Vulnerability-Lookup

CVE-2026-35439 (GCVE-0-2026-35439)

Vulnerability from cvelistv5 – Published: 2026-05-12 16:58 – Updated: 2026-05-14 18:08

Title

Microsoft SharePoint Server Remote Code Execution Vulnerability

Summary

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Severity ?

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

CWE-502 - Deserialization of Untrusted Data

Assigner

microsoft

References

1 reference

URL	Tags
https://msrc.microsoft.com/update-guide/vulnerabi…	vendor-advisorypatch

Impacted products

3 products

Vendor	Product	Version
Microsoft	Microsoft SharePoint Enterprise Server 2016	Affected: 16.0.0 , < 16.0.5552.1002 (custom)
Microsoft	Microsoft SharePoint Server 2019	Affected: 16.0.0 , < 16.0.10417.20128 (custom)
Microsoft	Microsoft SharePoint Server Subscription Edition	Affected: 16.0.0 , < 16.0.19725.20280 (custom)

Date Public ?

2026-05-12 14:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-35439",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-07T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-13T03:57:23.260Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SharePoint Enterprise Server 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.5552.1002",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SharePoint Server 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.10417.20128",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SharePoint Server Subscription Edition",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.19725.20280",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:sharepoint_server_2016:*:*:*:*:enterprise:*:*:*",
                  "versionEndExcluding": "16.0.5552.1002",
                  "versionStartIncluding": "16.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:sharepoint_server_2019:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "16.0.10417.20128",
                  "versionStartIncluding": "16.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*",
                  "versionEndExcluding": "16.0.19725.20280",
                  "versionStartIncluding": "16.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2026-05-12T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "CWE-502: Deserialization of Untrusted Data",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-14T18:08:04.473Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft SharePoint Server Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35439"
        }
      ],
      "title": "Microsoft SharePoint Server Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2026-35439",
    "datePublished": "2026-05-12T16:58:35.807Z",
    "dateReserved": "2026-04-02T19:21:11.805Z",
    "dateUpdated": "2026-05-14T18:08:04.473Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-35439",
      "date": "2026-05-14",
      "epss": "0.00555",
      "percentile": "0.68302"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-35439\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2026-05-12T18:17:14.153\",\"lastModified\":\"2026-05-13T20:53:04.193\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-502\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*\",\"versionEndExcluding\":\"16.0.19725.20280\",\"matchCriteriaId\":\"E9919927-DE08-4AE4-B9F6-2A83117EE14A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"F815EF1D-7B60-47BE-9AC2-2548F99F10E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6122D014-5BF1-4AF4-8B4D-80205ED7785E\"}]}]}],\"references\":[{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35439\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-35439\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-05-12T19:47:46.968293Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-05-12T19:47:54.079Z\"}}], \"cna\": {\"title\": \"Microsoft SharePoint Server Remote Code Execution Vulnerability\", \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C\"}, \"scenarios\": [{\"lang\": \"en-US\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Microsoft\", \"product\": \"Microsoft SharePoint Enterprise Server 2016\", \"versions\": [{\"status\": \"affected\", \"version\": \"16.0.0\", \"lessThan\": \"16.0.5552.1002\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft SharePoint Server 2019\", \"versions\": [{\"status\": \"affected\", \"version\": \"16.0.0\", \"lessThan\": \"16.0.10417.20128\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft SharePoint Server Subscription Edition\", \"versions\": [{\"status\": \"affected\", \"version\": \"16.0.0\", \"lessThan\": \"16.0.19725.20280\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}], \"datePublic\": \"2026-05-12T14:00:00.000Z\", \"references\": [{\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35439\", \"name\": \"Microsoft SharePoint Server Remote Code Execution Vulnerability\", \"tags\": [\"vendor-advisory\", \"patch\"]}], \"descriptions\": [{\"lang\": \"en-US\", \"value\": \"Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en-US\", \"type\": \"CWE\", \"cweId\": \"CWE-502\", \"description\": \"CWE-502: Deserialization of Untrusted Data\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:microsoft:sharepoint_server_2016:*:*:*:*:enterprise:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"16.0.5552.1002\", \"versionStartIncluding\": \"16.0.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:sharepoint_server_2019:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"16.0.10417.20128\", \"versionStartIncluding\": \"16.0.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"16.0.19725.20280\", \"versionStartIncluding\": \"16.0.0\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"shortName\": \"microsoft\", \"dateUpdated\": \"2026-05-14T18:08:04.473Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-35439\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-14T18:08:04.473Z\", \"dateReserved\": \"2026-04-02T19:21:11.805Z\", \"assignerOrgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"datePublished\": \"2026-05-12T16:58:35.807Z\", \"assignerShortName\": \"microsoft\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

CERTFR-2026-AVI-0588

Vulnerability from certfr_avis - Published: 2026-05-13 - Updated: 2026-05-13

De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Microsoft	N/A	Microsoft SQL Server 2017 pour systèmes x64 (GDR) versions antérieures à 14.0.2110.2
Microsoft	N/A	Microsoft Visual Studio 2017 version 15.9 (inclus 15.0 - 15.8) antérieures à 15.9.80
Microsoft	N/A	Microsoft SharePoint Enterprise Server 2016 versions antérieures à 16.0.5552.1002
Microsoft	N/A	Microsoft Dynamics 365 Business Central Release Wave 2 2025 versions antérieures à 27.6
Microsoft	N/A	Microsoft Dynamics 365 Business Central Release Wave 1 2025 versions antérieures à 26.12
Microsoft	N/A	Microsoft JIRA SAML SSO plugin versions antérieures à 1.3.3
Microsoft	N/A	Microsoft Visual Studio 2026 version 18.5 antérieures à 18.5.3
Microsoft	N/A	Microsoft SQL Server 2022 pour systèmes x64 (GDR) versions antérieures à 16.0.1180.1
Microsoft	N/A	Microsoft SharePoint Server 2019 versions antérieures à 16.0.10417.20128
Microsoft	N/A	M365 Copilot pour Desktop versions antérieures à 19.2604.43111.0
Microsoft	N/A	Microsoft SQL Server 2022 pour systèmes x64 (CU 24) versions antérieures à 16.0.4252.3
Microsoft	N/A	Microsoft SQL Server 2019 pour systèmes x64 (CU 32) versions antérieures à 15.0.4470.1
Microsoft	N/A	Microsoft Data Formulator versions antérieures à 0.7
Microsoft	N/A	Microsoft SQL Server 2016 pour systèmes x64 Service Pack 3 (GDR) versions antérieures à 13.0.6490.1
Microsoft	N/A	Microsoft Teams pour Android versions antérieures à 1.0.0.2026092103
Microsoft	N/A	Microsoft SharePoint Server Subscription Edition versions antérieures à 16.0.19725.20280
Microsoft	N/A	Microsoft Dynamics 365 (on-premises) version 9.1 antérieures à 9.1.44.15
Microsoft	N/A	Microsoft SQL Server 2025 pour systèmes x64 (CU4) versions antérieures à 17.0.4040.1
Microsoft	N/A	Microsoft Visual Studio 2019 version 16.11 (inclus 16.0 - 16.10) antérieures à 16.11.56
Microsoft	N/A	Microsoft Visual Studio 2022 version 17.14 antérieures à 17.14.31
Microsoft	N/A	Microsoft SQL Server 2019 pour systèmes x64 (GDR) versions antérieures à 15.0.2170.1
Microsoft	N/A	Microsoft SQL Server 2016 pour systèmes x64 Service Pack 3 Azure Connect Feature Pack versions antérieures à 13.0.7085.1
Microsoft	N/A	Microsoft Visual Studio 2022 version 17.12 antérieures à 17.12.20
Microsoft	N/A	Microsoft SQL Server 2017 pour systèmes x64 (CU 31) versions antérieures à 14.0.3530.2
Microsoft	N/A	Microsoft Confluence SAML SSO plugin versions antérieures à 7.4.0
Microsoft	N/A	Visual Studio Code - Live Preview extension versions antérieures à 0.4.19
Microsoft	N/A	Microsoft SQL Server 2025 pour systèmes x64 (GDR) versions antérieures à 17.0.1115.1
Microsoft	N/A	Microsoft Dynamics 365 Business Central 2026 Release Wave 1 versions antérieures à 28.1
Microsoft	N/A	Visual Studio Code versions antérieures à 1.119.1
Microsoft	N/A	Microsoft Dynamics 365 Business Central 2024 Release Wave 2 versions antérieures à 25.18
Microsoft	N/A	Power Automate pour Desktop versions antérieures à 2.67

