Vulnerability-Lookup

Search criteria

Vendor

Product

Assigner

Sources

Sort by

Order

1 vulnerability found for Office Deployment Tool by Microsoft Corporation

JVNDB-2026-000013

Vulnerability from jvndb - Published: 2026-02-02 15:18 - Updated:2026-02-02 15:18

Summary

Multiple Microsoft Office products vulnerable to untrusted search path

Details

Multiple Microsoft Office products contain the following vulnerability.

Untrusted search path (CWE-426, - CVE-2026-20943

Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

Type

URL

	JVN	https://jvn.jp/en/jp/JVN04984838/index.html
	CVE	https://www.cve.org/CVERecord?id=CVE-2026-20943
	No Mapping(CWE-Other)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

	Microsoft Corporation	Microsoft Office
	Microsoft Corporation	Office Deployment Tool
	Microsoft Corporation	Microsoft SharePoint Enterprise Server
	Microsoft Corporation	Microsoft SharePoint Server

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000013.html",
  "dc:date": "2026-02-02T15:18+09:00",
  "dcterms:issued": "2026-02-02T15:18+09:00",
  "dcterms:modified": "2026-02-02T15:18+09:00",
  "description": "Multiple Microsoft Office products contain the following vulnerability.\u003cul\u003e\u003cli\u003eUntrusted search path (CWE-426, - CVE-2026-20943\u003c/li\u003e\u003c/ul\u003eKazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000013.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:microsoft:office",
      "@product": "Microsoft Office",
      "@vendor": "Microsoft Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:microsoft:office_deployment_tool",
      "@product": "Office Deployment Tool",
      "@vendor": "Microsoft Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:microsoft:sharepoint_enterprise_server",
      "@product": "Microsoft SharePoint Enterprise Server",
      "@vendor": "Microsoft Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:microsoft:sharepoint_server",
      "@product": "Microsoft SharePoint Server",
      "@vendor": "Microsoft Corporation",
      "@version": "2.2"
    }
  ],
  "sec:identifier": "JVNDB-2026-000013",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN04984838/index.html",
      "@id": "JVN#04984838",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2026-20943",
      "@id": "CVE-2026-20943",
      "@source": "CVE"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "Multiple Microsoft Office products vulnerable to untrusted search path"
}