Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-26105 (GCVE-0-2026-26105)
Vulnerability from cvelistv5 – Published: 2026-03-10 17:05 – Updated: 2026-03-20 16:35
VLAI?
EPSS
Title
Microsoft SharePoint Server Spoofing Vulnerability
Summary
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Affected:
16.0.0 , < 16.0.5543.1000
(custom)
|
||||||||||||
|
||||||||||||||
Date Public ?
2026-03-10 14:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-26105",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-05T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T03:55:50.335Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SharePoint Enterprise Server 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.5543.1000",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SharePoint Server 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.10417.20102",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SharePoint Server Subscription Edition",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.19725.20076",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server_2016:*:*:*:*:enterprise:*:*:*",
"versionEndExcluding": "16.0.5543.1000",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.0.10417.20102",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*",
"versionEndExcluding": "16.0.19725.20076",
"versionStartIncluding": "16.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2026-03-10T14:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Improper neutralization of input during web page generation (\u0027cross-site scripting\u0027) in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-20T16:35:42.909Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft SharePoint Server Spoofing Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26105"
}
],
"title": "Microsoft SharePoint Server Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2026-26105",
"datePublished": "2026-03-10T17:05:01.863Z",
"dateReserved": "2026-02-11T15:52:13.909Z",
"dateUpdated": "2026-03-20T16:35:42.909Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2026-26105\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2026-03-10T18:18:38.473\",\"lastModified\":\"2026-03-13T20:44:57.800\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper neutralization of input during web page generation (\u0027cross-site scripting\u0027) in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.\"},{\"lang\":\"es\",\"value\":\"Neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (\u0027cross-site scripting\u0027) en Microsoft Office SharePoint permite a un atacante no autorizado realizar spoofing a trav\u00e9s de una red.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":5.2},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N\",\"baseScore\":9.3,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":5.8}]},\"weaknesses\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*\",\"versionEndExcluding\":\"16.0.19725.20076\",\"matchCriteriaId\":\"DD6194DB-E1C7-4206-A116-2E87C69618E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"F815EF1D-7B60-47BE-9AC2-2548F99F10E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6122D014-5BF1-4AF4-8B4D-80205ED7785E\"}]}]}],\"references\":[{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26105\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-26105\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-10T18:39:54.452228Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-03-10T18:39:55.765Z\"}}], \"cna\": {\"title\": \"Microsoft SharePoint Server Spoofing Vulnerability\", \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 8.1, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C\"}, \"scenarios\": [{\"lang\": \"en-US\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Microsoft\", \"product\": \"Microsoft SharePoint Enterprise Server 2016\", \"versions\": [{\"status\": \"affected\", \"version\": \"16.0.0\", \"lessThan\": \"16.0.5543.1000\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft SharePoint Server 2019\", \"versions\": [{\"status\": \"affected\", \"version\": \"16.0.0\", \"lessThan\": \"16.0.10417.20102\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft SharePoint Server Subscription Edition\", \"versions\": [{\"status\": \"affected\", \"version\": \"16.0.0\", \"lessThan\": \"16.0.19725.20076\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}], \"datePublic\": \"2026-03-10T14:00:00.000Z\", \"references\": [{\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26105\", \"name\": \"Microsoft SharePoint Server Spoofing Vulnerability\", \"tags\": [\"vendor-advisory\", \"patch\"]}], \"descriptions\": [{\"lang\": \"en-US\", \"value\": \"Improper neutralization of input during web page generation (\u0027cross-site scripting\u0027) in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en-US\", \"type\": \"CWE\", \"cweId\": \"CWE-79\", \"description\": \"CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:microsoft:sharepoint_server_2016:*:*:*:*:enterprise:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"16.0.5543.1000\", \"versionStartIncluding\": \"16.0.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:sharepoint_server_2019:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"16.0.10417.20102\", \"versionStartIncluding\": \"16.0.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"16.0.19725.20076\", \"versionStartIncluding\": \"16.0.0\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"shortName\": \"microsoft\", \"dateUpdated\": \"2026-03-19T21:20:52.509Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-26105\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-03-19T21:20:52.509Z\", \"dateReserved\": \"2026-02-11T15:52:13.909Z\", \"assignerOrgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"datePublished\": \"2026-03-10T17:05:01.863Z\", \"assignerShortName\": \"microsoft\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
GHSA-PX4G-M59H-RC4R
Vulnerability from github – Published: 2026-03-10 18:31 – Updated: 2026-03-10 18:31
VLAI?
Details
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
Severity ?
8.1 (High)
{
"affected": [],
"aliases": [
"CVE-2026-26105"
],
"database_specific": {
"cwe_ids": [
"CWE-79"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-10T18:18:38Z",
"severity": "HIGH"
},
"details": "Improper neutralization of input during web page generation (\u0027cross-site scripting\u0027) in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.",
"id": "GHSA-px4g-m59h-rc4r",
"modified": "2026-03-10T18:31:21Z",
"published": "2026-03-10T18:31:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26105"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26105"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
MSRC_CVE-2026-26105
Vulnerability from csaf_microsoft - Published: 2026-03-10 07:00 - Updated: 2026-03-10 07:00Summary
Microsoft SharePoint Server Spoofing Vulnerability
Severity
Important
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
Customer Action: Required. The vulnerability documented by this CVE requires customer action to resolve.