References

Title

Publication Time

NCSC-2026-0144

Vulnerability from csaf_ncscnl - Published: 2026-05-12 17:53 - Updated: 2026-05-12 17:53

Summary

Kwetsbaarheden verholpen in Microsoft Office

Notes

The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions: NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein. NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory. This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.

Feiten: Microsoft heeft kwetsbaarheden verholpen in diverse Office producten.

Interpretaties: Een kwaadwillende kan de kwetsbaarheden misbruiken om zich voor te doen als andere gebruiker, of willekeurige code uit te voeren met rechten van het slachtoffer en mogelijk toegang te krijgen tot gevoelige gegevens in de context van het slachtoffer. Voor succesvol misbruik moet de kwaadwillende het slachtoffer misleiden een malafide bestand te openen of link te volgen. De kwetsbaarheid met kenmerk CVE-2026-33823 is reeds door Microsoft centraal verholpen en slechts toegevoegd ter informatie. Er zijn geen verdere acties benodigd voor deze kwetsbaarheid. ``` Microsoft Teams: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-32185 | 5.50 | Voordoen als andere gebruiker | | CVE-2026-33823 | 9.60 | Toegang tot gevoelige gegevens | |----------------|------|-------------------------------------| Microsoft Office PowerPoint: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-41102 | 7.10 | Voordoen als andere gebruiker | |----------------|------|-------------------------------------| M365 Copilot: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-42893 | 7.40 | <Vertaal: Tampering> | |----------------|------|-------------------------------------| Microsoft Office Word: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-35440 | 5.50 | Toegang tot gevoelige gegevens | | CVE-2026-40364 | 8.40 | Uitvoeren van willekeurige code | | CVE-2026-40366 | 8.40 | Uitvoeren van willekeurige code | | CVE-2026-40421 | 4.30 | Toegang tot gevoelige gegevens | | CVE-2026-40361 | 8.40 | Uitvoeren van willekeurige code | | CVE-2026-40367 | 8.40 | Uitvoeren van willekeurige code | |----------------|------|-------------------------------------| Office for Android: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-42831 | 7.80 | Uitvoeren van willekeurige code | |----------------|------|-------------------------------------| Microsoft Office: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-40363 | 8.40 | Uitvoeren van willekeurige code | | CVE-2026-40419 | 7.80 | Verkrijgen van verhoogde rechten | | CVE-2026-40358 | 8.40 | Uitvoeren van willekeurige code | |----------------|------|-------------------------------------| Microsoft Office SharePoint: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-35439 | 8.80 | Uitvoeren van willekeurige code | | CVE-2026-40368 | 8.00 | Uitvoeren van willekeurige code | | CVE-2026-33110 | 8.80 | Uitvoeren van willekeurige code | | CVE-2026-33112 | 8.80 | Uitvoeren van willekeurige code | | CVE-2026-40357 | 8.80 | Uitvoeren van willekeurige code | | CVE-2026-40365 | 8.80 | Uitvoeren van willekeurige code | |----------------|------|-------------------------------------| Microsoft Office Excel: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-40360 | 7.80 | Toegang tot gevoelige gegevens | | CVE-2026-40359 | 7.80 | Uitvoeren van willekeurige code | | CVE-2026-40362 | 7.80 | Uitvoeren van willekeurige code | | CVE-2026-42832 | 7.70 | Voordoen als andere gebruiker | |----------------|------|-------------------------------------| Microsoft Office Click-To-Run: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-40418 | 7.80 | Verkrijgen van verhoogde rechten | | CVE-2026-35436 | 8.80 | Verkrijgen van verhoogde rechten | | CVE-2026-40420 | 8.80 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| ```

Oplossingen: Microsoft heeft updates beschikbaar gesteld waarmee de beschreven kwetsbaarheden worden verholpen. We raden u aan om deze updates te installeren. Meer informatie over de kwetsbaarheden, de installatie van de updates en eventuele work-arounds vindt u op: https://portal.msrc.microsoft.com/en-us/security-guidance

Kans: medium

Schade: high

CWE-73: External Control of File Name or Path

CWE-122: Heap-based Buffer Overflow

CWE-125: Out-of-bounds Read

CWE-284: Improper Access Control

CWE-285: Improper Authorization

CWE-416: Use After Free

CWE-502: Deserialization of Untrusted Data

CWE-552: Files or Directories Accessible to External Parties

CWE-822: Untrusted Pointer Dereference

CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')

CWE-908: Use of Uninitialized Resource

CWE-1220: Insufficient Granularity of Access Control

CVE-2026-35439

A deserialization vulnerability in Microsoft Office SharePoint allows an authorized attacker to remotely execute code over a network by processing untrusted data.

