iOS
    Microsoft Office Microsoft 365 Copilot pour iOS versions antérieures à 2.111.4
    Microsoft Office Office Online Server versions antérieures à 16.0.10417.20175
    Microsoft Office Microsoft Excel 2016 (édition 32 bits) versions antérieures à 16.0.5561.1001
    Microsoft Office Microsoft Excel 2016 (édition 64 bits) versions antérieures à 16.0.5561.1001
    Microsoft Office Microsoft Office LTSC 2024 pour éditions 32 bits
    Microsoft Office Microsoft PowerPoint 2016 (édition 32 bits) versions antérieures à 16.0.5561.1000
    Microsoft Office Microsoft 365 Apps pour Enterprise pour systèmes 32 bits
    References
    Bulletin de sécurité Microsoft Office CVE-2026-55043 2026-07-14 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-55029 2026-07-14 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-56193 2026-07-14 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-50675 2026-07-14 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-47290 2026-07-14 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-55949 2026-07-14 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-55133 2026-07-14 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-55048 2026-07-14 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-48580 2026-07-14 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-55054 2026-07-14 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-55027 2026-07-14 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-55025 2026-07-14 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-55947 2026-07-14 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-55017 2026-07-14 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-55024 2026-07-14 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-55037 2026-07-14 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-55041 2026-07-14 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-50665 2026-07-14 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-55057 2026-07-14 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-48561 2026-07-14 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-55045 2026-07-14 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-55032 2026-07-14 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-55948 2026-07-14 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-55038 2026-07-14 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-55047 2026-07-14 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-55022 2026-07-14 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-55039 2026-07-14 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-50678 2026-07-14 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-54131 2026-07-14 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-50387 2026-07-14 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-56192 2026-07-14 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-55899 2026-07-14 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-55023 2026-07-14 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-55139 2026-07-14 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-55131 2026-07-14 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-55058 2026-07-14 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-55053 2026-07-14 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-55130 2026-07-14 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-50467 2026-07-14 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-55033 2026-07-14 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-54988 2026-07-14 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-50314 2026-07-14 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-58618 2026-07-14 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-55035 2026-07-14 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-55125 2026-07-14 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-55132 2026-07-14 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-55028 2026-07-14 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-56156 2026-07-14 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-55141 2026-07-14 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-47642 2026-07-14 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-55122 2026-07-14 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-55140 2026-07-14 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-55121 2026-07-14 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-55127 2026-07-14 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-55128 2026-07-14 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-50408 2026-07-14 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-55134 2026-07-14 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-55136 2026-07-14 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-55050 2026-07-14 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-55123 2026-07-14 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-58617 2026-07-14 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-55138 2026-07-14 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-50301 2026-07-14 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-55124 2026-07-14 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-56195 2026-07-14 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-55049 2026-07-14 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-55042 2026-07-14 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-55120 2026-07-14 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-55036 2026-07-14 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-55056 2026-07-14 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-55044 2026-07-14 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-55046 2026-07-14 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-55129 2026-07-14 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-55026 2026-07-14 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-55031 2026-07-14 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-55142 2026-07-14 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-55137 2026-07-14 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-55055 2026-07-14 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-55898 2026-07-14 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-55018 2026-07-14 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Microsoft Office LTSC 2021 pour \u00e9ditions 64 bits",
          "product": {
            "name": "Office",
            "vendor": {
              "name": "Microsoft",
              "scada": false
            }
          }
        },
        {
          "description": "Microsoft Office LTSC pour Mac 2024 versions ant\u00e9rieures \u00e0 16.111.26071215",
          "product": {
            "name": "Office",
            "vendor": {
              "name": "Microsoft",
              "scada": false
            }
          }
        },
        {
          "description": "Microsoft Word 2016 (\u00e9dition 32 bits) versions ant\u00e9rieures \u00e0 16.0.5561.1000",
          "product": {
            "name": "Office",
            "vendor": {
              "name": "Microsoft",
              "scada": false
            }
          }
        },
        {
          "description": "Microsoft Office LTSC 2021 pour \u00e9ditions 32 bits",
          "product": {
            "name": "Office",
            "vendor": {
              "name": "Microsoft",
              "scada": false
            }
          }
        },
        {
          "description": "Microsoft Office 365 pour Mac versions ant\u00e9rieures \u00e0 16.111.26071215",
          "product": {
            "name": "Office",
            "vendor": {
              "name": "Microsoft",
              "scada": false
            }
          }
        },
        {
          "description": "Microsoft Office pour Android versions ant\u00e9rieures \u00e0 16.0.20228.20042",
          "product": {
            "name": "Office",
            "vendor": {
              "name": "Microsoft",
              "scada": false
            }
          }
        },
        {
          "description": "Microsoft Office LTSC pour Mac 2021 versions ant\u00e9rieures \u00e0 16.111.26071215",
          "product": {
            "name": "Office",
            "vendor": {
              "name": "Microsoft",
              "scada": false
            }
          }
        },
        {
          "description": "Microsoft Office 2019 pour \u00e9ditions 32 bits",
          "product": {
            "name": "Office",
            "vendor": {
              "name": "Microsoft",
              "scada": false
            }
          }
        },
        {
          "description": "Microsoft 365 Apps pour Enterprise pour syst\u00e8mes 64 bits",
          "product": {
            "name": "Office",
            "vendor": {
              "name": "Microsoft",
              "scada": false
            }
          }
        },
        {
          "description": "Microsoft Office 2016 (\u00e9dition 64 bits) versions ant\u00e9rieures \u00e0 16.0.5561.1000",
          "product": {
            "name": "Office",
            "vendor": {
              "name": "Microsoft",
              "scada": false
            }
          }
        },
        {
          "description": "Microsoft PowerPoint 2016 (\u00e9dition 64 bits) versions ant\u00e9rieures \u00e0 16.0.5561.1000",
          "product": {
            "name": "Office",
            "vendor": {
              "name": "Microsoft",
              "scada": false
            }
          }
        },
        {
          "description": "Microsoft Office 2019 pour \u00e9ditions 64 bits",
          "product": {
            "name": "Office",
            "vendor": {
              "name": "Microsoft",
              "scada": false
            }
          }
        },
        {
          "description": "Microsoft Office 2016 (\u00e9dition 32 bits) versions ant\u00e9rieures \u00e0 16.0.5561.1000",
          "product": {
            "name": "Office",
            "vendor": {
              "name": "Microsoft",
              "scada": false
            }
          }
        },
        {
          "description": "Microsoft Word 2016 (\u00e9dition 64 bits) versions ant\u00e9rieures \u00e0 16.0.5561.1000",
          "product": {
            "name": "Office",
            "vendor": {
              "name": "Microsoft",
              "scada": false
            }
          }
        },
        {
          "description": "Microsoft Office 2016 (\u00e9dition 64 bits) versions ant\u00e9rieures \u00e0 16.0.5561.1001",
          "product": {
            "name": "Office",
            "vendor": {
              "name": "Microsoft",
              "scada": false
            }
          }
        },
        {
          "description": "Microsoft Office LTSC 2024 pour \u00e9ditions 64 bits",
          "product": {
            "name": "Office",
            "vendor": {
              "name": "Microsoft",
              "scada": false
            }
          }
        },
        {
          "description": "Microsoft 365 Copilot pour Android",
          "product": {
            "name": "Office",
            "vendor": {
              "name": "Microsoft",
              "scada": false
            }
          }
        },
        {
          "description": "Microsoft Office 2016 (\u00e9dition 32 bits) versions ant\u00e9rieures \u00e0 16.0.5561.1001",
          "product": {
            "name": "Office",
            "vendor": {
              "name": "Microsoft",
              "scada": false
            }
          }
        },
        {
          "description": "Microsoft 365 Copilot pour iOS",
          "product": {
            "name": "Office",
            "vendor": {
              "name": "Microsoft",
              "scada": false
            }
          }
        },
        {
          "description": "Microsoft 365 Copilot pour iOS versions ant\u00e9rieures \u00e0 2.111.4",
          "product": {
            "name": "Office",
            "vendor": {
              "name": "Microsoft",
              "scada": false
            }
          }
        },
        {
          "description": "Office Online Server versions ant\u00e9rieures \u00e0 16.0.10417.20175",
          "product": {
            "name": "Office",
            "vendor": {
              "name": "Microsoft",
              "scada": false
            }
          }
        },
        {
          "description": "Microsoft Excel 2016 (\u00e9dition 32 bits) versions ant\u00e9rieures \u00e0 16.0.5561.1001",
          "product": {
            "name": "Office",
            "vendor": {
              "name": "Microsoft",
              "scada": false
            }
          }
        },
        {
          "description": "Microsoft Excel 2016 (\u00e9dition 64 bits) versions ant\u00e9rieures \u00e0 16.0.5561.1001",
          "product": {
            "name": "Office",
            "vendor": {
              "name": "Microsoft",
              "scada": false
            }
          }
        },
        {
          "description": "Microsoft Office LTSC 2024 pour \u00e9ditions 32 bits",
          "product": {
            "name": "Office",
            "vendor": {
              "name": "Microsoft",
              "scada": false
            }
          }
        },
        {
          "description": "Microsoft PowerPoint 2016 (\u00e9dition 32 bits) versions ant\u00e9rieures \u00e0 16.0.5561.1000",
          "product": {
            "name": "Office",
            "vendor": {
              "name": "Microsoft",
              "scada": false
            }
          }
        },
        {
          "description": "Microsoft 365 Apps pour Enterprise pour syst\u00e8mes 32 bits",
          "product": {
            "name": "Office",
            "vendor": {
              "name": "Microsoft",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2026-47642",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-47642"
        },
        {
          "name": "CVE-2026-55134",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-55134"
        },
        {
          "name": "CVE-2026-50675",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-50675"
        },
        {
          "name": "CVE-2026-55037",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-55037"
        },
        {
          "name": "CVE-2026-55130",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-55130"
        },
        {
          "name": "CVE-2026-55142",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-55142"
        },
        {
          "name": "CVE-2026-56156",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-56156"
        },
        {
          "name": "CVE-2026-55033",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-55033"
        },
        {
          "name": "CVE-2026-55026",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-55026"
        },
        {
          "name": "CVE-2026-55038",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-55038"
        },
        {
          "name": "CVE-2026-48580",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-48580"
        },
        {
          "name": "CVE-2026-55057",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-55057"
        },
        {
          "name": "CVE-2026-55123",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-55123"
        },
        {
          "name": "CVE-2026-55141",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-55141"
        },
        {
          "name": "CVE-2026-54988",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-54988"
        },
        {
          "name": "CVE-2026-58617",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-58617"
        },
        {
          "name": "CVE-2026-55055",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-55055"
        },
        {
          "name": "CVE-2026-55028",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-55028"
        },
        {
          "name": "CVE-2026-55045",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-55045"
        },
        {
          "name": "CVE-2026-55042",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-55042"
        },
        {
          "name": "CVE-2026-55136",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-55136"
        },
        {
          "name": "CVE-2026-55035",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-55035"
        },
        {
          "name": "CVE-2026-55024",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-55024"
        },
        {
          "name": "CVE-2026-55039",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-55039"
        },
        {
          "name": "CVE-2026-55036",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-55036"
        },
        {
          "name": "CVE-2026-50314",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-50314"
        },
        {
          "name": "CVE-2026-55049",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-55049"
        },
        {
          "name": "CVE-2026-50665",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-50665"
        },
        {