CWE-79
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Vendor Fix
16.0.5543.1000:Security Update:https://support.microsoft.com/help/5002850
https://support.microsoft.com/help/5002850
Vendor Fix
16.0.10417.20102:Security Update:https://support.microsoft.com/help/5002845
https://support.microsoft.com/help/5002845
Vendor Fix
16.0.19725.20076:Security Update:https://support.microsoft.com/help/5002843
https://support.microsoft.com/help/5002843
References
Acknowledgments
Adi Ivascu
{
"document": {
"acknowledgments": [
{
"names": [
"Adi Ivascu"
]
}
],
"aggregate_severity": {
"namespace": "https://www.microsoft.com/en-us/msrc/security-update-severity-rating-system",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
},
{
"category": "general",
"text": "Required. The vulnerability documented by this CVE requires customer action to resolve.",
"title": "Customer Action"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2026-26105 Microsoft SharePoint Server Spoofing Vulnerability - HTML",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26105"
},
{
"category": "self",
"summary": "CVE-2026-26105 Microsoft SharePoint Server Spoofing Vulnerability - CSAF",
"url": "https://msrc.microsoft.com/csaf/advisories/2026/msrc_cve-2026-26105.json"
},
{
"category": "external",
"summary": "Microsoft Exploitability Index",
"url": "https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "Microsoft SharePoint Server Spoofing Vulnerability",
"tracking": {
"current_release_date": "2026-03-10T07:00:00.000Z",
"generator": {
"date": "2026-03-10T17:04:32.269Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2026-26105",
"initial_release_date": "2026-03-10T07:00:00.000Z",
"revision_history": [
{
"date": "2026-03-10T07:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c16.0.5543.1000",
"product": {
"name": "Microsoft SharePoint Enterprise Server 2016 \u003c16.0.5543.1000",
"product_id": "3"
}
},
{
"category": "product_version",
"name": "16.0.5543.1000",
"product": {
"name": "Microsoft SharePoint Enterprise Server 2016 16.0.5543.1000",
"product_id": "10950"
}
}
],
"category": "product_name",
"name": "Microsoft SharePoint Enterprise Server 2016"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c16.0.10417.20102",
"product": {
"name": "Microsoft SharePoint Server 2019 \u003c16.0.10417.20102",
"product_id": "2"
}
},
{
"category": "product_version",
"name": "16.0.10417.20102",
"product": {
"name": "Microsoft SharePoint Server 2019 16.0.10417.20102",
"product_id": "11585"
}
}
],
"category": "product_name",
"name": "Microsoft SharePoint Server 2019"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c16.0.19725.20076",
"product": {
"name": "Microsoft SharePoint Server Subscription Edition \u003c16.0.19725.20076",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "16.0.19725.20076",
"product": {
"name": "Microsoft SharePoint Server Subscription Edition 16.0.19725.20076",
"product_id": "11961"
}
}
],
"category": "product_name",
"name": "Microsoft SharePoint Server Subscription Edition"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-26105",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "general",
"text": "Microsoft",
"title": "Assigning CNA"
},
{
"category": "faq",
"text": "The attack vector is Network (AV:N) because this vulnerability is remotely exploitable and can be exploited from the internet. The attack complexity is Low (AC:L) because an attacker does not require significant prior knowledge of the system and can achieve repeatable success with the payload against the vulnerable component.",
"title": "According to the CVSS metric, the attack vector is network (AV:N) and the attack complexity is low (AC:L). What does that mean for this vulnerability?"
},
{
"category": "faq",
"text": "An attacker who successfully exploited this vulnerability might be able to run their scripts in the security context of the current user by enticing the user to click on a link resulting in a cross-site scripting attack on the SharePoint Server.",
"title": "How could an attacker exploit the vulnerability?"
},
{
"category": "faq",
"text": "Yes. The same KB number applies to both SharePoint Server 2016 and SharePoint Enterprise Server 2016. Customers running either version should install the security update to be protected from this vulnerability.",
"title": "I am running SharePoint Server 2016. Do the updates for SharePoint Enterprise Server 2016 also apply to the version I am running?"
}
],
"product_status": {
"fixed": [
"10950",
"11585",
"11961"
],
"known_affected": [
"1",
"2",
"3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-26105 Microsoft SharePoint Server Spoofing Vulnerability - HTML",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26105"
},
{
"category": "self",
"summary": "CVE-2026-26105 Microsoft SharePoint Server Spoofing Vulnerability - CSAF",
"url": "https://msrc.microsoft.com/csaf/advisories/2026/msrc_cve-2026-26105.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-10T07:00:00.000Z",
"details": "16.0.5543.1000:Security Update:https://support.microsoft.com/help/5002850",
"product_ids": [
"3"
],
"url": "https://support.microsoft.com/help/5002850"
},
{
"category": "vendor_fix",
"date": "2026-03-10T07:00:00.000Z",
"details": "16.0.10417.20102:Security Update:https://support.microsoft.com/help/5002845",
"product_ids": [
"2"
],
"url": "https://support.microsoft.com/help/5002845"
},
{
"category": "vendor_fix",
"date": "2026-03-10T07:00:00.000Z",
"details": "16.0.19725.20076:Security Update:https://support.microsoft.com/help/5002843",
"product_ids": [
"1"
],
"url": "https://support.microsoft.com/help/5002843"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalsScore": 0.0,
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 7.1,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"threats": [
{
"category": "impact",
"details": "Spoofing"
},
{
"category": "exploit_status",
"details": "Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely"
}
],
"title": "Microsoft SharePoint Server Spoofing Vulnerability"
}
]
}
FKIE_CVE-2026-26105
Vulnerability from fkie_nvd - Published: 2026-03-10 18:18 - Updated: 2026-03-13 20:44
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
9.3 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
9.3 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
Summary
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
References
| URL | Tags | ||
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26105 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_server | * | |
| microsoft | sharepoint_server | 2016 | |
| microsoft | sharepoint_server | 2019 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*",
"matchCriteriaId": "DD6194DB-E1C7-4206-A116-2E87C69618E8",
"versionEndExcluding": "16.0.19725.20076",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "F815EF1D-7B60-47BE-9AC2-2548F99F10E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*",
"matchCriteriaId": "6122D014-5BF1-4AF4-8B4D-80205ED7785E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper neutralization of input during web page generation (\u0027cross-site scripting\u0027) in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network."