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE-502 - Deserialization of Untrusted Data

Affected products

Known affected 26 products

Product	Identifier	Version	Remediation
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Outlook for iOS		vers:unknown/*
vers:unknown/* Microsoft / Microsoft PowerPoint for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Enterprise Server 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server Subscription Edition		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Teams		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Teams for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Word 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Word 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Office Online Server		vers:unknown/*

CVE-2026-40368

A deserialization vulnerability in Microsoft Office SharePoint allows an authorized attacker to remotely execute code over a network by processing untrusted data.

8.0 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE-502 - Deserialization of Untrusted Data

Affected products

Known affected 26 products

Product	Identifier	Version	Remediation
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Outlook for iOS		vers:unknown/*
vers:unknown/* Microsoft / Microsoft PowerPoint for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Enterprise Server 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server Subscription Edition		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Teams		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Teams for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Word 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Word 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Office Online Server		vers:unknown/*

CVE-2026-33110

A deserialization vulnerability in Microsoft Office SharePoint allows an authorized attacker to remotely execute code over a network by processing untrusted data.

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE-502 - Deserialization of Untrusted Data

Affected products

Known affected 26 products

Product	Identifier	Version	Remediation
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Outlook for iOS		vers:unknown/*
vers:unknown/* Microsoft / Microsoft PowerPoint for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Enterprise Server 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server Subscription Edition		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Teams		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Teams for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Word 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Word 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Office Online Server		vers:unknown/*

CVE-2026-33112

A deserialization vulnerability in Microsoft Office SharePoint allows an authorized attacker to remotely execute code over a network by processing untrusted data.

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE-502 - Deserialization of Untrusted Data

Affected products

Known affected 26 products

Product	Identifier	Version	Remediation
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Outlook for iOS		vers:unknown/*
vers:unknown/* Microsoft / Microsoft PowerPoint for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Enterprise Server 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server Subscription Edition		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Teams		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Teams for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Word 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Word 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Office Online Server		vers:unknown/*

CVE-2026-40357

A deserialization vulnerability in Microsoft Office SharePoint allows an authorized attacker to remotely execute code over a network by processing untrusted data.

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE-502 - Deserialization of Untrusted Data

Affected products

Known affected 26 products

Product	Identifier	Version	Remediation
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Outlook for iOS		vers:unknown/*
vers:unknown/* Microsoft / Microsoft PowerPoint for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Enterprise Server 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server Subscription Edition		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Teams		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Teams for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Word 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Word 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Office Online Server		vers:unknown/*

CVE-2026-40365

An insufficient granularity of access control vulnerability in Microsoft Office SharePoint allows an authorized attacker to remotely execute code over a network.

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE-1220 - Insufficient Granularity of Access Control

Affected products

Known affected 26 products

Product	Identifier	Version	Remediation
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Outlook for iOS		vers:unknown/*
vers:unknown/* Microsoft / Microsoft PowerPoint for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Enterprise Server 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server Subscription Edition		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Teams		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Teams for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Word 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Word 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Office Online Server		vers:unknown/*

CVE-2026-40367

An untrusted pointer dereference vulnerability in Microsoft Office Word enables unauthorized local code execution by attackers.

8.4 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE-822 - Untrusted Pointer Dereference

Affected products

Known affected 26 products

Product	Identifier	Version	Remediation
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Outlook for iOS		vers:unknown/*
vers:unknown/* Microsoft / Microsoft PowerPoint for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Enterprise Server 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server Subscription Edition		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Teams		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Teams for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Word 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Word 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Office Online Server		vers:unknown/*

CVE-2026-35440

Microsoft Office Word contains a vulnerability where files or directories accessible to external parties can allow unauthorized attackers to locally disclose sensitive information.

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

CWE-552 - Files or Directories Accessible to External Parties

Affected products

Known affected 26 products

Product	Identifier	Version	Remediation
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Outlook for iOS		vers:unknown/*
vers:unknown/* Microsoft / Microsoft PowerPoint for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Enterprise Server 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server Subscription Edition		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Teams		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Teams for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Word 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Word 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Office Online Server		vers:unknown/*

CVE-2026-40360

An out-of-bounds read vulnerability in Microsoft Office Excel allows an unauthorized local attacker to disclose sensitive information by reading memory beyond intended boundaries.

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE-125 - Out-of-bounds Read

Affected products

Known affected 26 products

Product	Identifier	Version	Remediation
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Outlook for iOS		vers:unknown/*
vers:unknown/* Microsoft / Microsoft PowerPoint for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Enterprise Server 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server Subscription Edition		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Teams		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Teams for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Word 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Word 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Office Online Server		vers:unknown/*

CVE-2026-40363

A heap-based buffer overflow vulnerability in Microsoft Office allows an unauthorized local attacker to execute arbitrary code.

8.4 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE-122 - Heap-based Buffer Overflow

Affected products

Known affected 26 products

Product	Identifier	Version	Remediation
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Outlook for iOS		vers:unknown/*
vers:unknown/* Microsoft / Microsoft PowerPoint for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Enterprise Server 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server Subscription Edition		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Teams		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Teams for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Word 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Word 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Office Online Server		vers:unknown/*

CVE-2026-40364

A type confusion vulnerability in Microsoft Office Word allows unauthorized local code execution by accessing resources using incompatible types.

8.4 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE-122 - Heap-based Buffer Overflow

Affected products

Known affected 26 products

Product	Identifier	Version	Remediation
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Outlook for iOS		vers:unknown/*
vers:unknown/* Microsoft / Microsoft PowerPoint for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Enterprise Server 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server Subscription Edition		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Teams		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Teams for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Word 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Word 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Office Online Server		vers:unknown/*

CVE-2026-40366

A use after free vulnerability in Microsoft Office Word allows unauthorized attackers to execute code locally, posing a significant security risk.

8.4 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE-416 - Use After Free

Affected products

Known affected 26 products

Product	Identifier	Version	Remediation
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Outlook for iOS		vers:unknown/*
vers:unknown/* Microsoft / Microsoft PowerPoint for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Enterprise Server 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server Subscription Edition		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Teams		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Teams for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Word 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Word 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Office Online Server		vers:unknown/*

CVE-2026-40419

A use-after-free vulnerability in Microsoft Office allows an authorized attacker to locally elevate privileges by exploiting memory management flaws.

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE-416 - Use After Free

Affected products

Known affected 26 products

Product	Identifier	Version	Remediation
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Outlook for iOS		vers:unknown/*
vers:unknown/* Microsoft / Microsoft PowerPoint for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Enterprise Server 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server Subscription Edition		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Teams		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Teams for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Word 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Word 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Office Online Server		vers:unknown/*

CVE-2026-40421

An external control of file name or path vulnerability in Microsoft Office Word enables unauthorized attackers to disclose information over a network.