          "name": "CVE-2026-47290",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-47290"
        },
        {
          "name": "CVE-2026-55044",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-55044"
        },
        {
          "name": "CVE-2026-55018",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-55018"
        },
        {
          "name": "CVE-2026-50408",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-50408"
        },
        {
          "name": "CVE-2026-55140",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-55140"
        },
        {
          "name": "CVE-2026-55899",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-55899"
        },
        {
          "name": "CVE-2026-55046",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-55046"
        },
        {
          "name": "CVE-2026-50467",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-50467"
        },
        {
          "name": "CVE-2026-55047",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-55047"
        },
        {
          "name": "CVE-2026-55128",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-55128"
        },
        {
          "name": "CVE-2026-55031",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-55031"
        },
        {
          "name": "CVE-2026-55029",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-55029"
        },
        {
          "name": "CVE-2026-55048",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-55048"
        },
        {
          "name": "CVE-2026-55139",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-55139"
        },
        {
          "name": "CVE-2026-55053",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-55053"
        },
        {
          "name": "CVE-2026-55027",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-55027"
        },
        {
          "name": "CVE-2026-55032",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-55032"
        },
        {
          "name": "CVE-2026-55133",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-55133"
        },
        {
          "name": "CVE-2026-55022",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-55022"
        },
        {
          "name": "CVE-2026-58618",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-58618"
        },
        {
          "name": "CVE-2026-55043",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-55043"
        },
        {
          "name": "CVE-2026-55041",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-55041"
        },
        {
          "name": "CVE-2026-55050",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-55050"
        },
        {
          "name": "CVE-2026-55137",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-55137"
        },
        {
          "name": "CVE-2026-55124",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-55124"
        },
        {
          "name": "CVE-2026-54131",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-54131"
        },
        {
          "name": "CVE-2026-50678",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-50678"
        },
        {
          "name": "CVE-2026-55054",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-55054"
        },
        {
          "name": "CVE-2026-48561",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-48561"
        },
        {
          "name": "CVE-2026-55947",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-55947"
        },
        {
          "name": "CVE-2026-55127",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-55127"
        },
        {
          "name": "CVE-2026-55017",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-55017"
        },
        {
          "name": "CVE-2026-55121",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-55121"
        },
        {
          "name": "CVE-2026-56192",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-56192"
        },
        {
          "name": "CVE-2026-50301",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-50301"
        },
        {
          "name": "CVE-2026-55948",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-55948"
        },
        {
          "name": "CVE-2026-55132",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-55132"
        },
        {
          "name": "CVE-2026-55125",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-55125"
        },
        {
          "name": "CVE-2026-56193",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-56193"
        },
        {
          "name": "CVE-2026-55120",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-55120"
        },
        {
          "name": "CVE-2026-55023",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-55023"
        },
        {
          "name": "CVE-2026-56195",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-56195"
        },
        {
          "name": "CVE-2026-55131",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-55131"
        },
        {
          "name": "CVE-2026-55025",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-55025"
        },
        {
          "name": "CVE-2026-55056",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-55056"
        },
        {
          "name": "CVE-2026-50387",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-50387"
        },
        {
          "name": "CVE-2026-55949",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-55949"
        },
        {
          "name": "CVE-2026-55122",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-55122"
        },
        {
          "name": "CVE-2026-55898",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-55898"
        },
        {
          "name": "CVE-2026-55129",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-55129"
        },
        {
          "name": "CVE-2026-55058",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-55058"
        },
        {
          "name": "CVE-2026-55138",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-55138"
        }
      ],
      "initial_release_date": "2026-07-15T00:00:00",
      "last_revision_date": "2026-07-15T00:00:00",
      "links": [],
      "reference": "CERTFR-2026-AVI-0868",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2026-07-15T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        },
        {
          "description": "\u00c9l\u00e9vation de privil\u00e8ges"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Office. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Office",
      "vendor_advisories": [
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-55043",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55043"
        },
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-55029",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55029"
        },
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-56193",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-56193"
        },
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-50675",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50675"
        },
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-47290",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47290"
        },
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-55949",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55949"
        },
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-55133",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55133"
        },
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-55048",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55048"
        },
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-48580",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48580"
        },
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-55054",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55054"
        },
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-55027",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55027"
        },
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-55025",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55025"
        },
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-55947",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55947"
        },
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-55017",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55017"
        },
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-55024",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55024"
        },
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-55037",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55037"
        },
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-55041",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55041"
        },
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-50665",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50665"
        },
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-55057",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55057"
        },
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-48561",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48561"
        },
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-55045",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55045"
        },
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-55032",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55032"
        },
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-55948",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55948"
        },
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-55038",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55038"
        },
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-55047",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55047"
        },
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-55022",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55022"
        },
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-55039",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55039"
        },
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-50678",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50678"
        },
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-54131",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-54131"
        },
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-50387",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50387"
        },
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-56192",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-56192"
        },
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-55899",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55899"
        },
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-55023",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55023"
        },
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-55139",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55139"
        },
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-55131",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55131"
        },
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-55058",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55058"
        },
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-55053",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55053"
        },
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-55130",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55130"
        },
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-50467",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50467"
        },
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-55033",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55033"
        },
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-54988",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-54988"
        },
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-50314",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50314"
        },
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-58618",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-58618"
        },
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-55035",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55035"
        },
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-55125",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55125"
        },
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-55132",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55132"
        },
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-55028",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55028"
        },
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-56156",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-56156"
        },
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-55141",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55141"
        },
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-47642",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47642"
        },
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-55122",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55122"
        },
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-55140",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55140"
        },
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-55121",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55121"
        },
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-55127",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55127"
        },
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-55128",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55128"
        },
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-50408",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50408"
        },
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-55134",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55134"
        },
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-55136",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55136"
        },
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-55050",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55050"
        },
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-55123",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55123"
        },
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-58617",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-58617"
        },
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-55138",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55138"
        },
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-50301",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50301"
        },
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-55124",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55124"
        },
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-56195",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-56195"
        },
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-55049",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55049"
        },
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-55042",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55042"
        },
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-55120",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55120"
        },
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-55036",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55036"
        },
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-55056",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55056"
        },
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-55044",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55044"
        },
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-55046",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55046"
        },
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-55129",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55129"
        },
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-55026",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55026"
        },
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-55031",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55031"
        },
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-55142",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55142"
        },
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-55137",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55137"
        },
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-55055",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55055"
        },
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-55898",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55898"
        },
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-55018",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55018"
        }
      ]
    }