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (\u0027cross-site scripting\u0027) en Microsoft Office SharePoint permite a un atacante no autorizado realizar spoofing a trav\u00e9s de una red."
}
],
"id": "CVE-2026-26105",
"lastModified": "2026-03-13T20:44:57.800",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.8,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2026-03-10T18:18:38.473",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26105"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "secure@microsoft.com",
"type": "Primary"
}
]
}
WID-SEC-W-2026-0659
Vulnerability from csaf_certbund - Published: 2026-03-10 23:00 - Updated: 2026-03-10 23:00Summary
Microsoft Office und SharePoint Produkte: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Die Microsoft Office Suite beinhaltet zahlreiche Büroanwendungen wie Textverarbeitung, Tabellenkalkulation, Datenbank und weitere Applikationen.
Microsoft Office Online Server ist ein Serverprodukt, das browserbasierte Versionen von Word, PowerPoint, Excel und OneNote bereitstellt.
Microsoft Sharepoint ist ein Portalsystem für die zentrale Verwaltung von Dokumenten und Anwendungen. Die Inhalte werden u. a. über Webseiten zur Verfügung gestellt.
Microsoft 365 Apps ist eine Office Suite für zahlreiche Büroanwendungen.
Angriff: Ein Angreifer kann mehrere Schwachstellen in verschiedenen Microsoft Office und SharePoint Produkten ausnutzen, um beliebigen Programmcode auszuführen, um falsche Informationen darzustellen, um Informationen offenzulegen, und um seine Privilegien zu erhöhen.
Betroffene Betriebssysteme: - Android
- MacOS X
- Windows
References
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Die Microsoft Office Suite beinhaltet zahlreiche B\u00fcroanwendungen wie Textverarbeitung, Tabellenkalkulation, Datenbank und weitere Applikationen.\r\nMicrosoft Office Online Server ist ein Serverprodukt, das browserbasierte Versionen von Word, PowerPoint, Excel und OneNote bereitstellt. \r\nMicrosoft Sharepoint ist ein Portalsystem f\u00fcr die zentrale Verwaltung von Dokumenten und Anwendungen. Die Inhalte werden u. a. \u00fcber Webseiten zur Verf\u00fcgung gestellt.\r\nMicrosoft 365 Apps ist eine Office Suite f\u00fcr zahlreiche B\u00fcroanwendungen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in verschiedenen Microsoft Office und SharePoint Produkten ausnutzen, um beliebigen Programmcode auszuf\u00fchren, um falsche Informationen darzustellen, um Informationen offenzulegen, und um seine Privilegien zu erh\u00f6hen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Android\n- MacOS X\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-0659 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0659.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-0659 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0659"
},
{
"category": "external",
"summary": "Microsoft Leitfaden f\u00fcr Sicherheitsupdates",
"url": "https://msrc.microsoft.com/update-guide/"
}
],
"source_lang": "en-US",
"title": "Microsoft Office und SharePoint Produkte: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-03-10T23:00:00.000+00:00",
"generator": {
"date": "2026-03-11T07:46:30.707+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2026-0659",
"initial_release_date": "2026-03-10T23:00:00.000+00:00",
"revision_history": [
{
"date": "2026-03-10T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Microsoft 365 Apps",
"product": {
"name": "Microsoft 365 Apps",
"product_id": "T050753",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:365_apps:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "2016",
"product": {
"name": "Microsoft Excel 2016",
"product_id": "318577",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:excel:2016"
}
}
}
],
"category": "product_name",
"name": "Excel"
},
{
"branches": [
{
"category": "product_version",
"name": "2019",
"product": {
"name": "Microsoft Office 2019",
"product_id": "902302",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:office:2019"
}
}
},
{
"category": "product_version",
"name": "for Android",
"product": {
"name": "Microsoft Office for Android",
"product_id": "T043649",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:office:for_android"
}
}
},
{
"category": "product_version",
"name": "LTSC for Mac 2021",
"product": {
"name": "Microsoft Office LTSC for Mac 2021",
"product_id": "T050754",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:office:ltsc_for_mac_2021"
}
}
},
{
"category": "product_version",
"name": "LTSC 2021",
"product": {
"name": "Microsoft Office LTSC 2021",
"product_id": "T050755",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:office:ltsc_2021"
}
}
},
{
"category": "product_version",
"name": "LTSC 2024",
"product": {
"name": "Microsoft Office LTSC 2024",
"product_id": "T050757",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:office:ltsc_2024"
}
}
},
{
"category": "product_version",
"name": "LTSC for Mac 2024",
"product": {
"name": "Microsoft Office LTSC for Mac 2024",