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C

CWE-73 - External Control of File Name or Path

Affected products

Known affected 26 products

Product	Identifier	Version	Remediation
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Outlook for iOS		vers:unknown/*
vers:unknown/* Microsoft / Microsoft PowerPoint for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Enterprise Server 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server Subscription Edition		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Teams		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Teams for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Word 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Word 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Office Online Server		vers:unknown/*

CVE-2026-40358

The document highlights a 'use after free' vulnerability in Microsoft Office that allows unauthorized attackers to execute code locally.

8.4 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE-416 - Use After Free

Affected products

Known affected 26 products

Product	Identifier	Version	Remediation
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Outlook for iOS		vers:unknown/*
vers:unknown/* Microsoft / Microsoft PowerPoint for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Enterprise Server 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server Subscription Edition		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Teams		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Teams for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Word 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Word 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Office Online Server		vers:unknown/*

CVE-2026-40359

A vulnerability in Microsoft Office Excel, termed 'use after free,' allows unauthorized attackers to execute code locally on affected systems.

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE-416 - Use After Free

Affected products

Known affected 26 products

Product	Identifier	Version	Remediation
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Outlook for iOS		vers:unknown/*
vers:unknown/* Microsoft / Microsoft PowerPoint for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Enterprise Server 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server Subscription Edition		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Teams		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Teams for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Word 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Word 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Office Online Server		vers:unknown/*

CVE-2026-40361

A use after free vulnerability in Microsoft Office Word allows unauthorized attackers to execute code locally, posing a significant security risk.

8.4 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE-416 - Use After Free

Affected products

Known affected 26 products

Product	Identifier	Version	Remediation
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Outlook for iOS		vers:unknown/*
vers:unknown/* Microsoft / Microsoft PowerPoint for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Enterprise Server 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server Subscription Edition		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Teams		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Teams for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Word 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Word 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Office Online Server		vers:unknown/*

CVE-2026-40362

A heap-based buffer overflow vulnerability in Microsoft Office Excel enables unauthorized local code execution by an attacker.

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE-122 - Heap-based Buffer Overflow

Affected products

Known affected 26 products

Product	Identifier	Version	Remediation
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Outlook for iOS		vers:unknown/*
vers:unknown/* Microsoft / Microsoft PowerPoint for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Enterprise Server 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server Subscription Edition		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Teams		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Teams for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Word 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Word 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Office Online Server		vers:unknown/*

CVE-2026-40418

A use-after-free vulnerability in Microsoft Office Click-To-Run allows an authorized local attacker to elevate privileges on the affected system.

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE-416 - Use After Free

Affected products

Known affected 26 products

Product	Identifier	Version	Remediation
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Outlook for iOS		vers:unknown/*
vers:unknown/* Microsoft / Microsoft PowerPoint for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Enterprise Server 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server Subscription Edition		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Teams		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Teams for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Word 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Word 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Office Online Server		vers:unknown/*

CVE-2026-35436

An insufficient granularity of access control vulnerability in Microsoft Office Click-To-Run allows an authorized local attacker to elevate privileges.

8.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE-1220 - Insufficient Granularity of Access Control

Affected products

Known affected 26 products

Product	Identifier	Version	Remediation
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Outlook for iOS		vers:unknown/*
vers:unknown/* Microsoft / Microsoft PowerPoint for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Enterprise Server 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server Subscription Edition		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Teams		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Teams for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Word 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Word 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Office Online Server		vers:unknown/*

CVE-2026-40420

An improper access control vulnerability in Microsoft Office Click-To-Run allows an authorized local attacker to elevate privileges on the affected system.

8.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C

Affected products

Known affected 26 products

Product	Identifier	Version	Remediation
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Outlook for iOS		vers:unknown/*
vers:unknown/* Microsoft / Microsoft PowerPoint for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Enterprise Server 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server Subscription Edition		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Teams		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Teams for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Word 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Word 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Office Online Server		vers:unknown/*

CVE-2026-42831

A heap-based buffer overflow vulnerability in Microsoft Office allows unauthorized local code execution, posing a significant security risk.

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE-122 - Heap-based Buffer Overflow

Affected products

Known affected 26 products

Product	Identifier	Version	Remediation
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Outlook for iOS		vers:unknown/*
vers:unknown/* Microsoft / Microsoft PowerPoint for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Enterprise Server 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server Subscription Edition		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Teams		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Teams for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Word 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Word 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Office Online Server		vers:unknown/*

CVE-2026-41102

An improper access control vulnerability in Microsoft Office PowerPoint enables an authorized local attacker to perform spoofing attacks.

7.1 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C

Affected products

Known affected 26 products

Product	Identifier	Version	Remediation
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Outlook for iOS		vers:unknown/*
vers:unknown/* Microsoft / Microsoft PowerPoint for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Enterprise Server 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server Subscription Edition		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Teams		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Teams for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Word 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Word 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Office Online Server		vers:unknown/*

CVE-2026-32185

Files or directories accessible to external parties in Microsoft Teams can be exploited by unauthorized attackers to perform local spoofing attacks.

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

CWE-552 - Files or Directories Accessible to External Parties

Affected products

Known affected 26 products

Product	Identifier	Version	Remediation
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Outlook for iOS		vers:unknown/*
vers:unknown/* Microsoft / Microsoft PowerPoint for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Enterprise Server 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server Subscription Edition		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Teams		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Teams for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Word 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Word 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Office Online Server		vers:unknown/*

CVE-2026-42832

An improper access control vulnerability in Microsoft Office allows a local unauthorized attacker to perform spoofing, potentially compromising the integrity of user interactions.

7.7 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C

Affected products

Known affected 26 products

Product	Identifier	Version	Remediation
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Outlook for iOS		vers:unknown/*
vers:unknown/* Microsoft / Microsoft PowerPoint for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Enterprise Server 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server Subscription Edition		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Teams		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Teams for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Word 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Word 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Office Online Server		vers:unknown/*

CVE-2026-42893

Improper neutralization of special elements in commands within Microsoft 365 Copilot allows unauthorized attackers to perform network tampering.

7.4 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N/E:U/RL:O/RC:C

CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

Affected products

Known affected 26 products

Product	Identifier	Version	Remediation
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Outlook for iOS		vers:unknown/*
vers:unknown/* Microsoft / Microsoft PowerPoint for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Enterprise Server 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server Subscription Edition		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Teams		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Teams for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Word 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Word 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Office Online Server		vers:unknown/*

CVE-2026-33823

An improper authorization vulnerability in Microsoft Teams allows an authorized attacker to disclose sensitive information over a network, potentially leading to unauthorized data exposure.