    CERTFR-2026-AVI-0727

    Vulnerability from certfr_avis - Published: 2026-06-10 - Updated: 2026-06-10

    De multiples vulnérabilités ont été découvertes dans Microsoft Office. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Microsoft Office Microsoft Office pour Android
    Microsoft Office Microsoft Word 2016 (édition 32 bits) versions antérieures à 16.0.5556.1000
    Microsoft Office Microsoft Office LTSC 2021 pour éditions 64 bits
    Microsoft Office Microsoft Excel 2016 (édition 32 bits) versions antérieures à 16.0.5556.1001
    Microsoft Office Microsoft Office 2016 (édition 64 bits) versions antérieures à 16.0.5556.1001
    Microsoft Office Microsoft Office 365 pour Mac
    Microsoft Office Microsoft Office LTSC 2021 pour éditions 32 bits
    Microsoft Office Microsoft Office 2019 pour éditions 32 bits
    Microsoft Office Microsoft Word pour Android
    Microsoft Office Microsoft 365 Apps pour Enterprise pour systèmes 64 bits
    Microsoft Office Microsoft Office LTSC pour Mac 2024
    Microsoft Office Microsoft Excel pour Android
    Microsoft Office Microsoft Office 2019 pour éditions 64 bits
    Microsoft Office Microsoft Office LTSC pour Mac 2021
    Microsoft Office Microsoft PowerPoint pour Android
    Microsoft Office Microsoft Word 2016 (édition 64 bits) versions antérieures à 16.0.5556.1000
    Microsoft Office Microsoft Office LTSC 2024 pour éditions 64 bits
    Microsoft Office Microsoft Office 2016 (édition 32 bits) versions antérieures à 16.0.5556.1001
    Microsoft Office Office Online Server versions antérieures à 16.0.10417.20137
    Microsoft Office Microsoft Office 2016 (édition 64 bits) versions antérieures à 16.0.5556.1005
    Microsoft Office Microsoft Excel 2016 (édition 64 bits) versions antérieures à 16.0.5556.1001
    Microsoft Office Microsoft Office LTSC 2024 pour éditions 32 bits
    Microsoft Office Microsoft 365 Apps pour Enterprise pour systèmes 32 bits
    Microsoft Office Microsoft Office 2016 (édition 32 bits) versions antérieures à 16.0.5556.1005
    References
    Bulletin de sécurité Microsoft Office CVE-2026-45471 2026-06-09 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-45643 2026-06-09 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-44817 2026-06-09 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-44824 2026-06-09 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-45461 2026-06-09 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-44821 2026-06-09 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-45469 2026-06-09 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-45485 2026-06-09 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-45460 2026-06-09 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-45475 2026-06-09 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-45645 2026-06-09 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-45463 2026-06-09 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-44820 2026-06-09 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-44819 2026-06-09 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-45456 2026-06-09 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-47293 2026-06-09 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-45472 2026-06-09 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-45457 2026-06-09 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-45455 2026-06-09 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-47635 2026-06-09 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-45649 2026-06-09 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-44812 2026-06-09 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-45459 2026-06-09 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-45486 2026-06-09 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-45474 2026-06-09 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-44818 2026-06-09 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-44803 2026-06-09 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-44822 2026-06-09 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-45458 2026-06-09 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-45466 2026-06-09 vendor-advisory
    Bulletin de sécurité Microsoft Office CVE-2026-44823 2026-06-09 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Microsoft Office pour Android",
          "product": {
            "name": "Office",
            "vendor": {
              "name": "Microsoft",
              "scada": false
            }
          }
        },
        {
          "description": "Microsoft Word 2016 (\u00e9dition 32 bits) versions ant\u00e9rieures \u00e0 16.0.5556.1000",
          "product": {
            "name": "Office",
            "vendor": {
              "name": "Microsoft",
              "scada": false
            }
          }
        },
        {
          "description": "Microsoft Office LTSC 2021 pour \u00e9ditions 64 bits",
          "product": {
            "name": "Office",
            "vendor": {
              "name": "Microsoft",
              "scada": false
            }
          }
        },
        {
          "description": "Microsoft Excel 2016 (\u00e9dition 32 bits) versions ant\u00e9rieures \u00e0 16.0.5556.1001",
          "product": {
            "name": "Office",
            "vendor": {
              "name": "Microsoft",
              "scada": false
            }
          }
        },
        {
          "description": "Microsoft Office 2016 (\u00e9dition 64 bits) versions ant\u00e9rieures \u00e0 16.0.5556.1001",
          "product": {
            "name": "Office",
            "vendor": {
              "name": "Microsoft",
              "scada": false
            }
          }
        },
        {
          "description": "Microsoft Office 365 pour Mac",
          "product": {
            "name": "Office",
            "vendor": {
              "name": "Microsoft",
              "scada": false
            }
          }
        },
        {
          "description": "Microsoft Office LTSC 2021 pour \u00e9ditions 32 bits",
          "product": {
            "name": "Office",
            "vendor": {
              "name": "Microsoft",
              "scada": false
            }
          }
        },
        {
          "description": "Microsoft Office 2019 pour \u00e9ditions 32 bits",
          "product": {
            "name": "Office",
            "vendor": {
              "name": "Microsoft",
              "scada": false
            }
          }
        },
        {
          "description": "Microsoft Word pour Android",
          "product": {
            "name": "Office",
            "vendor": {
              "name": "Microsoft",
              "scada": false
            }
          }
        },
        {
          "description": "Microsoft 365 Apps pour Enterprise pour syst\u00e8mes 64 bits",
          "product": {
            "name": "Office",
            "vendor": {
              "name": "Microsoft",
              "scada": false
            }
          }
        },
        {
          "description": "Microsoft Office LTSC pour Mac 2024",
          "product": {
            "name": "Office",
            "vendor": {
              "name": "Microsoft",
              "scada": false
            }
          }
        },
        {
          "description": "Microsoft Excel pour Android",
          "product": {
            "name": "Office",
            "vendor": {
              "name": "Microsoft",
              "scada": false
            }
          }
        },
        {
          "description": "Microsoft Office 2019 pour \u00e9ditions 64 bits",
          "product": {
            "name": "Office",
            "vendor": {
              "name": "Microsoft",
              "scada": false
            }
          }
        },
        {
          "description": "Microsoft Office LTSC pour Mac 2021",
          "product": {
            "name": "Office",
            "vendor": {
              "name": "Microsoft",
              "scada": false
            }
          }
        },
        {
          "description": "Microsoft PowerPoint pour Android",
          "product": {
            "name": "Office",
            "vendor": {
              "name": "Microsoft",
              "scada": false
            }
          }
        },
        {
          "description": "Microsoft Word 2016 (\u00e9dition 64 bits) versions ant\u00e9rieures \u00e0 16.0.5556.1000",
          "product": {
            "name": "Office",
            "vendor": {
              "name": "Microsoft",
              "scada": false
            }
          }
        },
        {
          "description": "Microsoft Office LTSC 2024 pour \u00e9ditions 64 bits",
          "product": {
            "name": "Office",
            "vendor": {
              "name": "Microsoft",
              "scada": false
            }
          }
        },
        {
          "description": "Microsoft Office 2016 (\u00e9dition 32 bits) versions ant\u00e9rieures \u00e0 16.0.5556.1001",
          "product": {
            "name": "Office",
            "vendor": {
              "name": "Microsoft",
              "scada": false
            }
          }
        },
        {
          "description": "Office Online Server versions ant\u00e9rieures \u00e0 16.0.10417.20137",
          "product": {
            "name": "Office",
            "vendor": {
              "name": "Microsoft",
              "scada": false
            }
          }
        },
        {
          "description": "Microsoft Office 2016 (\u00e9dition 64 bits) versions ant\u00e9rieures \u00e0 16.0.5556.1005",
          "product": {
            "name": "Office",
            "vendor": {
              "name": "Microsoft",
              "scada": false
            }
          }
        },
        {
          "description": "Microsoft Excel 2016 (\u00e9dition 64 bits) versions ant\u00e9rieures \u00e0 16.0.5556.1001",
          "product": {
            "name": "Office",
            "vendor": {
              "name": "Microsoft",
              "scada": false
            }
          }
        },
        {
          "description": "Microsoft Office LTSC 2024 pour \u00e9ditions 32 bits",
          "product": {
            "name": "Office",
            "vendor": {
              "name": "Microsoft",
              "scada": false
            }
          }
        },
        {
          "description": "Microsoft 365 Apps pour Enterprise pour syst\u00e8mes 32 bits",
          "product": {
            "name": "Office",
            "vendor": {
              "name": "Microsoft",
              "scada": false
            }
          }
        },
        {
          "description": "Microsoft Office 2016 (\u00e9dition 32 bits) versions ant\u00e9rieures \u00e0 16.0.5556.1005",
          "product": {
            "name": "Office",
            "vendor": {
              "name": "Microsoft",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2026-45457",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45457"
        },
        {
          "name": "CVE-2026-44803",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-44803"
        },
        {
          "name": "CVE-2026-45472",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45472"
        },
        {
          "name": "CVE-2026-45463",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45463"
        },
        {
          "name": "CVE-2026-45645",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45645"
        },
        {
          "name": "CVE-2026-45649",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45649"
        },
        {
          "name": "CVE-2026-44812",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-44812"
        },
        {
          "name": "CVE-2026-44822",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-44822"
        },
        {
          "name": "CVE-2026-44817",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-44817"
        },
        {
          "name": "CVE-2026-45474",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45474"
        },
        {
          "name": "CVE-2026-45643",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45643"
        },
        {
          "name": "CVE-2026-45461",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45461"
        },
        {
          "name": "CVE-2026-44823",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-44823"
        },
        {
          "name": "CVE-2026-44820",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-44820"
        },
        {
          "name": "CVE-2026-45458",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45458"
        },
        {
          "name": "CVE-2026-44819",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-44819"
        },
        {
          "name": "CVE-2026-44821",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-44821"
        },
        {
          "name": "CVE-2026-45455",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45455"
        },
        {
          "name": "CVE-2026-45469",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45469"
        },
        {
          "name": "CVE-2026-45485",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45485"
        },
        {
          "name": "CVE-2026-47635",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-47635"
        },
        {
          "name": "CVE-2026-45466",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45466"
        },
        {
          "name": "CVE-2026-45456",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45456"
        },
        {
          "name": "CVE-2026-45486",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45486"
        },
        {
          "name": "CVE-2026-45471",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45471"
        },
        {
          "name": "CVE-2026-45459",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45459"
        },
        {
          "name": "CVE-2026-47293",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-47293"
        },
        {
          "name": "CVE-2026-44824",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-44824"
        },
        {
          "name": "CVE-2026-44818",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-44818"
        },
        {
          "name": "CVE-2026-45460",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45460"
        },
        {
          "name": "CVE-2026-45475",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45475"
        }
      ],
      "initial_release_date": "2026-06-10T00:00:00",
      "last_revision_date": "2026-06-10T00:00:00",
      "links": [],
      "reference": "CERTFR-2026-AVI-0727",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2026-06-10T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        },
        {
          "description": "\u00c9l\u00e9vation de privil\u00e8ges"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Office. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Office",
      "vendor_advisories": [
        {
          "published_at": "2026-06-09",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-45471",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45471"
        },
        {
          "published_at": "2026-06-09",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-45643",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45643"
        },
        {
          "published_at": "2026-06-09",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-44817",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-44817"
        },
        {
          "published_at": "2026-06-09",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-44824",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-44824"
        },
        {
          "published_at": "2026-06-09",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-45461",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45461"
        },
        {
          "published_at": "2026-06-09",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-44821",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-44821"
        },
        {
          "published_at": "2026-06-09",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-45469",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45469"
        },
        {
          "published_at": "2026-06-09",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-45485",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45485"
        },
        {
          "published_at": "2026-06-09",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-45460",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45460"
        },
        {
          "published_at": "2026-06-09",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-45475",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45475"
        },
        {
          "published_at": "2026-06-09",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-45645",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45645"
        },
        {
          "published_at": "2026-06-09",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-45463",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45463"
        },
        {
          "published_at": "2026-06-09",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-44820",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-44820"
        },
        {
          "published_at": "2026-06-09",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-44819",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-44819"
        },
        {
          "published_at": "2026-06-09",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-45456",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45456"
        },
        {
          "published_at": "2026-06-09",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-47293",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47293"
        },
        {
          "published_at": "2026-06-09",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-45472",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45472"
        },
        {
          "published_at": "2026-06-09",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-45457",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45457"
        },
        {
          "published_at": "2026-06-09",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-45455",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45455"
        },
        {
          "published_at": "2026-06-09",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-47635",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47635"
        },
        {
          "published_at": "2026-06-09",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-45649",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45649"
        },
        {
          "published_at": "2026-06-09",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-44812",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-44812"
        },
        {
          "published_at": "2026-06-09",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-45459",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45459"
        },
        {
          "published_at": "2026-06-09",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-45486",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45486"
        },
        {
          "published_at": "2026-06-09",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-45474",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45474"
        },
        {
          "published_at": "2026-06-09",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-44818",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-44818"
        },
        {
          "published_at": "2026-06-09",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-44803",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-44803"
        },
        {
          "published_at": "2026-06-09",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-44822",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-44822"
        },
        {
          "published_at": "2026-06-09",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-45458",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45458"
        },
        {
          "published_at": "2026-06-09",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-45466",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45466"
        },
        {
          "published_at": "2026-06-09",
          "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-44823",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-44823"
        }
      ]
    }