"product_id": "T050758",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:office:ltsc_for_mac_2024"
}
}
},
{
"category": "product_version",
"name": "2016",
"product": {
"name": "Microsoft Office 2016",
"product_id": "T051516",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:office:2016"
}
}
}
],
"category": "product_name",
"name": "Office"
},
{
"category": "product_name",
"name": "Microsoft Office Online Server",
"product": {
"name": "Microsoft Office Online Server",
"product_id": "T050749",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:office_online_server:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "Enterprise Server 2016",
"product": {
"name": "Microsoft SharePoint Enterprise Server 2016",
"product_id": "T050750",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:sharepoint:enterprise_server_2016"
}
}
},
{
"category": "product_version",
"name": "Server Subscription Edition",
"product": {
"name": "Microsoft SharePoint Server Subscription Edition",
"product_id": "T050756",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:sharepoint:server_subscription_edition"
}
}
}
],
"category": "product_name",
"name": "SharePoint"
},
{
"category": "product_name",
"name": "Microsoft SharePoint Server 2019",
"product": {
"name": "Microsoft SharePoint Server 2019",
"product_id": "T050752",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:sharepoint_server_2019:-"
}
}
}
],
"category": "vendor",
"name": "Microsoft"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-24285",
"product_status": {
"known_affected": [
"318577",
"T043649",
"T050752",
"T050754",
"T050753",
"T050750",
"T050749",
"T050756",
"T051516",
"T050755",
"T050758",
"T050757",
"902302"
]
},
"release_date": "2026-03-10T23:00:00.000+00:00",
"title": "CVE-2026-24285"
},
{
"cve": "CVE-2026-25180",
"product_status": {
"known_affected": [
"318577",
"T043649",
"T050752",
"T050754",
"T050753",
"T050750",
"T050749",
"T050756",
"T051516",
"T050755",
"T050758",
"T050757",
"902302"
]
},
"release_date": "2026-03-10T23:00:00.000+00:00",
"title": "CVE-2026-25180"
},
{
"cve": "CVE-2026-26105",
"product_status": {
"known_affected": [
"318577",
"T043649",
"T050752",
"T050754",
"T050753",
"T050750",
"T050749",
"T050756",
"T051516",
"T050755",
"T050758",
"T050757",
"902302"
]
},
"release_date": "2026-03-10T23:00:00.000+00:00",
"title": "CVE-2026-26105"
},
{
"cve": "CVE-2026-26106",
"product_status": {
"known_affected": [
"318577",
"T043649",
"T050752",
"T050754",
"T050753",
"T050750",
"T050749",
"T050756",
"T051516",
"T050755",
"T050758",
"T050757",
"902302"
]
},
"release_date": "2026-03-10T23:00:00.000+00:00",
"title": "CVE-2026-26106"
},
{
"cve": "CVE-2026-26107",
"product_status": {
"known_affected": [
"318577",
"T043649",
"T050752",
"T050754",
"T050753",
"T050750",
"T050749",
"T050756",
"T051516",
"T050755",
"T050758",
"T050757",
"902302"
]
},
"release_date": "2026-03-10T23:00:00.000+00:00",
"title": "CVE-2026-26107"
},
{
"cve": "CVE-2026-26108",
"product_status": {
"known_affected": [
"318577",
"T043649",
"T050752",
"T050754",
"T050753",
"T050750",
"T050749",
"T050756",
"T051516",
"T050755",
"T050758",
"T050757",
"902302"
]
},
"release_date": "2026-03-10T23:00:00.000+00:00",
"title": "CVE-2026-26108"
},
{
"cve": "CVE-2026-26109",
"product_status": {
"known_affected": [
"318577",
"T043649",
"T050752",
"T050754",
"T050753",
"T050750",
"T050749",
"T050756",
"T051516",
"T050755",
"T050758",
"T050757",
"902302"
]
},
"release_date": "2026-03-10T23:00:00.000+00:00",
"title": "CVE-2026-26109"
},
{
"cve": "CVE-2026-26110",
"product_status": {
"known_affected": [
"318577",
"T043649",
"T050752",
"T050754",
"T050753",
"T050750",
"T050749",
"T050756",
"T051516",
"T050755",
"T050758",
"T050757",
"902302"
]
},
"release_date": "2026-03-10T23:00:00.000+00:00",
"title": "CVE-2026-26110"
},
{
"cve": "CVE-2026-26112",
"product_status": {
"known_affected": [
"318577",
"T043649",
"T050752",
"T050754",
"T050753",
"T050750",
"T050749",
"T050756",
"T051516",
"T050755",
"T050758",
"T050757",
"902302"
]
},
"release_date": "2026-03-10T23:00:00.000+00:00",
"title": "CVE-2026-26112"
},
{
"cve": "CVE-2026-26113",
"product_status": {
"known_affected": [
"318577",
"T043649",
"T050752",
"T050754",
"T050753",
"T050750",
"T050749",
"T050756",
"T051516",
"T050755",
"T050758",
"T050757",
"902302"
]
},
"release_date": "2026-03-10T23:00:00.000+00:00",
"title": "CVE-2026-26113"
},
{
"cve": "CVE-2026-26114",
"product_status": {
"known_affected": [
"318577",
"T043649",
"T050752",
"T050754",
"T050753",
"T050750",
"T050749",
"T050756",
"T051516",
"T050755",
"T050758",
"T050757",
"902302"
]
},
"release_date": "2026-03-10T23:00:00.000+00:00",
"title": "CVE-2026-26114"
},
{
"cve": "CVE-2026-26134",
"product_status": {
"known_affected": [
"318577",
"T043649",
"T050752",
"T050754",
"T050753",
"T050750",
"T050749",
"T050756",
"T051516",
"T050755",
"T050758",
"T050757",
"902302"
]
},
"release_date": "2026-03-10T23:00:00.000+00:00",
"title": "CVE-2026-26134"
},
{
"cve": "CVE-2026-26144",
"product_status": {
"known_affected": [
"318577",
"T043649",
"T050752",