9.6 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

Affected products

Known affected 26 products

Product	Identifier	Version	Remediation
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Outlook for iOS		vers:unknown/*
vers:unknown/* Microsoft / Microsoft PowerPoint for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Enterprise Server 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server Subscription Edition		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Teams		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Teams for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Word 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Word 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Office Online Server		vers:unknown/*

References

27 references

URL	Category
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "Microsoft heeft kwetsbaarheden verholpen in diverse Office producten.",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "Een kwaadwillende kan de kwetsbaarheden misbruiken om zich voor te doen als andere gebruiker, of willekeurige code uit te voeren met rechten van het slachtoffer en mogelijk toegang te krijgen tot gevoelige gegevens in de context van het slachtoffer.\n\nVoor succesvol misbruik moet de kwaadwillende het slachtoffer misleiden een malafide bestand te openen of link te volgen.\n\nDe kwetsbaarheid met kenmerk CVE-2026-33823 is reeds door Microsoft centraal verholpen en slechts toegevoegd ter informatie. Er zijn geen verdere acties benodigd voor deze kwetsbaarheid.\n\n```\nMicrosoft Teams: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-32185 | 5.50 | Voordoen als andere gebruiker       | \n| CVE-2026-33823 | 9.60 | Toegang tot gevoelige gegevens      | \n|----------------|------|-------------------------------------|\n\nMicrosoft Office PowerPoint: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-41102 | 7.10 | Voordoen als andere gebruiker       | \n|----------------|------|-------------------------------------|\n\nM365 Copilot: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-42893 | 7.40 | \u003cVertaal: Tampering\u003e                | \n|----------------|------|-------------------------------------|\n\nMicrosoft Office Word: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-35440 | 5.50 | Toegang tot gevoelige gegevens      | \n| CVE-2026-40364 | 8.40 | Uitvoeren van willekeurige code     | \n| CVE-2026-40366 | 8.40 | Uitvoeren van willekeurige code     | \n| CVE-2026-40421 | 4.30 | Toegang tot gevoelige gegevens      | \n| CVE-2026-40361 | 8.40 | Uitvoeren van willekeurige code     | \n| CVE-2026-40367 | 8.40 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nOffice for Android: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-42831 | 7.80 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nMicrosoft Office: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-40363 | 8.40 | Uitvoeren van willekeurige code     | \n| CVE-2026-40419 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-40358 | 8.40 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nMicrosoft Office SharePoint: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-35439 | 8.80 | Uitvoeren van willekeurige code     | \n| CVE-2026-40368 | 8.00 | Uitvoeren van willekeurige code     | \n| CVE-2026-33110 | 8.80 | Uitvoeren van willekeurige code     | \n| CVE-2026-33112 | 8.80 | Uitvoeren van willekeurige code     | \n| CVE-2026-40357 | 8.80 | Uitvoeren van willekeurige code     | \n| CVE-2026-40365 | 8.80 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nMicrosoft Office Excel: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-40360 | 7.80 | Toegang tot gevoelige gegevens      | \n| CVE-2026-40359 | 7.80 | Uitvoeren van willekeurige code     | \n| CVE-2026-40362 | 7.80 | Uitvoeren van willekeurige code     | \n| CVE-2026-42832 | 7.70 | Voordoen als andere gebruiker       | \n|----------------|------|-------------------------------------|\n\nMicrosoft Office Click-To-Run: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-40418 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-35436 | 8.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-40420 | 8.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n```\n",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "Microsoft heeft updates beschikbaar gesteld waarmee de beschreven kwetsbaarheden worden verholpen. We raden u aan om deze updates te installeren. Meer informatie over de kwetsbaarheden, de installatie van de updates en eventuele work-arounds vindt u op:\n\nhttps://portal.msrc.microsoft.com/en-us/security-guidance",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "External Control of File Name or Path",
        "title": "CWE-73"
      },
      {
        "category": "general",
        "text": "Heap-based Buffer Overflow",
        "title": "CWE-122"
      },
      {
        "category": "general",
        "text": "Out-of-bounds Read",
        "title": "CWE-125"
      },
      {
        "category": "general",
        "text": "Improper Access Control",
        "title": "CWE-284"
      },
      {
        "category": "general",
        "text": "Improper Authorization",
        "title": "CWE-285"
      },
      {
        "category": "general",
        "text": "Use After Free",
        "title": "CWE-416"
      },
      {
        "category": "general",
        "text": "Deserialization of Untrusted Data",
        "title": "CWE-502"
      },
      {
        "category": "general",
        "text": "Files or Directories Accessible to External Parties",
        "title": "CWE-552"
      },
      {
        "category": "general",
        "text": "Untrusted Pointer Dereference",
        "title": "CWE-822"
      },
      {
        "category": "general",
        "text": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
        "title": "CWE-843"
      },
      {
        "category": "general",
        "text": "Use of Uninitialized Resource",
        "title": "CWE-908"
      },
      {
        "category": "general",
        "text": "Insufficient Granularity of Access Control",
        "title": "CWE-1220"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "title": "Kwetsbaarheden verholpen in Microsoft Office",
    "tracking": {
      "current_release_date": "2026-05-12T17:53:28.017576Z",
      "generator": {
        "date": "2025-08-04T16:30:00Z",
        "engine": {
          "name": "V.A.",
          "version": "1.3"
        }
      },
      "id": "NCSC-2026-0144",
      "initial_release_date": "2026-05-12T17:53:28.017576Z",
      "revision_history": [
        {
          "date": "2026-05-12T17:53:28.017576Z",
          "number": "1.0.0",
          "summary": "Initiele versie"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-1"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft 365 Apps for Enterprise for 32-bit Systems"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-2"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft 365 Apps for Enterprise for 64-bit Systems"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-3"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Excel 2016 (32-bit edition)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-4"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Excel 2016 (64-bit edition)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-5"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Excel for Android"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-6"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Office 2016 (32-bit edition)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-7"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Office 2016 (64-bit edition)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-8"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Office 2019 for 32-bit editions"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-9"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Office 2019 for 64-bit editions"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-10"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Office LTSC 2021 for 32-bit editions"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-11"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Office LTSC 2021 for 64-bit editions"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-12"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Office LTSC 2024 for 32-bit editions"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-13"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Office LTSC 2024 for 64-bit editions"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-14"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Office LTSC for Mac 2021"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-15"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Office LTSC for Mac 2024"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-16"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Office for Android"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-17"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Outlook for iOS"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-18"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft PowerPoint for Android"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-19"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft SharePoint Enterprise Server 2016"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-20"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft SharePoint Server 2019"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-21"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft SharePoint Server Subscription Edition"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-22"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Teams"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-23"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Teams for Android"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-24"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Word 2016 (32-bit edition)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-25"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Word 2016 (64-bit edition)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-26"
                }
              }
            ],
            "category": "product_name",
            "name": "Office Online Server"
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-35439",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "notes": [
        {
          "category": "other",
          "text": "Deserialization of Untrusted Data",
          "title": "CWE-502"
        },
        {
          "category": "description",
          "text": "A deserialization vulnerability in Microsoft Office SharePoint allows an authorized attacker to remotely execute code over a network by processing untrusted data.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-35439 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-35439.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26"
          ]
        }
      ],
      "title": "CVE-2026-35439"
    },
    {
      "cve": "CVE-2026-40368",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "notes": [
        {
          "category": "other",
          "text": "Deserialization of Untrusted Data",
          "title": "CWE-502"
        },
        {
          "category": "description",
          "text": "A deserialization vulnerability in Microsoft Office SharePoint allows an authorized attacker to remotely execute code over a network by processing untrusted data.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-40368 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-40368.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.0,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26"
          ]
        }
      ],
      "title": "CVE-2026-40368"
    },
    {
      "cve": "CVE-2026-33110",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "notes": [
        {
          "category": "other",
          "text": "Deserialization of Untrusted Data",
          "title": "CWE-502"
        },
        {
          "category": "description",
          "text": "A deserialization vulnerability in Microsoft Office SharePoint allows an authorized attacker to remotely execute code over a network by processing untrusted data.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-33110 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-33110.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26"
          ]
        }
      ],
      "title": "CVE-2026-33110"
    },
    {
      "cve": "CVE-2026-33112",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "notes": [
        {
          "category": "other",
          "text": "Deserialization of Untrusted Data",
          "title": "CWE-502"
        },
        {
          "category": "description",
          "text": "A deserialization vulnerability in Microsoft Office SharePoint allows an authorized attacker to remotely execute code over a network by processing untrusted data.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-33112 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-33112.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26"
          ]
        }
      ],
      "title": "CVE-2026-33112"
    },
    {
      "cve": "CVE-2026-40357",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "notes": [
        {
          "category": "other",
          "text": "Deserialization of Untrusted Data",
          "title": "CWE-502"
        },
        {
          "category": "description",
          "text": "A deserialization vulnerability in Microsoft Office SharePoint allows an authorized attacker to remotely execute code over a network by processing untrusted data.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-40357 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-40357.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26"
          ]
        }
      ],
      "title": "CVE-2026-40357"
    },
    {
      "cve": "CVE-2026-40365",
      "cwe": {
        "id": "CWE-1220",
        "name": "Insufficient Granularity of Access Control"
      },