    CVE-2026-55121 (GCVE-0-2026-55121)

    Vulnerability from nvd – Published: 2026-07-14 17:10 – Updated: 2026-07-17 21:34
    VLAI
    Title
    Microsoft Office Information Disclosure Vulnerability
    Summary
    Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft 365 Apps for Enterprise Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2016 Affected: 16.0.0 , < 16.0.5561.1000 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2019 Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 365 for Mac Affected: 1.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2021 Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2024 Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2021 Affected: 16.0.1 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2024 Affected: 16.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft SharePoint Enterprise Server 2016 Affected: 16.0.0 , < 16.0.5561.1001 (custom)
    Create a notification for this product.
    Microsoft Microsoft SharePoint Server 2019 Affected: 16.0.0 , < 16.0.10417.20175 (custom)
    Create a notification for this product.
    Microsoft Microsoft SharePoint Server Subscription Edition Affected: 16.0.0 , < 16.0.19725.20434 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55121",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T17:46:06.794813Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T17:46:13.578Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft 365 Apps for Enterprise",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1000",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office 365 for Mac",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Enterprise Server 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1001",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.10417.20175",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Server Subscription Edition",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.19725.20434",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_365:*:*:*:*:*:macos:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server_2016:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "16.0.5561.1001",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.0.10417.20175",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*",
                      "versionEndExcluding": "16.0.19725.20434",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2016:*:*:*:*:*:*:x86:*",
                      "versionEndExcluding": "16.0.5561.1000",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125: Out-of-bounds Read",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T21:34:16.128Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Office Information Disclosure Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55121"
            }
          ],
          "title": "Microsoft Office Information Disclosure Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-55121",
        "datePublished": "2026-07-14T17:10:17.586Z",
        "dateReserved": "2026-06-16T15:03:49.680Z",
        "dateUpdated": "2026-07-17T21:34:16.128Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55120 (GCVE-0-2026-55120)