"T050754",
"T050753",
"T050750",
"T050749",
"T050756",
"T051516",
"T050755",
"T050758",
"T050757",
"902302"
]
},
"release_date": "2026-03-10T23:00:00.000+00:00",
"title": "CVE-2026-26144"
}
]
}
CERTFR-2026-AVI-0274
Vulnerability from certfr_avis - Published: 2026-03-11 - Updated: 2026-03-11
De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | azl3 freetype 2.13.2-1 versions antérieures à 2.13.2-2 | ||
| Microsoft | N/A | Microsoft Semantic Kernel Python SDK versions antérieures à 1.39.4 | ||
| Microsoft | N/A | Microsoft SQL Server 2025 pour systèmes x64 (CU2) versions antérieures à 17.0.4020.2 | ||
| Microsoft | N/A | Microsoft SQL Server 2016 pour systèmes x64 Service Pack 3 (GDR) versions antérieures à 13.0.6480.4 | ||
| Microsoft | N/A | Microsoft SQL Server 2017 pour systèmes x64 (GDR) versions antérieures à 14.0.2100.4 | ||
| Microsoft | N/A | Microsoft SQL Server 2017 pour systèmes x64 (CU 31) versions antérieures à 14.0.3520.4 | ||
| Microsoft | N/A | Microsoft Authenticator pour Android versions antérieures à 6.2511.7533 | ||
| Microsoft | N/A | Microsoft SharePoint Enterprise Server 2016 versions antérieures à 16.0.5543.1000 | ||
| Microsoft | N/A | Microsoft SharePoint Server 2019 versions antérieures à 16.0.10417.20102 | ||
| Microsoft | N/A | Microsoft SQL Server 2022 pour systèmes x64 (CU 23) versions antérieures à 16.0.4240.4 | ||
| Microsoft | N/A | Microsoft SharePoint Server Subscription Edition versions antérieures à 16.0.19725.20076 | ||
| Microsoft | N/A | System Center Operations Manager 2022 versions antérieures à 10.22.11951.0 | ||
| Microsoft | N/A | cbl2 freetype 2.13.1-1 versions antérieures à 2.13.1-2 | ||
| Microsoft | N/A | Microsoft Authenticator pour IOS versions antérieures à 6.8.40 | ||
| Microsoft | N/A | Microsoft.Bcl.Memory 9.0 versions antérieures à 9.0.14 | ||
| Microsoft | N/A | Microsoft SQL Server 2016 pour systèmes x64 Service Pack 3 Azure Connect Feature Pack versions antérieures à 13.0.7075.5 | ||
| Microsoft | N/A | Microsoft SQL Server 2019 pour systèmes x64 (CU 32) versions antérieures à 15.0.4460.4 | ||
| Microsoft | N/A | Microsoft.Bcl.Memory 10.0 versions antérieures à 10.0.4 | ||
| Microsoft | N/A | Microsoft SQL Server 2022 pour systèmes x64 (GDR) versions antérieures à 16.0.1170.5 | ||
| Microsoft | N/A | Microsoft SQL Server 2019 pour systèmes x64 (GDR) versions antérieures à 16.0.1170.5 | ||
| Microsoft | N/A | Microsoft SQL Server 2025 pour systèmes x64 (GDR) versions antérieures à 17.0.1105.2 | ||
| Microsoft | N/A | System Center Operations Manager 2025 versions antérieures à 10.25.10377.0 | ||
| Microsoft | N/A | GitHub Repo: Zero Shot scFoundation versions antérieures à 0.1.1 | ||
| Microsoft | N/A | System Center Operations Manager 2019 versions antérieures à 10.19.10658.0 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "azl3 freetype 2.13.2-1 versions ant\u00e9rieures \u00e0 2.13.2-2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Semantic Kernel Python SDK versions ant\u00e9rieures \u00e0 1.39.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2025 pour syst\u00e8mes x64 (CU2) versions ant\u00e9rieures \u00e0 17.0.4020.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2016 pour syst\u00e8mes x64 Service Pack 3 (GDR) versions ant\u00e9rieures \u00e0 13.0.6480.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2017 pour syst\u00e8mes x64 (GDR) versions ant\u00e9rieures \u00e0 14.0.2100.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2017 pour syst\u00e8mes x64 (CU 31) versions ant\u00e9rieures \u00e0 14.0.3520.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Authenticator pour Android versions ant\u00e9rieures \u00e0 6.2511.7533",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Enterprise Server 2016 versions ant\u00e9rieures \u00e0 16.0.5543.1000",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Server 2019 versions ant\u00e9rieures \u00e0 16.0.10417.20102",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2022 pour syst\u00e8mes x64 (CU 23) versions ant\u00e9rieures \u00e0 16.0.4240.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Server Subscription Edition versions ant\u00e9rieures \u00e0 16.0.19725.20076",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "System Center Operations Manager 2022 versions ant\u00e9rieures \u00e0 10.22.11951.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 freetype 2.13.1-1 versions ant\u00e9rieures \u00e0 2.13.1-2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Authenticator pour IOS versions ant\u00e9rieures \u00e0 6.8.40",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft.Bcl.Memory 9.0 versions ant\u00e9rieures \u00e0 9.0.14",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2016 pour syst\u00e8mes x64 Service Pack 3 Azure Connect Feature Pack versions ant\u00e9rieures \u00e0 13.0.7075.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2019 pour syst\u00e8mes x64 (CU 32) versions ant\u00e9rieures \u00e0 15.0.4460.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft.Bcl.Memory 10.0 versions ant\u00e9rieures \u00e0 10.0.