      "notes": [
        {
          "category": "other",
          "text": "Insufficient Granularity of Access Control",
          "title": "CWE-1220"
        },
        {
          "category": "description",
          "text": "An insufficient granularity of access control vulnerability in Microsoft Office SharePoint allows an authorized attacker to remotely execute code over a network.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-40365 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-40365.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26"
          ]
        }
      ],
      "title": "CVE-2026-40365"
    },
    {
      "cve": "CVE-2026-40367",
      "cwe": {
        "id": "CWE-822",
        "name": "Untrusted Pointer Dereference"
      },
      "notes": [
        {
          "category": "other",
          "text": "Untrusted Pointer Dereference",
          "title": "CWE-822"
        },
        {
          "category": "description",
          "text": "An untrusted pointer dereference vulnerability in Microsoft Office Word enables unauthorized local code execution by attackers.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-40367 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-40367.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26"
          ]
        }
      ],
      "title": "CVE-2026-40367"
    },
    {
      "cve": "CVE-2026-35440",
      "cwe": {
        "id": "CWE-552",
        "name": "Files or Directories Accessible to External Parties"
      },
      "notes": [
        {
          "category": "other",
          "text": "Files or Directories Accessible to External Parties",
          "title": "CWE-552"
        },
        {
          "category": "description",
          "text": "Microsoft Office Word contains a vulnerability where files or directories accessible to external parties can allow unauthorized attackers to locally disclose sensitive information.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-35440 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-35440.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26"
          ]
        }
      ],
      "title": "CVE-2026-35440"
    },
    {
      "cve": "CVE-2026-40360",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Read",
          "title": "CWE-125"
        },
        {
          "category": "description",
          "text": "An out-of-bounds read vulnerability in Microsoft Office Excel allows an unauthorized local attacker to disclose sensitive information by reading memory beyond intended boundaries.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-40360 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-40360.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26"
          ]
        }
      ],
      "title": "CVE-2026-40360"
    },
    {
      "cve": "CVE-2026-40363",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "other",
          "text": "Heap-based Buffer Overflow",
          "title": "CWE-122"
        },
        {
          "category": "description",
          "text": "A heap-based buffer overflow vulnerability in Microsoft Office allows an unauthorized local attacker to execute arbitrary code.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-40363 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-40363.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26"
          ]
        }
      ],
      "title": "CVE-2026-40363"
    },
    {
      "cve": "CVE-2026-40364",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "other",
          "text": "Heap-based Buffer Overflow",
          "title": "CWE-122"
        },
        {
          "category": "other",
          "text": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
          "title": "CWE-843"
        },
        {
          "category": "other",
          "text": "Use of Uninitialized Resource",
          "title": "CWE-908"
        },
        {
          "category": "description",
          "text": "A type confusion vulnerability in Microsoft Office Word allows unauthorized local code execution by accessing resources using incompatible types.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-40364 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-40364.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26"
          ]
        }
      ],
      "title": "CVE-2026-40364"
    },
    {
      "cve": "CVE-2026-40366",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        },
        {
          "category": "description",
          "text": "A use after free vulnerability in Microsoft Office Word allows unauthorized attackers to execute code locally, posing a significant security risk.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-40366 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-40366.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26"
          ]
        }
      ],
      "title": "CVE-2026-40366"
    },
    {
      "cve": "CVE-2026-40419",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        },
        {
          "category": "description",
          "text": "A use-after-free vulnerability in Microsoft Office allows an authorized attacker to locally elevate privileges by exploiting memory management flaws.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-40419 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-40419.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26"
          ]
        }
      ],
      "title": "CVE-2026-40419"
    },
    {
      "cve": "CVE-2026-40421",
      "cwe": {
        "id": "CWE-73",
        "name": "External Control of File Name or Path"
      },
      "notes": [
        {
          "category": "other",
          "text": "External Control of File Name or Path",
          "title": "CWE-73"
        },
        {
          "category": "description",
          "text": "An external control of file name or path vulnerability in Microsoft Office Word enables unauthorized attackers to disclose information over a network.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-40421 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-40421.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26"
          ]
        }
      ],
      "title": "CVE-2026-40421"
    },
    {
      "cve": "CVE-2026-40358",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        },
        {
          "category": "description",
          "text": "The document highlights a \u0027use after free\u0027 vulnerability in Microsoft Office that allows unauthorized attackers to execute code locally.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-40358 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-40358.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26"
          ]
        }
      ],
      "title": "CVE-2026-40358"
    },
    {
      "cve": "CVE-2026-40359",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        },
        {
          "category": "description",
          "text": "A vulnerability in Microsoft Office Excel, termed \u0027use after free,\u0027 allows unauthorized attackers to execute code locally on affected systems.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-40359 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-40359.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26"
          ]
        }
      ],
      "title": "CVE-2026-40359"
    },
    {
      "cve": "CVE-2026-40361",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        },
        {
          "category": "description",
          "text": "A use after free vulnerability in Microsoft Office Word allows unauthorized attackers to execute code locally, posing a significant security risk.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-40361 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-40361.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26"
          ]
        }
      ],
      "title": "CVE-2026-40361"
    },
    {
      "cve": "CVE-2026-40362",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "other",
          "text": "Heap-based Buffer Overflow",
          "title": "CWE-122"
        },
        {
          "category": "description",
          "text": "A heap-based buffer overflow vulnerability in Microsoft Office Excel enables unauthorized local code execution by an attacker.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-40362 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-40362.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26"
          ]
        }
      ],
      "title": "CVE-2026-40362"
    },
    {
      "cve": "CVE-2026-40418",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        },
        {
          "category": "description",
          "text": "A use-after-free vulnerability in Microsoft Office Click-To-Run allows an authorized local attacker to elevate privileges on the affected system.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-40418 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-40418.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26"
          ]
        }
      ],
      "title": "CVE-2026-40418"
    },
    {
      "cve": "CVE-2026-35436",
      "cwe": {
        "id": "CWE-1220",
        "name": "Insufficient Granularity of Access Control"
      },
      "notes": [
        {
          "category": "other",
          "text": "Insufficient Granularity of Access Control",
          "title": "CWE-1220"
        },
        {
          "category": "description",
          "text": "An insufficient granularity of access control vulnerability in Microsoft Office Click-To-Run allows an authorized local attacker to elevate privileges.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-35436 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-35436.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26"
          ]
        }
      ],
      "title": "CVE-2026-35436"
    },
    {
      "cve": "CVE-2026-40420",
      "notes": [
        {
          "category": "description",
          "text": "An improper access control vulnerability in Microsoft Office Click-To-Run allows an authorized local attacker to elevate privileges on the affected system.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-40420 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-40420.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26"
          ]
        }
      ],
      "title": "CVE-2026-40420"
    },
    {
      "cve": "CVE-2026-42831",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "other",
          "text": "Heap-based Buffer Overflow",
          "title": "CWE-122"
        },
        {
          "category": "description",
          "text": "A heap-based buffer overflow vulnerability in Microsoft Office allows unauthorized local code execution, posing a significant security risk.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-42831 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-42831.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26"
          ]
        }
      ],
      "title": "CVE-2026-42831"
    },
    {
      "cve": "CVE-2026-41102",
      "notes": [
        {
          "category": "description",
          "text": "An improper access control vulnerability in Microsoft Office PowerPoint enables an authorized local attacker to perform spoofing attacks.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-41102 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-41102.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26"
          ]
        }
      ],
      "title": "CVE-2026-41102"
    },
    {
      "cve": "CVE-2026-32185",
      "cwe": {
        "id": "CWE-552",
        "name": "Files or Directories Accessible to External Parties"
      },
      "notes": [
        {
          "category": "other",
          "text": "Files or Directories Accessible to External Parties",
          "title": "CWE-552"
        },
        {
          "category": "description",
          "text": "Files or directories accessible to external parties in Microsoft Teams can be exploited by unauthorized attackers to perform local spoofing attacks.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-32185 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-32185.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26"
          ]
        }
      ],
      "title": "CVE-2026-32185"
    },
    {
      "cve": "CVE-2026-42832",
      "notes": [
        {
          "category": "description",
          "text": "An improper access control vulnerability in Microsoft Office allows a local unauthorized attacker to perform spoofing, potentially compromising the integrity of user interactions.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-42832 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-42832.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26"
          ]
        }
      ],
      "title": "CVE-2026-42832"
    },
    {
      "cve": "CVE-2026-42893",
      "cwe": {
        "id": "CWE-77",
        "name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
          "title": "CWE-77"
        },
        {
          "category": "description",
          "text": "Improper neutralization of special elements in commands within Microsoft 365 Copilot allows unauthorized attackers to perform network tampering.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-42893 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-42893.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26"
          ]
        }
      ],
      "title": "CVE-2026-42893"
    },
    {
      "cve": "CVE-2026-33823",
      "notes": [
        {
          "category": "description",
          "text": "An improper authorization vulnerability in Microsoft Teams allows an authorized attacker to disclose sensitive information over a network, potentially leading to unauthorized data exposure.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-33823 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-33823.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.6,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26"
          ]
        }
      ],
      "title": "CVE-2026-33823"
    }
  ]
}