    Vulnerability from nvd – Published: 2026-07-14 17:09 – Updated: 2026-07-17 21:32
    VLAI
    Title
    Microsoft PowerPoint Remote Code Execution Vulnerability
    Summary
    Heap-based buffer overflow in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft 365 Apps for Enterprise Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2019 Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 365 for Mac Affected: 1.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2021 Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2024 Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2021 Affected: 16.0.1 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2024 Affected: 16.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft PowerPoint 2016 Affected: 16.0.0 , < 16.0.5561.1000 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55120",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-13T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T03:57:25.886Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft 365 Apps for Enterprise",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office 365 for Mac",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft PowerPoint 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1000",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:powerpoint_2016:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.0.5561.1000",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_365:*:*:*:*:*:macos:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Heap-based buffer overflow in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T21:32:59.328Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft PowerPoint Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55120"
            }
          ],
          "title": "Microsoft PowerPoint Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-55120",
        "datePublished": "2026-07-14T17:09:06.338Z",
        "dateReserved": "2026-06-16T15:03:49.680Z",
        "dateUpdated": "2026-07-17T21:32:59.328Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55054 (GCVE-0-2026-55054)

    Vulnerability from nvd – Published: 2026-07-14 17:08 – Updated: 2026-07-17 21:32
    VLAI
    Title
    Microsoft Excel Information Disclosure Vulnerability
    Summary
    Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft 365 Apps for Enterprise Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Excel 2016 Affected: 16.0.0.0 , < 16.0.5561.1001 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2019 Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 365 for Mac Affected: 1.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2021 Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2024 Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2021 Affected: 16.0.1 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2024 Affected: 16.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Office Online Server Affected: 16.0.0.0 , < 16.0.10417.20175 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55054",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T18:09:32.805040Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T18:09:46.209Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft 365 Apps for Enterprise",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Excel 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1001",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office 365 for Mac",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Office Online Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.10417.20175",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:ltsc:*:*:*",
                      "versionEndExcluding": "16.0.10417.20175",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:excel_2016:*:*:*:*:*:*:x86:*",
                      "versionEndExcluding": "16.0.5561.1001",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_365:*:*:*:*:*:macos:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125: Out-of-bounds Read",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T21:32:46.145Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Excel Information Disclosure Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55054"
            }
          ],
          "title": "Microsoft Excel Information Disclosure Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-55054",
        "datePublished": "2026-07-14T17:08:52.994Z",
        "dateReserved": "2026-06-16T14:13:49.836Z",
        "dateUpdated": "2026-07-17T21:32:46.145Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-47293 (GCVE-0-2026-47293)

    Vulnerability from nvd – Published: 2026-06-09 17:05 – Updated: 2026-07-15 20:10
    VLAI
    Title
    Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
    Summary
    Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft 365 Apps for Enterprise Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2019 Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2021 Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2024 Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Date Public
    2026-06-09 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-47293",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-10T03:56:39.788489Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-10T10:16:14.056Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft 365 Apps for Enterprise",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-06-09T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416: Use After Free",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T20:10:05.249Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Office Click-To-Run Elevation of Privilege Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47293"
            }
          ],
          "title": "Microsoft Office Click-To-Run Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-47293",
        "datePublished": "2026-06-09T17:05:47.133Z",
        "dateReserved": "2026-05-18T23:53:33.897Z",
        "dateUpdated": "2026-07-15T20:10:05.249Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-42832 (GCVE-0-2026-42832)

    Vulnerability from nvd – Published: 2026-05-12 16:59 – Updated: 2026-06-19 16:13
    VLAI
    Title
    Microsoft Office Spoofing Vulnerability
    Summary
    Improper access control in Microsoft Office allows an unauthorized attacker to perform spoofing locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft Excel for Android Affected: 16.0.0.0 , < 16.0.19822.20190 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2021 Affected: 16.0.1 , < 16.109.26051019 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2024 Affected: 16.0.0 , < 16.109.26051019 (custom)
    Create a notification for this product.
    Microsoft Microsoft Word for Android Affected: 16.0.0.0 , < 16.0.19822.20190 (custom)
    Create a notification for this product.
    Date Public
    2026-05-12 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-42832",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T18:54:19.688774Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T18:54:35.971Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Excel for Android",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.19822.20190",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.109.26051019",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.109.26051019",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Word for Android",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.19822.20190",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:word:*:*:*:*:*:android:*:*",
                      "versionEndExcluding": "16.0.19822.20190",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:excel:*:*:*:*:*:android:*:*",
                      "versionEndExcluding": "16.0.19822.20190",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.109.26051019",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.109.26051019",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-05-12T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Improper access control in Microsoft Office allows an unauthorized attacker to perform spoofing locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284: Improper Access Control",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-19T16:13:04.529Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Office Spoofing Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42832"
            }
          ],
          "title": "Microsoft Office Spoofing Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-42832",
        "datePublished": "2026-05-12T16:59:34.810Z",
        "dateReserved": "2026-04-30T14:51:12.703Z",
        "dateUpdated": "2026-06-19T16:13:04.529Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-42831 (GCVE-0-2026-42831)

    Vulnerability from nvd – Published: 2026-05-12 16:59 – Updated: 2026-06-19 16:12
    VLAI
    Title
    Microsoft Office Remote Code Execution Vulnerability
    Summary
    Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft Office for Android Affected: 16.0.1 , < 16.0.19822.20190 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2021 Affected: 16.0.1 , < 16.109.26051019 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2024 Affected: 16.0.0 , < 16.109.26051019 (custom)
    Create a notification for this product.
    Date Public
    2026-05-12 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-42831",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-13T03:56:52.720107Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T10:07:43.828Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Office for Android",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.19822.20190",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.109.26051019",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.109.26051019",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.109.26051019",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office:*:*:android:*:*:*:*:*",
                      "versionEndExcluding": "16.0.19822.20190",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.109.26051019",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-05-12T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-19T16:12:34.801Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Office Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42831"
            }
          ],
          "title": "Microsoft Office Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-42831",
        "datePublished": "2026-05-12T16:59:01.000Z",
        "dateReserved": "2026-04-30T14:51:12.703Z",
        "dateUpdated": "2026-06-19T16:12:34.801Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-40421 (GCVE-0-2026-40421)

    Vulnerability from nvd – Published: 2026-05-12 16:58 – Updated: 2026-06-19 16:12
    VLAI
    Title
    Microsoft Word Information Disclosure Vulnerability
    Summary
    Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-73 - External Control of File Name or Path
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft 365 Apps for Enterprise Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2019 Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2021 Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2024 Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Word 2016 Affected: 16.0.1 , < 16.0.5552.1000 (custom)
    Create a notification for this product.
    Date Public
    2026-05-12 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-40421",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-13T19:25:18.344080Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T19:32:43.499Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft 365 Apps for Enterprise",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Word 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5552.1000",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:word_2016:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.0.5552.1000",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-05-12T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-73",
                  "description": "CWE-73: External Control of File Name or Path",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-19T16:12:25.644Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Word Information Disclosure Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40421"
            }
          ],
          "title": "Microsoft Word Information Disclosure Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-40421",
        "datePublished": "2026-05-12T16:58:48.710Z",
        "dateReserved": "2026-04-13T00:27:50.799Z",
        "dateUpdated": "2026-06-19T16:12:25.644Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-40420 (GCVE-0-2026-40420)

    Vulnerability from nvd – Published: 2026-05-12 16:59 – Updated: 2026-06-19 16:13
    VLAI
    Title
    Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
    Summary
    Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft 365 Apps for Enterprise Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2019 Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2021 Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2024 Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Date Public
    2026-05-12 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-40420",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-07T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T03:56:54.169Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft 365 Apps for Enterprise",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-05-12T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284: Improper Access Control",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-19T16:13:00.179Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Office Click-To-Run Elevation of Privilege Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40420"
            }
          ],
          "title": "Microsoft Office Click-To-Run Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-40420",
        "datePublished": "2026-05-12T16:59:29.493Z",
        "dateReserved": "2026-04-13T00:27:50.799Z",
        "dateUpdated": "2026-06-19T16:13:00.179Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-40419 (GCVE-0-2026-40419)

    Vulnerability from nvd – Published: 2026-05-12 16:58 – Updated: 2026-06-19 16:12
    VLAI
    Title
    Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
    Summary
    Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft 365 Apps for Enterprise Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2019 Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2021 Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2024 Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Date Public
    2026-05-12 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-40419",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-13T03:56:47.386295Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T10:10:43.506Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft 365 Apps for Enterprise",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-05-12T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416: Use After Free",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-19T16:12:25.034Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Office Click-To-Run Elevation of Privilege Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40419"
            }
          ],
          "title": "Microsoft Office Click-To-Run Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-40419",
        "datePublished": "2026-05-12T16:58:48.082Z",
        "dateReserved": "2026-04-13T00:27:50.799Z",
        "dateUpdated": "2026-06-19T16:12:25.034Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-40418 (GCVE-0-2026-40418)