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2022 pour syst\u00e8mes x64 (GDR) versions ant\u00e9rieures \u00e0 16.0.1170.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2019 pour syst\u00e8mes x64 (GDR) versions ant\u00e9rieures \u00e0 16.0.1170.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2025 pour syst\u00e8mes x64 (GDR) versions ant\u00e9rieures \u00e0 17.0.1105.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "System Center Operations Manager 2025 versions ant\u00e9rieures \u00e0 10.25.10377.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "GitHub Repo: Zero Shot scFoundation versions ant\u00e9rieures \u00e0 0.1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "System Center Operations Manager 2019 versions ant\u00e9rieures \u00e0 10.19.10658.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-26123",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26123"
},
{
"name": "CVE-2026-26106",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26106"
},
{
"name": "CVE-2026-26114",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26114"
},
{
"name": "CVE-2026-26127",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26127"
},
{
"name": "CVE-2026-23865",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23865"
},
{
"name": "CVE-2026-26030",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26030"
},
{
"name": "CVE-2026-21262",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21262"
},
{
"name": "CVE-2026-26115",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26115"
},
{
"name": "CVE-2026-23654",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23654"
},
{
"name": "CVE-2026-20967",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20967"
},
{
"name": "CVE-2026-26116",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26116"
},
{
"name": "CVE-2026-26105",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26105"
},
{
"name": "CVE-2026-26113",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26113"
}
],
"initial_release_date": "2026-03-11T00:00:00",
"last_revision_date": "2026-03-11T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0274",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-03-11T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Microsoft. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
"vendor_advisories": [
{
"published_at": "2026-03-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-26114",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26114"
},
{
"published_at": "2026-03-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-26106",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26106"
},
{
"published_at": "2026-03-04",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-23865",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23865"
},
{
"published_at": "2026-03-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-26105",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26105"
},
{
"published_at": "2026-03-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-26127",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26127"
},
{
"published_at": "2026-03-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-26030",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26030"
},
{
"published_at": "2026-03-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-20967",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20967"
},
{
"published_at": "2026-03-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-26113",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26113"
},
{
"published_at": "2026-03-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-23654",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23654"
},
{
"published_at": "2026-03-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-21262",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21262"
},
{
"published_at": "2026-03-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-26123",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26123"
},
{
"published_at": "2026-03-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-26115",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26115"
},
{
"published_at": "2026-03-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-26116",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26116"
}
]
}
NCSC-2026-0084
Vulnerability from csaf_ncscnl - Published: 2026-03-10 20:20 - Updated: 2026-03-10 20:20Summary
Kwetsbaarheden verholpen in Microsoft Office
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Microsoft heeft kwetsbaarheden verholpen in diverse Office producten.
Interpretaties: Een kwaadwillende kan de kwetsbaarheden misbruiken om zich voor te doen als een andere gebruiker, zich verhoogde rechten toe te kennen en/of willekeurige code uit te voeren en mogelijk toegang te krijgen tot gevoelige gegevens in de context van het slachtoffer.
Voor succesvol misbruik moet de kwaadwillende het slachtoffer misleiden een malfide document te openen, of link te volgen.