GHSA-X84H-H468-6JPC

Vulnerability from github – Published: 2026-05-12 18:30 – Updated: 2026-05-12 18:30

Details

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Severity ?

8.8 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2026-35439"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-502"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-12T18:17:14Z",
    "severity": "HIGH"
  },
  "details": "Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.",
  "id": "GHSA-x84h-h468-6jpc",
  "modified": "2026-05-12T18:30:44Z",
  "published": "2026-05-12T18:30:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35439"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35439"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2026-35439

Vulnerability from fkie_nvd - Published: 2026-05-12 18:17 - Updated: 2026-05-13 20:53

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

References

	URL	Tags
	secure@microsoft.com	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35439	Vendor Advisory

Impacted products

Vendor	Product	Version
microsoft	sharepoint_server	*
microsoft	sharepoint_server	2016
microsoft	sharepoint_server	2019

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*",
              "matchCriteriaId": "E9919927-DE08-4AE4-B9F6-2A83117EE14A",
              "versionEndExcluding": "16.0.19725.20280",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "F815EF1D-7B60-47BE-9AC2-2548F99F10E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*",
              "matchCriteriaId": "6122D014-5BF1-4AF4-8B4D-80205ED7785E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network."
    }
  ],
  "id": "CVE-2026-35439",
  "lastModified": "2026-05-13T20:53:04.193",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "secure@microsoft.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2026-05-12T18:17:14.153",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35439"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ],
      "source": "secure@microsoft.com",
      "type": "Primary"
    }
  ]
}

MSRC_CVE-2026-35439

Vulnerability from csaf_microsoft - Published: 2026-05-12 07:00 - Updated: 2026-05-12 07:00

Summary

Microsoft SharePoint Server Remote Code Execution Vulnerability

Severity

Important

Notes

Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

Customer Action: Required. The vulnerability documented by this CVE requires customer action to resolve.