    Vulnerability from nvd – Published: 2026-05-12 16:59 – Updated: 2026-06-19 16:12
    VLAI
    Title
    Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
    Summary
    Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft 365 Apps for Enterprise Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2019 Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2021 Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2024 Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Date Public
    2026-05-12 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-40418",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-13T03:56:58.220346Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T10:02:24.988Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft 365 Apps for Enterprise",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-05-12T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416: Use After Free",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-19T16:12:59.110Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Office Click-To-Run Elevation of Privilege Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40418"
            }
          ],
          "title": "Microsoft Office Click-To-Run Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-40418",
        "datePublished": "2026-05-12T16:59:27.930Z",
        "dateReserved": "2026-04-13T00:27:50.799Z",
        "dateUpdated": "2026-06-19T16:12:59.110Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-40367 (GCVE-0-2026-40367)

    Vulnerability from nvd – Published: 2026-05-12 16:59 – Updated: 2026-06-19 16:12
    VLAI
    Title
    Microsoft Word Remote Code Execution Vulnerability
    Summary
    Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-822 - Untrusted Pointer Dereference
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft 365 Apps for Enterprise Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2019 Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2021 Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2024 Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2021 Affected: 16.0.1 , < 16.109.26051019 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2024 Affected: 16.0.0 , < 16.109.26051019 (custom)
    Create a notification for this product.
    Microsoft Microsoft SharePoint Enterprise Server 2016 Affected: 16.0.0 , < 16.0.5552.1002 (custom)
    Create a notification for this product.
    Microsoft Microsoft SharePoint Server 2019 Affected: 16.0.0 , < 16.0.10417.20128 (custom)
    Create a notification for this product.
    Microsoft Microsoft SharePoint Server Subscription Edition Affected: 16.0.0 , < 16.0.19725.20280 (custom)
    Create a notification for this product.
    Microsoft Microsoft Word 2016 Affected: 16.0.1 , < 16.0.5552.1000 (custom)
    Create a notification for this product.
    Date Public
    2026-05-12 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-40367",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-07T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T03:57:29.865Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft 365 Apps for Enterprise",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.109.26051019",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.109.26051019",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Enterprise Server 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5552.1002",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.10417.20128",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Server Subscription Edition",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.19725.20280",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Word 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5552.1000",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server_2016:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "16.0.5552.1002",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.0.10417.20128",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.109.26051019",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*",
                      "versionEndExcluding": "16.0.19725.20280",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.109.26051019",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:word_2016:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.0.5552.1000",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-05-12T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Access of resource using incompatible type (\u0027type confusion\u0027) in Microsoft Office Word allows an unauthorized attacker to execute code locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-822",
                  "description": "CWE-822: Untrusted Pointer Dereference",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-19T16:12:52.663Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Word Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40367"
            }
          ],
          "title": "Microsoft Word Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-40367",
        "datePublished": "2026-05-12T16:59:20.388Z",
        "dateReserved": "2026-04-11T23:06:15.614Z",
        "dateUpdated": "2026-06-19T16:12:52.663Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-40366 (GCVE-0-2026-40366)

    Vulnerability from nvd – Published: 2026-05-12 16:58 – Updated: 2026-06-19 16:12
    VLAI
    Title
    Microsoft Word Remote Code Execution Vulnerability
    Summary
    Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft 365 Apps for Enterprise Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2019 Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2021 Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2024 Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2021 Affected: 16.0.1 , < 16.109.26051019 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2024 Affected: 16.0.0 , < 16.109.26051019 (custom)
    Create a notification for this product.
    Microsoft Microsoft Word 2016 Affected: 16.0.1 , < 16.0.5552.1000 (custom)
    Create a notification for this product.
    Date Public
    2026-05-12 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-40366",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-13T03:57:28.439839Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T10:12:47.107Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft 365 Apps for Enterprise",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.109.26051019",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.109.26051019",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Word 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5552.1000",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.109.26051019",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.109.26051019",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:word_2016:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.0.5552.1000",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-05-12T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Access of resource using incompatible type (\u0027type confusion\u0027) in Microsoft Office Word allows an unauthorized attacker to execute code locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416: Use After Free",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-19T16:12:17.563Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Word Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40366"
            }
          ],
          "title": "Microsoft Word Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-40366",
        "datePublished": "2026-05-12T16:58:38.928Z",
        "dateReserved": "2026-04-11T23:06:15.614Z",
        "dateUpdated": "2026-06-19T16:12:17.563Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-40364 (GCVE-0-2026-40364)

    Vulnerability from nvd – Published: 2026-05-12 16:58 – Updated: 2026-06-19 16:12
    VLAI
    Title
    Microsoft Word Remote Code Execution Vulnerability
    Summary
    Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')
    • CWE-908 - Use of Uninitialized Resource
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft 365 Apps for Enterprise Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2019 Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2021 Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2024 Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2021 Affected: 16.0.1 , < 16.109.26051019 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2024 Affected: 16.0.0 , < 16.109.26051019 (custom)
    Create a notification for this product.
    Microsoft Microsoft Word 2016 Affected: 16.0.1 , < 16.0.5552.1000 (custom)
    Create a notification for this product.
    Date Public
    2026-05-12 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-40364",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-13T03:57:31.681520Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T10:13:03.217Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft 365 Apps for Enterprise",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.109.26051019",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.109.26051019",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Word 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5552.1000",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.109.26051019",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.109.26051019",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:word_2016:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.0.5552.1000",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-05-12T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Access of resource using incompatible type (\u0027type confusion\u0027) in Microsoft Office Word allows an unauthorized attacker to execute code locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-843",
                  "description": "CWE-843: Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                },
                {
                  "cweId": "CWE-908",
                  "description": "CWE-908: Use of Uninitialized Resource",
                  "lang": "en-US",
                  "type": "CWE"
                },
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-19T16:12:17.097Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Word Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40364"
            }
          ],
          "title": "Microsoft Word Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-40364",
        "datePublished": "2026-05-12T16:58:38.335Z",
        "dateReserved": "2026-04-11T23:06:15.614Z",
        "dateUpdated": "2026-06-19T16:12:17.097Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-40363 (GCVE-0-2026-40363)

    Vulnerability from nvd – Published: 2026-05-12 16:58 – Updated: 2026-06-19 16:12
    VLAI
    Title
    Microsoft Office Remote Code Execution Vulnerability
    Summary
    Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft 365 Apps for Enterprise Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2016 Affected: 16.0.0 , < 16.0.5552.1000 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2019 Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office for Android Affected: 16.0.1 , < 16.0.19822.20190 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2021 Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2024 Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2021 Affected: 16.0.1 , < 16.109.26051019 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2024 Affected: 16.0.0 , < 16.109.26051019 (custom)
    Create a notification for this product.
    Date Public
    2026-05-12 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-40363",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-13T03:56:45.249171Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T10:13:18.673Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft 365 Apps for Enterprise",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5552.1000",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office for Android",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.19822.20190",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.109.26051019",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.109.26051019",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.109.26051019",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.109.26051019",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2016:*:*:*:*:*:*:x86:*",
                      "versionEndExcluding": "16.0.5552.1000",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office:*:*:android:*:*:*:*:*",
                      "versionEndExcluding": "16.0.19822.20190",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-05-12T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-19T16:12:16.566Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Office Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40363"
            }
          ],
          "title": "Microsoft Office Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-40363",
        "datePublished": "2026-05-12T16:58:37.547Z",
        "dateReserved": "2026-04-11T23:06:15.614Z",
        "dateUpdated": "2026-06-19T16:12:16.566Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-40362 (GCVE-0-2026-40362)

    Vulnerability from nvd – Published: 2026-05-12 16:59 – Updated: 2026-06-19 16:12
    VLAI
    Title
    Microsoft Excel Remote Code Execution Vulnerability
    Summary
    Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft 365 Apps for Enterprise Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Excel 2016 Affected: 16.0.0.0 , < 16.0.5552.1000 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2019 Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2021 Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2024 Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2021 Affected: 16.0.1 , < 16.109.26051019 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2024 Affected: 16.0.0 , < 16.109.26051019 (custom)
    Create a notification for this product.
    Microsoft Office Online Server Affected: 16.0.0.0 , < 16.0.10417.20128 (custom)
    Create a notification for this product.
    Date Public
    2026-05-12 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-40362",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-13T03:57:05.308403Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T10:04:25.935Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft 365 Apps for Enterprise",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Excel 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5552.1000",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.109.26051019",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.109.26051019",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Office Online Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.10417.20128",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:ltsc:*:*:*",
                      "versionEndExcluding": "16.0.10417.20128",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.109.26051019",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.109.26051019",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:excel_2016:*:*:*:*:*:*:x86:*",
                      "versionEndExcluding": "16.0.5552.1000",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-05-12T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-19T16:12:51.494Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Excel Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40362"
            }
          ],
          "title": "Microsoft Excel Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-40362",
        "datePublished": "2026-05-12T16:59:19.192Z",
        "dateReserved": "2026-04-11T23:06:15.614Z",
        "dateUpdated": "2026-06-19T16:12:51.494Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-40361 (GCVE-0-2026-40361)