```
Microsoft Office Excel:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2026-26112 | 7.80 | Uitvoeren van willekeurige code |
| CVE-2026-26107 | 7.80 | Uitvoeren van willekeurige code |
| CVE-2026-26108 | 7.80 | Uitvoeren van willekeurige code |
| CVE-2026-26109 | 8.40 | Uitvoeren van willekeurige code |
| CVE-2026-26144 | 7.50 | Toegang tot gevoelige gegevens |
|----------------|------|-------------------------------------|
Microsoft Office:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2026-26113 | 8.40 | Uitvoeren van willekeurige code |
| CVE-2026-26134 | 7.80 | Verkrijgen van verhoogde rechten |
| CVE-2026-26110 | 8.40 | Uitvoeren van willekeurige code |
|----------------|------|-------------------------------------|
Microsoft Office SharePoint:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2026-26105 | 8.10 | Voordoen als andere gebruiker |
| CVE-2026-26114 | 8.80 | Uitvoeren van willekeurige code |
| CVE-2026-26106 | 8.80 | Uitvoeren van willekeurige code |
|----------------|------|-------------------------------------|
```
Oplossingen: Microsoft heeft updates beschikbaar gesteld waarmee de beschreven kwetsbaarheden worden verholpen. We raden u aan om deze updates te installeren. Meer informatie over de kwetsbaarheden, de installatie van de updates en eventuele work-arounds vindt u op:
https://portal.msrc.microsoft.com/en-us/security-guidance
Kans: medium
Schade: high
CWE-20: Improper Input Validation
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-122: Heap-based Buffer Overflow
CWE-125: Out-of-bounds Read
CWE-190: Integer Overflow or Wraparound
CWE-416: Use After Free
CWE-502: Deserialization of Untrusted Data
CWE-822: Untrusted Pointer Dereference
CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')
A cross-site scripting vulnerability in Microsoft Office SharePoint caused by improper input neutralization allows unauthorized attackers to perform network spoofing.
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')An untrusted pointer dereference vulnerability in Microsoft Office allows unauthorized local code execution, posing a significant security risk.
CWE-822 - Untrusted Pointer DereferenceA deserialization vulnerability in Microsoft Office SharePoint allows an authorized attacker to remotely execute code over a network by processing untrusted data.
CWE-502 - Deserialization of Untrusted DataAn improper input validation vulnerability in Microsoft Office SharePoint allows an authorized attacker to remotely execute code on the affected system.
CWE-20 - Improper Input ValidationA vulnerability in Microsoft Office Excel allows untrusted pointer dereference, enabling unauthorized attackers to execute code locally.
CWE-822 - Untrusted Pointer DereferenceA vulnerability in Microsoft Office Excel, termed 'use after free,' allows unauthorized attackers to execute code locally on affected systems.
CWE-416 - Use After FreeA heap-based buffer overflow vulnerability in Microsoft Office Excel allows unauthorized attackers to execute code locally.
CWE-122 - Heap-based Buffer OverflowAn out-of-bounds read vulnerability in Microsoft Office Excel allows an unauthorized attacker to execute code locally, posing a significant security risk.
CWE-125 - Out-of-bounds ReadA type confusion vulnerability in Microsoft Office allows unauthorized local code execution, posing a significant security risk.
CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')A cross-site scripting vulnerability in Microsoft Office Excel caused by improper input neutralization during web page generation allows unauthorized attackers to disclose information over a network.
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')An integer overflow or wraparound vulnerability in Microsoft Office allows an authorized local attacker to elevate privileges on the affected system.
CWE-190 - Integer Overflow or WraparoundReferences
| URL | Category | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Microsoft heeft kwetsbaarheden verholpen in diverse Office producten.",
"title": "Feiten"
},
{
"category": "description",
"text": "Een kwaadwillende kan de kwetsbaarheden misbruiken om zich voor te doen als een andere gebruiker, zich verhoogde rechten toe te kennen en/of willekeurige code uit te voeren en mogelijk toegang te krijgen tot gevoelige gegevens in de context van het slachtoffer.\n\nVoor succesvol misbruik moet de kwaadwillende het slachtoffer misleiden een malfide document te openen, of link te volgen.\n\n```\nMicrosoft Office Excel: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-26112 | 7.80 | Uitvoeren van willekeurige code | \n| CVE-2026-26107 | 7.80 | Uitvoeren van willekeurige code | \n| CVE-2026-26108 | 7.80 | Uitvoeren van willekeurige code | \n| CVE-2026-26109 | 8.40 | Uitvoeren van willekeurige code | \n| CVE-2026-26144 | 7.50 | Toegang tot gevoelige gegevens | \n|----------------|------|-------------------------------------|\n\nMicrosoft Office: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-26113 | 8.40 | Uitvoeren van willekeurige code | \n| CVE-2026-26134 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-26110 | 8.40 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nMicrosoft Office SharePoint: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-26105 | 8.10 | Voordoen als andere gebruiker | \n| CVE-2026-26114 | 8.80 | Uitvoeren van willekeurige code | \n| CVE-2026-26106 | 8.80 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n```",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Microsoft heeft updates beschikbaar gesteld waarmee de beschreven kwetsbaarheden worden verholpen. We raden u aan om deze updates te installeren. Meer informatie over de kwetsbaarheden, de installatie van de updates en eventuele work-arounds vindt u op:\n\nhttps://portal.msrc.microsoft.com/en-us/security-guidance",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "general",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "general",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "general",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "general",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "general",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "general",
"text": "Untrusted Pointer Dereference",
"title": "CWE-822"
},
{
"category": "general",
"text": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"title": "CWE-843"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"title": "Kwetsbaarheden verholpen in Microsoft Office",
"tracking": {
"current_release_date": "2026-03-10T20:20:08.157658Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2026-0084",
"initial_release_date": "2026-03-10T20:20:08.157658Z",
"revision_history": [
{
"date": "2026-03-10T20:20:08.157658Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-3"
}
}
],
"category": "product_name",
"name": "Microsoft Excel 2016 (32-bit edition)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-4"
}
}
],
"category": "product_name",
"name": "Microsoft Excel 2016 (64-bit edition)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-5"
}
}
],
"category": "product_name",
"name": "Microsoft Office 2016 (32-bit edition)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-6"
}
}
],
"category": "product_name",
"name": "Microsoft Office 2016 (64-bit edition)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-7"
}
}
],