CVE-2026-35439

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE-502 - Deserialization of Untrusted Data

Affected products

Fixed 3 products

Product	Identifier	Version	Remediation
Microsoft SharePoint Enterprise Server 2016 16.0.5552.1002 Microsoft SharePoint Enterprise Server 2016		16.0.5552.1002
Microsoft SharePoint Server 2019 16.0.10417.20128 Microsoft SharePoint Server 2019		16.0.10417.20128
Microsoft SharePoint Server Subscription Edition 16.0.19725.20280 Microsoft SharePoint Server Subscription Edition		16.0.19725.20280

Known affected 3 products

Product	Version	Remediation
Microsoft SharePoint Server Subscription Edition <16.0.19725.20280 Microsoft SharePoint Server Subscription Edition	<16.0.19725.20280	Vendor Fix fix
Microsoft SharePoint Server 2019 <16.0.10417.20128 Microsoft SharePoint Server 2019	<16.0.10417.20128	Vendor Fix fix
Microsoft SharePoint Enterprise Server 2016 <16.0.5552.1002 Microsoft SharePoint Enterprise Server 2016	<16.0.5552.1002	Vendor Fix fix

Threats

Impact Remote Code Execution

Exploit Status Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely

References

7 references

URL	Category
https://msrc.microsoft.com/update-guide/vulnerabi…	self
https://msrc.microsoft.com/csaf/advisories/2026/m…	self
https://www.microsoft.com/en-us/msrc/exploitabili…	external
https://support.microsoft.com/lifecycle	external
https://www.first.org/cvss	external
https://msrc.microsoft.com/update-guide/vulnerabi…	self
https://msrc.microsoft.com/csaf/advisories/2026/m…	self

Acknowledgments

f7d8c52bec79e42795cf15888b85cbad

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "f7d8c52bec79e42795cf15888b85cbad"
        ]
      }
    ],
    "aggregate_severity": {
      "namespace": "https://www.microsoft.com/en-us/msrc/security-update-severity-rating-system",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      },
      {
        "category": "general",
        "text": "Required. The vulnerability documented by this CVE requires customer action to resolve.",
        "title": "Customer Action"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2026-35439 Microsoft SharePoint Server Remote Code Execution Vulnerability - HTML",
        "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35439"
      },
      {
        "category": "self",
        "summary": "CVE-2026-35439 Microsoft SharePoint Server Remote Code Execution Vulnerability - CSAF",
        "url": "https://msrc.microsoft.com/csaf/advisories/2026/msrc_cve-2026-35439.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Exploitability Index",
        "url": "https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "Microsoft SharePoint Server Remote Code Execution Vulnerability",
    "tracking": {
      "current_release_date": "2026-05-12T07:00:00.000Z",
      "generator": {
        "date": "2026-05-12T17:53:08.774Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2026-35439",
      "initial_release_date": "2026-05-12T07:00:00.000Z",
      "revision_history": [
        {
          "date": "2026-05-12T07:00:00.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c16.0.5552.1002",
            "product": {
              "name": "Microsoft SharePoint Enterprise Server 2016 \u003c16.0.5552.1002",
              "product_id": "3"
            }
          },
          {
            "category": "product_version",
            "name": "16.0.5552.1002",
            "product": {
              "name": "Microsoft SharePoint Enterprise Server 2016 16.0.5552.1002",
              "product_id": "10950"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft SharePoint Enterprise Server 2016"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c16.0.10417.20128",
            "product": {
              "name": "Microsoft SharePoint Server 2019 \u003c16.0.10417.20128",
              "product_id": "2"
            }
          },
          {
            "category": "product_version",
            "name": "16.0.10417.20128",
            "product": {
              "name": "Microsoft SharePoint Server 2019 16.0.10417.20128",
              "product_id": "11585"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft SharePoint Server 2019"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c16.0.19725.20280",
            "product": {
              "name": "Microsoft SharePoint Server Subscription Edition \u003c16.0.19725.20280",
              "product_id": "1"
            }
          },
          {
            "category": "product_version",
            "name": "16.0.19725.20280",
            "product": {
              "name": "Microsoft SharePoint Server Subscription Edition 16.0.19725.20280",
              "product_id": "11961"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft SharePoint Server Subscription Edition"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-35439",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "notes": [
        {
          "category": "general",
          "text": "Microsoft",
          "title": "Assigning CNA"
        },
        {
          "category": "faq",
          "text": "Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.",
          "title": "According to the CVSS metric, privileges required is low (PR:L).  What does that mean for this vulnerability?"
        },
        {
          "category": "faq",
          "text": "In a network-based attack, an attacker authenticated as at least a Site Owner, could write arbitrary code to inject and execute code remotely on the SharePoint Server.",
          "title": "How could an attacker exploit the vulnerability?"
        },
        {
          "category": "faq",
          "text": "Yes. The same KB number applies to both SharePoint Server 2016 and SharePoint Enterprise Server 2016. Customers running either version should install the security update to be protected from this vulnerability.",
          "title": "I am running SharePoint Server 2016. Do the updates for SharePoint Enterprise Server 2016 also apply to the version I am running?"
        }
      ],
      "product_status": {
        "fixed": [
          "10950",
          "11585",
          "11961"
        ],
        "known_affected": [
          "1",
          "2",
          "3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-35439 Microsoft SharePoint Server Remote Code Execution Vulnerability - HTML",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35439"
        },
        {
          "category": "self",
          "summary": "CVE-2026-35439 Microsoft SharePoint Server Remote Code Execution Vulnerability - CSAF",
          "url": "https://msrc.microsoft.com/csaf/advisories/2026/msrc_cve-2026-35439.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-05-12T07:00:00.000Z",
          "details": "16.0.5552.1002:Security Update:https://support.microsoft.com/help/5002868",
          "product_ids": [
            "3"
          ],
          "url": "https://support.microsoft.com/help/5002868"
        },
        {
          "category": "vendor_fix",
          "date": "2026-05-12T07:00:00.000Z",
          "details": "16.0.10417.20128:Security Update:https://support.microsoft.com/help/5002870",
          "product_ids": [
            "2"
          ],
          "url": "https://support.microsoft.com/help/5002870"
        },
        {
          "category": "vendor_fix",
          "date": "2026-05-12T07:00:00.000Z",
          "details": "16.0.19725.20280:Security Update:https://support.microsoft.com/help/5002863",
          "product_ids": [
            "1"
          ],
          "url": "https://support.microsoft.com/help/5002863"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalsScore": 0.0,
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 7.7,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1",
            "2",
            "3"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Remote Code Execution"
        },
        {
          "category": "exploit_status",
          "details": "Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely"
        }
      ],
      "title": "Microsoft SharePoint Server Remote Code Execution Vulnerability"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-35439 (GCVE-0-2026-35439)

CERTFR-2026-AVI-0588

Solutions

NCSC-2026-0144

GHSA-X84H-H468-6JPC

FKIE_CVE-2026-35439

MSRC_CVE-2026-35439

Tags

Sightings

Nomenclature