    Vulnerability from nvd – Published: 2026-05-12 16:59 – Updated: 2026-06-19 16:12
    VLAI
    Title
    Microsoft Outlook and Word Remote Code Execution Vulnerability
    Summary
    Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft 365 Apps for Enterprise Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2019 Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2021 Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2024 Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2021 Affected: 16.0.1 , < 16.109.26051019 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2024 Affected: 16.0.0 , < 16.109.26051019 (custom)
    Create a notification for this product.
    Microsoft Microsoft Word 2016 Affected: 16.0.1 , < 16.0.5552.1000 (custom)
    Create a notification for this product.
    Date Public
    2026-05-12 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-40361",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-07T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T03:57:28.776Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft 365 Apps for Enterprise",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.109.26051019",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.109.26051019",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Word 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5552.1000",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.109.26051019",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.109.26051019",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:word_2016:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.0.5552.1000",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-05-12T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Use after free in Microsoft Office allows an unauthorized attacker to execute code locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416: Use After Free",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-19T16:12:50.956Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Outlook and Word Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40361"
            }
          ],
          "title": "Microsoft Outlook and Word Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-40361",
        "datePublished": "2026-05-12T16:59:18.607Z",
        "dateReserved": "2026-04-11T23:06:15.614Z",
        "dateUpdated": "2026-06-19T16:12:50.956Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-40360 (GCVE-0-2026-40360)

    Vulnerability from nvd – Published: 2026-05-12 16:58 – Updated: 2026-06-19 16:12
    VLAI
    Title
    Microsoft Excel Information Disclosure Vulnerability
    Summary
    Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft 365 Apps for Enterprise Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Excel 2016 Affected: 16.0.0.0 , < 16.0.5552.1000 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2019 Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2021 Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2024 Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2021 Affected: 16.0.1 , < 16.109.26051019 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2024 Affected: 16.0.0 , < 16.109.26051019 (custom)
    Create a notification for this product.
    Microsoft Office Online Server Affected: 16.0.0.0 , < 16.0.10417.20128 (custom)
    Create a notification for this product.
    Date Public
    2026-05-12 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-40360",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-13T13:03:00.682070Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T13:03:13.240Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft 365 Apps for Enterprise",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Excel 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5552.1000",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.109.26051019",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.109.26051019",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Office Online Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.10417.20128",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:ltsc:*:*:*",
                      "versionEndExcluding": "16.0.10417.20128",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.109.26051019",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.109.26051019",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:excel_2016:*:*:*:*:*:*:x86:*",
                      "versionEndExcluding": "16.0.5552.1000",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-05-12T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125: Out-of-bounds Read",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-19T16:12:16.021Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Excel Information Disclosure Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40360"
            }
          ],
          "title": "Microsoft Excel Information Disclosure Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-40360",
        "datePublished": "2026-05-12T16:58:36.923Z",
        "dateReserved": "2026-04-11T23:06:15.614Z",
        "dateUpdated": "2026-06-19T16:12:16.021Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-40359 (GCVE-0-2026-40359)

    Vulnerability from nvd – Published: 2026-05-12 16:59 – Updated: 2026-06-19 16:12
    VLAI
    Title
    Microsoft Excel Remote Code Execution Vulnerability
    Summary
    Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft 365 Apps for Enterprise Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Excel 2016 Affected: 16.0.0.0 , < 16.0.5552.1000 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2019 Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2021 Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2024 Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2021 Affected: 16.0.1 , < 16.109.26051019 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2024 Affected: 16.0.0 , < 16.109.26051019 (custom)
    Create a notification for this product.
    Microsoft Office Online Server Affected: 16.0.0.0 , < 16.0.10417.20128 (custom)
    Create a notification for this product.
    Date Public
    2026-05-12 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-40359",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-07T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T03:56:59.622Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft 365 Apps for Enterprise",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Excel 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5552.1000",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.109.26051019",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.109.26051019",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Office Online Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.10417.20128",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:ltsc:*:*:*",
                      "versionEndExcluding": "16.0.10417.20128",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.109.26051019",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.109.26051019",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:excel_2016:*:*:*:*:*:*:x86:*",
                      "versionEndExcluding": "16.0.5552.1000",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-05-12T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416: Use After Free",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-19T16:12:50.490Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Excel Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40359"
            }
          ],
          "title": "Microsoft Excel Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-40359",
        "datePublished": "2026-05-12T16:59:17.927Z",
        "dateReserved": "2026-04-11T23:06:15.614Z",
        "dateUpdated": "2026-06-19T16:12:50.490Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-40358 (GCVE-0-2026-40358)

    Vulnerability from nvd – Published: 2026-05-12 16:59 – Updated: 2026-06-19 16:12
    VLAI
    Title
    Microsoft Office Remote Code Execution Vulnerability
    Summary
    Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft 365 Apps for Enterprise Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2016 Affected: 16.0.0 , < 16.0.5552.1000 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2019 Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2021 Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2024 Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2021 Affected: 16.0.1 , < 16.109.26051019 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2024 Affected: 16.0.0 , < 16.109.26051019 (custom)
    Create a notification for this product.
    Date Public
    2026-05-12 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-40358",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-13T03:56:50.574622Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T10:04:40.891Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft 365 Apps for Enterprise",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5552.1000",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.109.26051019",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.109.26051019",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.109.26051019",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.109.26051019",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2016:*:*:*:*:*:*:x86:*",
                      "versionEndExcluding": "16.0.5552.1000",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-05-12T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416: Use After Free",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-19T16:12:49.870Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Office Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40358"
            }
          ],
          "title": "Microsoft Office Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-40358",
        "datePublished": "2026-05-12T16:59:17.162Z",
        "dateReserved": "2026-04-11T23:06:15.614Z",
        "dateUpdated": "2026-06-19T16:12:49.870Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-35440 (GCVE-0-2026-35440)

    Vulnerability from nvd – Published: 2026-05-12 16:58 – Updated: 2026-06-19 16:12
    VLAI
    Title
    Microsoft Word Information Disclosure Vulnerability
    Summary
    Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-552 - Files or Directories Accessible to External Parties
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft 365 Apps for Enterprise Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2019 Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2021 Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2024 Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Word 2016 Affected: 16.0.1 , < 16.0.5552.1000 (custom)
    Create a notification for this product.
    Date Public
    2026-05-12 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-35440",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-13T10:15:39.136494Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T10:27:41.539Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft 365 Apps for Enterprise",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Word 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5552.1000",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:word_2016:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.0.5552.1000",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-05-12T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-552",
                  "description": "CWE-552: Files or Directories Accessible to External Parties",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-19T16:12:15.479Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Word Information Disclosure Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35440"
            }
          ],
          "title": "Microsoft Word Information Disclosure Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-35440",
        "datePublished": "2026-05-12T16:58:36.387Z",
        "dateReserved": "2026-04-02T19:21:11.805Z",
        "dateUpdated": "2026-06-19T16:12:15.479Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-35436 (GCVE-0-2026-35436)

    Vulnerability from nvd – Published: 2026-05-12 16:59 – Updated: 2026-06-19 16:12
    VLAI
    Title
    Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
    Summary
    Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1220 - Insufficient Granularity of Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft 365 Apps for Enterprise Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2019 Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2021 Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2024 Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Date Public
    2026-05-12 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-35436",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-07T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T03:56:56.362Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft 365 Apps for Enterprise",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-05-12T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1220",
                  "description": "CWE-1220: Insufficient Granularity of Access Control",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-19T16:12:59.674Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Office Click-To-Run Elevation of Privilege Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35436"
            }
          ],
          "title": "Microsoft Office Click-To-Run Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-35436",
        "datePublished": "2026-05-12T16:59:28.571Z",
        "dateReserved": "2026-04-02T19:21:11.805Z",
        "dateUpdated": "2026-06-19T16:12:59.674Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55121 (GCVE-0-2026-55121)