"category": "product_name",
"name": "Microsoft Office 2019 for 32-bit editions"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-8"
}
}
],
"category": "product_name",
"name": "Microsoft Office 2019 for 64-bit editions"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-9"
}
}
],
"category": "product_name",
"name": "Microsoft Office LTSC 2021 for 32-bit editions"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-10"
}
}
],
"category": "product_name",
"name": "Microsoft Office LTSC 2021 for 64-bit editions"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-11"
}
}
],
"category": "product_name",
"name": "Microsoft Office LTSC 2024 for 32-bit editions"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-12"
}
}
],
"category": "product_name",
"name": "Microsoft Office LTSC 2024 for 64-bit editions"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-13"
}
}
],
"category": "product_name",
"name": "Microsoft Office LTSC for Mac 2021"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-14"
}
}
],
"category": "product_name",
"name": "Microsoft Office LTSC for Mac 2024"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-15"
}
}
],
"category": "product_name",
"name": "Microsoft Office for Android"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-16"
}
}
],
"category": "product_name",
"name": "Microsoft SharePoint Enterprise Server 2016"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-17"
}
}
],
"category": "product_name",
"name": "Microsoft SharePoint Server 2019"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-18"
}
}
],
"category": "product_name",
"name": "Microsoft SharePoint Server Subscription Edition"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-19"
}
}
],
"category": "product_name",
"name": "Office Online Server"
}
],
"category": "vendor",
"name": "Microsoft"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-26105",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "description",
"text": "A cross-site scripting vulnerability in Microsoft Office SharePoint caused by improper input neutralization allows unauthorized attackers to perform network spoofing.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-26105 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-26105.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19"
]
}
],
"title": "CVE-2026-26105"
},
{
"cve": "CVE-2026-26113",
"cwe": {
"id": "CWE-822",
"name": "Untrusted Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "Untrusted Pointer Dereference",
"title": "CWE-822"
},
{
"category": "description",
"text": "An untrusted pointer dereference vulnerability in Microsoft Office allows unauthorized local code execution, posing a significant security risk.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-26113 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-26113.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19"
]
}
],
"title": "CVE-2026-26113"
},
{
"cve": "CVE-2026-26114",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "description",
"text": "A deserialization vulnerability in Microsoft Office SharePoint allows an authorized attacker to remotely execute code over a network by processing untrusted data.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-26114 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-26114.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19"
]
}
],
"title": "CVE-2026-26114"
},
{
"cve": "CVE-2026-26106",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "description",
"text": "An improper input validation vulnerability in Microsoft Office SharePoint allows an authorized attacker to remotely execute code on the affected system.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-26106 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-26106.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19"
]
}
],
"title": "CVE-2026-26106"
},
{
"cve": "CVE-2026-26112",
"cwe": {
"id": "CWE-822",
"name": "Untrusted Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "Untrusted Pointer Dereference",
"title": "CWE-822"
},
{
"category": "description",
"text": "A vulnerability in Microsoft Office Excel allows untrusted pointer dereference, enabling unauthorized attackers to execute code locally.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-26112 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-26112.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19"
]
}
],
"title": "CVE-2026-26112"
},
{
"cve": "CVE-2026-26107",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A vulnerability in Microsoft Office Excel, termed \u0027use after free,\u0027 allows unauthorized attackers to execute code locally on affected systems.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-26107 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-26107.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19"
]
}
],
"title": "CVE-2026-26107"
},
{
"cve": "CVE-2026-26108",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "A heap-based buffer overflow vulnerability in Microsoft Office Excel allows unauthorized attackers to execute code locally.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-26108 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-26108.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19"
]
}
],
"title": "CVE-2026-26108"
},
{
"cve": "CVE-2026-26109",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "An out-of-bounds read vulnerability in Microsoft Office Excel allows an unauthorized attacker to execute code locally, posing a significant security risk.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-26109 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-26109.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19"
]
}
],
"title": "CVE-2026-26109"
},
{
"cve": "CVE-2026-26110",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"notes": [
{
"category": "other",
"text": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"title": "CWE-843"
},
{
"category": "description",
"text": "A type confusion vulnerability in Microsoft Office allows unauthorized local code execution, posing a significant security risk.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-26110 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-26110.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19"
]
}
],
"title": "CVE-2026-26110"
},
{
"cve": "CVE-2026-26144",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "description",
"text": "A cross-site scripting vulnerability in Microsoft Office Excel caused by improper input neutralization during web page generation allows unauthorized attackers to disclose information over a network.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-26144 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-26144.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19"
]
}
],
"title": "CVE-2026-26144"
},
{
"cve": "CVE-2026-26134",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "other",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "An integer overflow or wraparound vulnerability in Microsoft Office allows an authorized local attacker to elevate privileges on the affected system.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-26134 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-26134.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19"
]
}
],
"title": "CVE-2026-26134"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…