    Vulnerability from cvelistv5 – Published: 2026-07-14 17:10 – Updated: 2026-07-17 21:34
    VLAI
    Title
    Microsoft Office Information Disclosure Vulnerability
    Summary
    Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft 365 Apps for Enterprise Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2016 Affected: 16.0.0 , < 16.0.5561.1000 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2019 Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 365 for Mac Affected: 1.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2021 Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2024 Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2021 Affected: 16.0.1 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2024 Affected: 16.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft SharePoint Enterprise Server 2016 Affected: 16.0.0 , < 16.0.5561.1001 (custom)
    Create a notification for this product.
    Microsoft Microsoft SharePoint Server 2019 Affected: 16.0.0 , < 16.0.10417.20175 (custom)
    Create a notification for this product.
    Microsoft Microsoft SharePoint Server Subscription Edition Affected: 16.0.0 , < 16.0.19725.20434 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55121",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T17:46:06.794813Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T17:46:13.578Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft 365 Apps for Enterprise",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1000",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office 365 for Mac",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Enterprise Server 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1001",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.10417.20175",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Server Subscription Edition",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.19725.20434",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_365:*:*:*:*:*:macos:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server_2016:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "16.0.5561.1001",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.0.10417.20175",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*",
                      "versionEndExcluding": "16.0.19725.20434",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2016:*:*:*:*:*:*:x86:*",
                      "versionEndExcluding": "16.0.5561.1000",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125: Out-of-bounds Read",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T21:34:16.128Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Office Information Disclosure Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55121"
            }
          ],
          "title": "Microsoft Office Information Disclosure Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-55121",
        "datePublished": "2026-07-14T17:10:17.586Z",
        "dateReserved": "2026-06-16T15:03:49.680Z",
        "dateUpdated": "2026-07-17T21:34:16.128Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55120 (GCVE-0-2026-55120)

    Vulnerability from cvelistv5 – Published: 2026-07-14 17:09 – Updated: 2026-07-17 21:32
    VLAI
    Title
    Microsoft PowerPoint Remote Code Execution Vulnerability
    Summary
    Heap-based buffer overflow in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft 365 Apps for Enterprise Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2019 Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 365 for Mac Affected: 1.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2021 Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2024 Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2021 Affected: 16.0.1 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2024 Affected: 16.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft PowerPoint 2016 Affected: 16.0.0 , < 16.0.5561.1000 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55120",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-13T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T03:57:25.886Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft 365 Apps for Enterprise",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office 365 for Mac",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft PowerPoint 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1000",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:powerpoint_2016:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.0.5561.1000",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_365:*:*:*:*:*:macos:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Heap-based buffer overflow in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T21:32:59.328Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft PowerPoint Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55120"
            }
          ],
          "title": "Microsoft PowerPoint Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-55120",
        "datePublished": "2026-07-14T17:09:06.338Z",
        "dateReserved": "2026-06-16T15:03:49.680Z",
        "dateUpdated": "2026-07-17T21:32:59.328Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55054 (GCVE-0-2026-55054)

    Vulnerability from cvelistv5 – Published: 2026-07-14 17:08 – Updated: 2026-07-17 21:32
    VLAI
    Title
    Microsoft Excel Information Disclosure Vulnerability
    Summary
    Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft 365 Apps for Enterprise Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Excel 2016 Affected: 16.0.0.0 , < 16.0.5561.1001 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2019 Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 365 for Mac Affected: 1.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2021 Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2024 Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2021 Affected: 16.0.1 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2024 Affected: 16.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Office Online Server Affected: 16.0.0.0 , < 16.0.10417.20175 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55054",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T18:09:32.805040Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T18:09:46.209Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft 365 Apps for Enterprise",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Excel 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1001",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office 365 for Mac",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Office Online Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.10417.20175",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:ltsc:*:*:*",
                      "versionEndExcluding": "16.0.10417.20175",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:excel_2016:*:*:*:*:*:*:x86:*",
                      "versionEndExcluding": "16.0.5561.1001",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_365:*:*:*:*:*:macos:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125: Out-of-bounds Read",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T21:32:46.145Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Excel Information Disclosure Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55054"
            }
          ],
          "title": "Microsoft Excel Information Disclosure Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-55054",
        "datePublished": "2026-07-14T17:08:52.994Z",
        "dateReserved": "2026-06-16T14:13:49.836Z",
        "dateUpdated": "2026-07-17T21:32:46.145Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-47293 (GCVE-0-2026-47293)

    Vulnerability from cvelistv5 – Published: 2026-06-09 17:05 – Updated: 2026-07-15 20:10
    VLAI
    Title
    Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
    Summary
    Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft 365 Apps for Enterprise Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2019 Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2021 Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2024 Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Date Public
    2026-06-09 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-47293",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-10T03:56:39.788489Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-10T10:16:14.056Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft 365 Apps for Enterprise",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-06-09T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416: Use After Free",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T20:10:05.249Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Office Click-To-Run Elevation of Privilege Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47293"
            }
          ],
          "title": "Microsoft Office Click-To-Run Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-47293",
        "datePublished": "2026-06-09T17:05:47.133Z",
        "dateReserved": "2026-05-18T23:53:33.897Z",
        "dateUpdated": "2026-07-15T20:10:05.249Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-42832 (GCVE-0-2026-42832)

    Vulnerability from cvelistv5 – Published: 2026-05-12 16:59 – Updated: 2026-06-19 16:13
    VLAI
    Title
    Microsoft Office Spoofing Vulnerability
    Summary
    Improper access control in Microsoft Office allows an unauthorized attacker to perform spoofing locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft Excel for Android Affected: 16.0.0.0 , < 16.0.19822.20190 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2021 Affected: 16.0.1 , < 16.109.26051019 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2024 Affected: 16.0.0 , < 16.109.26051019 (custom)
    Create a notification for this product.
    Microsoft Microsoft Word for Android Affected: 16.0.0.0 , < 16.0.19822.20190 (custom)
    Create a notification for this product.
    Date Public
    2026-05-12 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-42832",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T18:54:19.688774Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T18:54:35.971Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Excel for Android",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.19822.20190",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.109.26051019",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.109.26051019",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Word for Android",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.19822.20190",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:word:*:*:*:*:*:android:*:*",
                      "versionEndExcluding": "16.0.19822.20190",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:excel:*:*:*:*:*:android:*:*",
                      "versionEndExcluding": "16.0.19822.20190",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.109.26051019",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.109.26051019",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-05-12T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Improper access control in Microsoft Office allows an unauthorized attacker to perform spoofing locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284: Improper Access Control",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-19T16:13:04.529Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Office Spoofing Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42832"
            }
          ],
          "title": "Microsoft Office Spoofing Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-42832",
        "datePublished": "2026-05-12T16:59:34.810Z",
        "dateReserved": "2026-04-30T14:51:12.703Z",
        "dateUpdated": "2026-06-19T16:13:04.529Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-40420 (GCVE-0-2026-40420)

    Vulnerability from cvelistv5 – Published: 2026-05-12 16:59 – Updated: 2026-06-19 16:13
    VLAI
    Title
    Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
    Summary
    Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft 365 Apps for Enterprise Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2019 Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2021 Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2024 Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Date Public
    2026-05-12 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-40420",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-07T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T03:56:54.169Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft 365 Apps for Enterprise",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-05-12T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284: Improper Access Control",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-19T16:13:00.179Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Office Click-To-Run Elevation of Privilege Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40420"
            }
          ],
          "title": "Microsoft Office Click-To-Run Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-40420",
        "datePublished": "2026-05-12T16:59:29.493Z",
        "dateReserved": "2026-04-13T00:27:50.799Z",
        "dateUpdated": "2026-06-19T16:13:00.179Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-35436 (GCVE-0-2026-35436)

    Vulnerability from cvelistv5 – Published: 2026-05-12 16:59 – Updated: 2026-06-19 16:12
    VLAI
    Title
    Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
    Summary
    Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1220 - Insufficient Granularity of Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft 365 Apps for Enterprise Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2019 Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2021 Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2024 Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Date Public
    2026-05-12 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-35436",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-07T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T03:56:56.362Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft 365 Apps for Enterprise",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-05-12T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1220",
                  "description": "CWE-1220: Insufficient Granularity of Access Control",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-19T16:12:59.674Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Office Click-To-Run Elevation of Privilege Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35436"
            }
          ],
          "title": "Microsoft Office Click-To-Run Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-35436",
        "datePublished": "2026-05-12T16:59:28.571Z",
        "dateReserved": "2026-04-02T19:21:11.805Z",
        "dateUpdated": "2026-06-19T16:12:59.674Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }