Vulnerability-Lookup

CVE-2026-26113 (GCVE-0-2026-26113)

Vulnerability from cvelistv5 – Published: 2026-03-10 17:05 – Updated: 2026-04-14 16:36

Title

Microsoft Office Remote Code Execution Vulnerability

Summary

Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally.

Severity

8.4 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

CWE-822 - Untrusted Pointer Dereference

Assigner

microsoft

References

1 reference

URL	Tags
https://msrc.microsoft.com/update-guide/vulnerabi…	vendor-advisorypatch

Impacted products

10 products

Vendor	Product	Version
Microsoft	Microsoft 365 Apps for Enterprise	Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
Microsoft	Microsoft Office 2016	Affected: 16.0.0 , < 16.0.5543.1000 (custom)
Microsoft	Microsoft Office 2019	Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
Microsoft	Microsoft Office LTSC 2021	Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
Microsoft	Microsoft Office LTSC 2024	Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
Microsoft	Microsoft Office LTSC for Mac 2021	Affected: 16.0.1 , < 16.107.26030819 (custom)
Microsoft	Microsoft Office LTSC for Mac 2024	Affected: 16.0.0 , < 16.107.26030819 (custom)
Microsoft	Microsoft SharePoint Enterprise Server 2016	Affected: 16.0.0 , < 16.0.5543.1000 (custom)
Microsoft	Microsoft SharePoint Server 2019	Affected: 16.0.0 , < 16.0.10417.20102 (custom)
Microsoft	Microsoft SharePoint Server Subscription Edition	Affected: 16.0.0 , < 16.0.19725.20076 (custom)

Date Public

2026-03-10 14:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-26113",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-05T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-11T03:55:41.436Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft 365 Apps for Enterprise",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Office 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.5543.1000",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Office 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "19.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft Office LTSC 2021",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Office LTSC 2024",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Microsoft Office LTSC for Mac 2021",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.107.26030819",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Microsoft Office LTSC for Mac 2024",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.107.26030819",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SharePoint Enterprise Server 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.5543.1000",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SharePoint Server 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.10417.20102",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SharePoint Server Subscription Edition",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.19725.20076",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:sharepoint_server_2016:*:*:*:*:enterprise:*:*:*",
                  "versionEndExcluding": "16.0.5543.1000",
                  "versionStartIncluding": "16.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*",
                  "versionEndExcluding": "16.0.19725.20076",
                  "versionStartIncluding": "16.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:sharepoint_server_2019:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "16.0.10417.20102",
                  "versionStartIncluding": "16.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "19.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
                  "versionEndExcluding": "16.107.26030819",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
                  "versionEndExcluding": "16.107.26030819",
                  "versionStartIncluding": "16.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office_2016:*:*:*:*:*:*:x86:*",
                  "versionEndExcluding": "16.0.5543.1000",
                  "versionStartIncluding": "16.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2026-03-10T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-822",
              "description": "CWE-822: Untrusted Pointer Dereference",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-14T16:36:08.605Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft Office Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26113"
        }
      ],
      "title": "Microsoft Office Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2026-26113",
    "datePublished": "2026-03-10T17:05:04.093Z",
    "dateReserved": "2026-02-11T15:52:13.910Z",
    "dateUpdated": "2026-04-14T16:36:08.605Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-26113",
      "date": "2026-05-28",
      "epss": "0.00033",
      "percentile": "0.10223"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-26113\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2026-03-10T18:18:40.177\",\"lastModified\":\"2026-03-13T17:08:02.900\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally.\"},{\"lang\":\"es\",\"value\":\"Desreferencia de puntero no confiable en Microsoft Office permite a un atacante no autorizado ejecutar c\u00f3digo localmente.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.5,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-822\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*\",\"matchCriteriaId\":\"3259EBFE-AE2D-48B8-BE9A-E22BBDB31378\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*\",\"matchCriteriaId\":\"CD25F492-9272-4836-832C-8439EBE64CCF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x64:*\",\"matchCriteriaId\":\"72324216-4EB3-4243-A007-FEF3133C7DF9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x86:*\",\"matchCriteriaId\":\"0FBB0E61-7997-4F26-9C07-54912D3F1C10\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x64:*\",\"matchCriteriaId\":\"CF5DDD09-902E-4881-98D0-CB896333B4AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x86:*\",\"matchCriteriaId\":\"26A3B226-5D7C-4556-9350-5222DC8EFC2C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x64:*\",\"matchCriteriaId\":\"75F7306B-D1DA-48C2-AF87-4480E161D794\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:macos:*:*\",\"matchCriteriaId\":\"BF0E8112-5B6F-4E55-8E40-38ADCF6FC654\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:-:x64:*\",\"matchCriteriaId\":\"D31E509A-0B2E-4B41-88C4-0099E800AFE6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:-:x86:*\",\"matchCriteriaId\":\"017A7041-BEF1-4E4E-AC8A-EFC6AFEB01FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:macos:*:*\",\"matchCriteriaId\":\"EF3E56B5-E6A6-4061-9380-D421E52B9199\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*\",\"versionEndExcluding\":\"16.0.19725.20076\",\"matchCriteriaId\":\"DD6194DB-E1C7-4206-A116-2E87C69618E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"F815EF1D-7B60-47BE-9AC2-2548F99F10E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6122D014-5BF1-4AF4-8B4D-80205ED7785E\"}]}]}],\"references\":[{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26113\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-26113\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-10T18:39:49.808399Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-03-10T18:39:50.957Z\"}}], \"cna\": {\"title\": \"Microsoft Office Remote Code Execution Vulnerability\", \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 8.4, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C\"}, \"scenarios\": [{\"lang\": \"en-US\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Microsoft\", \"product\": \"Microsoft 365 Apps for Enterprise\", \"versions\": [{\"status\": \"affected\", \"version\": \"16.0.1\", \"lessThan\": \"https://aka.ms/OfficeSecurityReleases\", \"versionType\": \"custom\"}], \"platforms\": [\"32-bit Systems\", \"x64-based Systems\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft Office 2016\", \"versions\": [{\"status\": \"affected\", \"version\": \"16.0.0\", \"lessThan\": \"16.0.5543.1000\", \"versionType\": \"custom\"}], \"platforms\": [\"32-bit Systems\", \"x64-based Systems\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft Office 2019\", \"versions\": [{\"status\": \"affected\", \"version\": \"19.0.0\", \"lessThan\": \"https://aka.ms/OfficeSecurityReleases\", \"versionType\": \"custom\"}], \"platforms\": [\"32-bit Systems\", \"x64-based Systems\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft Office LTSC 2021\", \"versions\": [{\"status\": \"affected\", \"version\": \"16.0.1\", \"lessThan\": \"https://aka.ms/OfficeSecurityReleases\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft Office LTSC 2024\", \"versions\": [{\"status\": \"affected\", \"version\": \"16.0.0\", \"lessThan\": \"https://aka.ms/OfficeSecurityReleases\", \"versionType\": \"custom\"}], \"platforms\": [\"32-bit Systems\", \"x64-based Systems\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft Office LTSC for Mac 2021\", \"versions\": [{\"status\": \"affected\", \"version\": \"16.0.1\", \"lessThan\": \"16.107.26030819\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft Office LTSC for Mac 2024\", \"versions\": [{\"status\": \"affected\", \"version\": \"16.0.0\", \"lessThan\": \"16.107.26030819\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft SharePoint Enterprise Server 2016\", \"versions\": [{\"status\": \"affected\", \"version\": \"16.0.0\", \"lessThan\": \"16.0.5543.1000\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft SharePoint Server 2019\", \"versions\": [{\"status\": \"affected\", \"version\": \"16.0.0\", \"lessThan\": \"16.0.10417.20102\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft SharePoint Server Subscription Edition\", \"versions\": [{\"status\": \"affected\", \"version\": \"16.0.0\", \"lessThan\": \"16.0.19725.20076\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}], \"datePublic\": \"2026-03-10T14:00:00.000Z\", \"references\": [{\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26113\", \"name\": \"Microsoft Office Remote Code Execution Vulnerability\", \"tags\": [\"vendor-advisory\", \"patch\"]}], \"descriptions\": [{\"lang\": \"en-US\", \"value\": \"Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en-US\", \"type\": \"CWE\", \"cweId\": \"CWE-822\", \"description\": \"CWE-822: Untrusted Pointer Dereference\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:microsoft:sharepoint_server_2016:*:*:*:*:enterprise:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"16.0.5543.1000\", \"versionStartIncluding\": \"16.0.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"16.0.19725.20076\", \"versionStartIncluding\": \"16.0.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:sharepoint_server_2019:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"16.0.10417.20102\", \"versionStartIncluding\": \"16.0.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"https://aka.ms/OfficeSecurityReleases\", \"versionStartIncluding\": \"19.0.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"https://aka.ms/OfficeSecurityReleases\", \"versionStartIncluding\": \"16.0.1\"}, {\"criteria\": \"cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"16.107.26030819\", \"versionStartIncluding\": \"16.0.1\"}, {\"criteria\": \"cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"https://aka.ms/OfficeSecurityReleases\", \"versionStartIncluding\": \"16.0.1\"}, {\"criteria\": \"cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"https://aka.ms/OfficeSecurityReleases\", \"versionStartIncluding\": \"16.0.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"16.107.26030819\", \"versionStartIncluding\": \"16.0.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:office_2016:*:*:*:*:*:*:x86:*\", \"vulnerable\": true, \"versionEndExcluding\": \"16.0.5543.1000\", \"versionStartIncluding\": \"16.0.0\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"shortName\": \"microsoft\", \"dateUpdated\": \"2026-04-14T16:36:08.605Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-26113\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-04-14T16:36:08.605Z\", \"dateReserved\": \"2026-02-11T15:52:13.910Z\", \"assignerOrgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"datePublished\": \"2026-03-10T17:05:04.093Z\", \"assignerShortName\": \"microsoft\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

CERTFR-2026-AVI-0270

Vulnerability from certfr_avis - Published: 2026-03-11 - Updated: 2026-03-11

De multiples vulnérabilités ont été découvertes dans Microsoft Office. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Microsoft	N/A	Microsoft Office LTSC pour Mac 2024 versions antérieures à 16.107.26030819
Microsoft	N/A	Microsoft Office LTSC 2024 pour éditions 64 bits
Microsoft	N/A	Office Online Server versions antérieures à 16.0.10417.20102
Microsoft	N/A	Microsoft Office LTSC pour Mac 2021 versions antérieures à 16.107.26030819
Microsoft	N/A	Microsoft Office LTSC 2021 pour éditions 32 bits
Microsoft	N/A	Microsoft Office 2019 pour éditions 32 bits
Microsoft	N/A	Microsoft 365 Apps pour Enterprise pour systèmes 32 bits
Microsoft	N/A	Microsoft Office 2019 pour éditions 64 bits
Microsoft	N/A	Microsoft Office LTSC 2024 pour éditions 32 bits
Microsoft	N/A	Microsoft Office pour Android versions antérieures à 16.0.19822.20000
Microsoft	N/A	Microsoft Excel 2016 (édition 32 bits) versions antérieures à 16.0.5543.1000
Microsoft	N/A	Microsoft Office LTSC 2021 pour éditions 64 bits
Microsoft	N/A	Microsoft Excel 2016 (édition 64 bits) versions antérieures à 16.0.5543.1000
Microsoft	N/A	Microsoft 365 Apps pour Enterprise pour systèmes 64 bits

References

Title

Publication Time

CERTFR-2026-AVI-0274

Vulnerability from certfr_avis - Published: 2026-03-11 - Updated: 2026-03-11

De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Microsoft	N/A	azl3 freetype 2.13.2-1 versions antérieures à 2.13.2-2
Microsoft	N/A	Microsoft Semantic Kernel Python SDK versions antérieures à 1.39.4
Microsoft	N/A	Microsoft SQL Server 2025 pour systèmes x64 (CU2) versions antérieures à 17.0.4020.2
Microsoft	N/A	Microsoft SQL Server 2016 pour systèmes x64 Service Pack 3 (GDR) versions antérieures à 13.0.6480.4
Microsoft	N/A	Microsoft SQL Server 2017 pour systèmes x64 (GDR) versions antérieures à 14.0.2100.4
Microsoft	N/A	Microsoft SQL Server 2017 pour systèmes x64 (CU 31) versions antérieures à 14.0.3520.4
Microsoft	N/A	Microsoft Authenticator pour Android versions antérieures à 6.2511.7533
Microsoft	N/A	Microsoft SharePoint Enterprise Server 2016 versions antérieures à 16.0.5543.1000
Microsoft	N/A	Microsoft SharePoint Server 2019 versions antérieures à 16.0.10417.20102
Microsoft	N/A	Microsoft SQL Server 2022 pour systèmes x64 (CU 23) versions antérieures à 16.0.4240.4
Microsoft	N/A	Microsoft SharePoint Server Subscription Edition versions antérieures à 16.0.19725.20076
Microsoft	N/A	System Center Operations Manager 2022 versions antérieures à 10.22.11951.0
Microsoft	N/A	cbl2 freetype 2.13.1-1 versions antérieures à 2.13.1-2
Microsoft	N/A	Microsoft Authenticator pour IOS versions antérieures à 6.8.40
Microsoft	N/A	Microsoft.Bcl.Memory 9.0 versions antérieures à 9.0.14
Microsoft	N/A	Microsoft SQL Server 2016 pour systèmes x64 Service Pack 3 Azure Connect Feature Pack versions antérieures à 13.0.7075.5
Microsoft	N/A	Microsoft SQL Server 2019 pour systèmes x64 (CU 32) versions antérieures à 15.0.4460.4
Microsoft	N/A	Microsoft.Bcl.Memory 10.0 versions antérieures à 10.0.4
Microsoft	N/A	Microsoft SQL Server 2022 pour systèmes x64 (GDR) versions antérieures à 16.0.1170.5
Microsoft	N/A	Microsoft SQL Server 2019 pour systèmes x64 (GDR) versions antérieures à 16.0.1170.5
Microsoft	N/A	Microsoft SQL Server 2025 pour systèmes x64 (GDR) versions antérieures à 17.0.1105.2
Microsoft	N/A	System Center Operations Manager 2025 versions antérieures à 10.25.10377.0
Microsoft	N/A	GitHub Repo: Zero Shot scFoundation versions antérieures à 0.1.1
Microsoft	N/A	System Center Operations Manager 2019 versions antérieures à 10.19.10658.0

References

Title

Publication Time

CNVD-2026-16159

Vulnerability from cnvd - Published: 2026-04-07

Title

Microsoft Office代码执行漏洞（CNVD-2026-16159）

Description

Microsoft Office是美国微软（Microsoft）公司的一款办公软件套件产品。该产品常用组件包括Word、Excel、Access、Powerpoint、FrontPage等。 Microsoft Office存在代码执行漏洞，攻击者可利用该漏洞执行代码。

Severity

中

Patch Name

Microsoft Office代码执行漏洞（CNVD-2026-16159）的补丁

Patch Description

Microsoft Office是美国微软（Microsoft）公司的一款办公软件套件产品。该产品常用组件包括Word、Excel、Access、Powerpoint、FrontPage等。 Microsoft Office存在代码执行漏洞，攻击者可利用该漏洞执行代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26113

Reference

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26113

Impacted products

Name
['Microsoft SharePoint Enterprise Server 2016', 'Microsoft Office 2019', 'Microsoft SharePoint Server 2019', 'Microsoft 365 Apps for Enterprise', 'Microsoft Office LTSC 2021', 'Microsoft Office LTSC for Mac 2021', 'Microsoft Microsoft Office LTSC 2024', 'Microsoft Office LTSC for Mac 2024']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2026-26113",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2026-26113"
    }
  },
  "description": "Microsoft Office\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u529e\u516c\u8f6f\u4ef6\u5957\u4ef6\u4ea7\u54c1\u3002\u8be5\u4ea7\u54c1\u5e38\u7528\u7ec4\u4ef6\u5305\u62ecWord\u3001Excel\u3001Access\u3001Powerpoint\u3001FrontPage\u7b49\u3002\n\nMicrosoft Office\u5b58\u5728\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4ee3\u7801\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a \r\nhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26113",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2026-16159",
  "openTime": "2026-04-07",
  "patchDescription": "Microsoft Office\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u529e\u516c\u8f6f\u4ef6\u5957\u4ef6\u4ea7\u54c1\u3002\u8be5\u4ea7\u54c1\u5e38\u7528\u7ec4\u4ef6\u5305\u62ecWord\u3001Excel\u3001Access\u3001Powerpoint\u3001FrontPage\u7b49\u3002\r\n\r\nMicrosoft Office\u5b58\u5728\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Microsoft Office\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08CNVD-2026-16159\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Microsoft SharePoint Enterprise Server 2016",
      "Microsoft Office 2019",
      "Microsoft SharePoint Server 2019",
      "Microsoft 365 Apps for Enterprise",
      "Microsoft Office LTSC 2021",
      "Microsoft Office LTSC for Mac 2021",
      "Microsoft Microsoft Office LTSC 2024",
      "Microsoft Office LTSC for Mac 2024"
    ]
  },
  "referenceLink": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26113",
  "serverity": "\u4e2d",
  "submitTime": "2026-03-25",
  "title": "Microsoft Office\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08CNVD-2026-16159\uff09"
}

FKIE_CVE-2026-26113

Vulnerability from fkie_nvd - Published: 2026-03-10 18:18 - Updated: 2026-03-13 17:08

Severity

8.4 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally.

References

	URL	Tags
	secure@microsoft.com	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26113	Vendor Advisory

Impacted products

Vendor	Product	Version
microsoft	365_apps	-
microsoft	365_apps	-
microsoft	office	2016
microsoft	office	2016
microsoft	office	2019
microsoft	office	2019
microsoft	office_long_term_servicing_channel	2021
microsoft	office_long_term_servicing_channel	2021
microsoft	office_long_term_servicing_channel	2024
microsoft	office_long_term_servicing_channel	2024
microsoft	office_long_term_servicing_channel	2024
microsoft	sharepoint_server	*
microsoft	sharepoint_server	2016
microsoft	sharepoint_server	2019

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*",
              "matchCriteriaId": "3259EBFE-AE2D-48B8-BE9A-E22BBDB31378",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*",
              "matchCriteriaId": "CD25F492-9272-4836-832C-8439EBE64CCF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x64:*",
              "matchCriteriaId": "72324216-4EB3-4243-A007-FEF3133C7DF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x86:*",
              "matchCriteriaId": "0FBB0E61-7997-4F26-9C07-54912D3F1C10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x64:*",
              "matchCriteriaId": "CF5DDD09-902E-4881-98D0-CB896333B4AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x86:*",
              "matchCriteriaId": "26A3B226-5D7C-4556-9350-5222DC8EFC2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x64:*",
              "matchCriteriaId": "75F7306B-D1DA-48C2-AF87-4480E161D794",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:macos:*:*",
              "matchCriteriaId": "BF0E8112-5B6F-4E55-8E40-38ADCF6FC654",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:-:x64:*",
              "matchCriteriaId": "D31E509A-0B2E-4B41-88C4-0099E800AFE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:-:x86:*",
              "matchCriteriaId": "017A7041-BEF1-4E4E-AC8A-EFC6AFEB01FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:macos:*:*",
              "matchCriteriaId": "EF3E56B5-E6A6-4061-9380-D421E52B9199",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*",
              "matchCriteriaId": "DD6194DB-E1C7-4206-A116-2E87C69618E8",
              "versionEndExcluding": "16.0.19725.20076",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "F815EF1D-7B60-47BE-9AC2-2548F99F10E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*",
              "matchCriteriaId": "6122D014-5BF1-4AF4-8B4D-80205ED7785E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally."
    },
    {
      "lang": "es",
      "value": "Desreferencia de puntero no confiable en Microsoft Office permite a un atacante no autorizado ejecutar c\u00f3digo localmente."
    }
  ],
  "id": "CVE-2026-26113",
  "lastModified": "2026-03-13T17:08:02.900",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 8.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 5.9,
        "source": "secure@microsoft.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2026-03-10T18:18:40.177",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26113"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-822"
        }
      ],
      "source": "secure@microsoft.com",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-55WJ-Q5RX-5H35

Vulnerability from github – Published: 2026-03-10 18:31 – Updated: 2026-03-10 18:31

Details

Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally.

Severity

8.4 (High)


                  
                    CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2026-26113"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-822"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-10T18:18:40Z",
    "severity": "HIGH"
  },
  "details": "Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally.",
  "id": "GHSA-55wj-q5rx-5h35",
  "modified": "2026-03-10T18:31:21Z",
  "published": "2026-03-10T18:31:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26113"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26113"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

MSRC_CVE-2026-26113

Vulnerability from csaf_microsoft - Published: 2026-03-10 07:00 - Updated: 2026-03-10 07:00

Summary

Microsoft Office Remote Code Execution Vulnerability

Severity

Critical

Notes

Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

Customer Action: Required. The vulnerability documented by this CVE requires customer action to resolve.

CVE-2026-26113

8.4 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE-822 - Untrusted Pointer Dereference

Affected products

Fixed 14 products

Product	Identifier	Version	Remediation
Microsoft Office 2016 (32-bit edition) 16.0.5543.1000 Microsoft Office 2016 (32-bit edition)		16.0.5543.1000
Microsoft Office 2016 (64-bit edition) 16.0.5543.1000 Microsoft Office 2016 (64-bit edition)		16.0.5543.1000
Microsoft SharePoint Enterprise Server 2016 16.0.5543.1000 Microsoft SharePoint Enterprise Server 2016		16.0.5543.1000
Microsoft Office 2019 for 32-bit editions https://aka.ms/OfficeSecurityReleases Microsoft Office 2019 for 32-bit editions		https://aka.ms/OfficeSecurityReleases
Microsoft Office 2019 for 64-bit editions https://aka.ms/OfficeSecurityReleases Microsoft Office 2019 for 64-bit editions		https://aka.ms/OfficeSecurityReleases
Microsoft SharePoint Server 2019 16.0.10417.20102 Microsoft SharePoint Server 2019		16.0.10417.20102
Microsoft 365 Apps for Enterprise for 32-bit Systems https://aka.ms/OfficeSecurityReleases Microsoft 365 Apps for Enterprise for 32-bit Systems		https://aka.ms/OfficeSecurityReleases
Microsoft 365 Apps for Enterprise for 64-bit Systems https://aka.ms/OfficeSecurityReleases Microsoft 365 Apps for Enterprise for 64-bit Systems		https://aka.ms/OfficeSecurityReleases
Microsoft Office LTSC for Mac 2021 16.107.26030819 Microsoft Office LTSC for Mac 2021		16.107.26030819
Microsoft Office LTSC 2021 for 64-bit editions https://aka.ms/OfficeSecurityReleases Microsoft Office LTSC 2021 for 64-bit editions		https://aka.ms/OfficeSecurityReleases
Microsoft SharePoint Server Subscription Edition 16.0.19725.20076 Microsoft SharePoint Server Subscription Edition		16.0.19725.20076
Microsoft Office LTSC 2024 for 32-bit editions https://aka.ms/OfficeSecurityReleases Microsoft Office LTSC 2024 for 32-bit editions		https://aka.ms/OfficeSecurityReleases
Microsoft Office LTSC 2024 for 64-bit editions https://aka.ms/OfficeSecurityReleases Microsoft Office LTSC 2024 for 64-bit editions		https://aka.ms/OfficeSecurityReleases
Microsoft Office LTSC for Mac 2024 16.107.26030819 Microsoft Office LTSC for Mac 2024		16.107.26030819

Known affected 14 products

Product	Version	Remediation
Microsoft Office LTSC for Mac 2024 <16.107.26030819 Microsoft Office LTSC for Mac 2024	<16.107.26030819	Vendor Fix fix
Microsoft Office LTSC 2024 for 64-bit editions <https://aka.ms/OfficeSecurityReleases Microsoft Office LTSC 2024 for 64-bit editions	<https://aka.ms/OfficeSecurityReleases	Vendor Fix fix
Microsoft Office LTSC 2024 for 32-bit editions <https://aka.ms/OfficeSecurityReleases Microsoft Office LTSC 2024 for 32-bit editions	<https://aka.ms/OfficeSecurityReleases	Vendor Fix fix
Microsoft SharePoint Server Subscription Edition <16.0.19725.20076 Microsoft SharePoint Server Subscription Edition	<16.0.19725.20076	Vendor Fix fix
Microsoft Office LTSC 2021 for 64-bit editions <https://aka.ms/OfficeSecurityReleases Microsoft Office LTSC 2021 for 64-bit editions	<https://aka.ms/OfficeSecurityReleases	Vendor Fix fix
Microsoft Office LTSC for Mac 2021 <16.107.26030819 Microsoft Office LTSC for Mac 2021	<16.107.26030819	Vendor Fix fix
Microsoft 365 Apps for Enterprise for 64-bit Systems <https://aka.ms/OfficeSecurityReleases Microsoft 365 Apps for Enterprise for 64-bit Systems	<https://aka.ms/OfficeSecurityReleases	Vendor Fix fix
Microsoft 365 Apps for Enterprise for 32-bit Systems <https://aka.ms/OfficeSecurityReleases Microsoft 365 Apps for Enterprise for 32-bit Systems	<https://aka.ms/OfficeSecurityReleases	Vendor Fix fix
Microsoft SharePoint Server 2019 <16.0.10417.20102 Microsoft SharePoint Server 2019	<16.0.10417.20102	Vendor Fix fix Vendor Fix fix
Microsoft Office 2019 for 64-bit editions <https://aka.ms/OfficeSecurityReleases Microsoft Office 2019 for 64-bit editions	<https://aka.ms/OfficeSecurityReleases	Vendor Fix fix
Microsoft Office 2019 for 32-bit editions <https://aka.ms/OfficeSecurityReleases Microsoft Office 2019 for 32-bit editions	<https://aka.ms/OfficeSecurityReleases	Vendor Fix fix
Microsoft SharePoint Enterprise Server 2016 <16.0.5543.1000 Microsoft SharePoint Enterprise Server 2016	<16.0.5543.1000	Vendor Fix fix Vendor Fix fix
Microsoft Office 2016 (64-bit edition) <16.0.5543.1000 Microsoft Office 2016 (64-bit edition)	<16.0.5543.1000	Vendor Fix fix
Microsoft Office 2016 (32-bit edition) <16.0.5543.1000 Microsoft Office 2016 (32-bit edition)	<16.0.5543.1000	Vendor Fix fix

Threats

Impact Remote Code Execution

Exploit Status Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely

References

7 references

URL	Category
https://msrc.microsoft.com/update-guide/vulnerabi…	self
https://msrc.microsoft.com/csaf/advisories/2026/m…	self
https://www.microsoft.com/en-us/msrc/exploitabili…	external
https://support.microsoft.com/lifecycle	external
https://www.first.org/cvss	external
https://msrc.microsoft.com/update-guide/vulnerabi…	self
https://msrc.microsoft.com/csaf/advisories/2026/m…	self

Acknowledgments

tiebuchen

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "tiebuchen"
        ]
      }
    ],
    "aggregate_severity": {
      "namespace": "https://www.microsoft.com/en-us/msrc/security-update-severity-rating-system",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      },
      {
        "category": "general",
        "text": "Required. The vulnerability documented by this CVE requires customer action to resolve.",
        "title": "Customer Action"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2026-26113 Microsoft Office Remote Code Execution Vulnerability - HTML",
        "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26113"
      },
      {
        "category": "self",
        "summary": "CVE-2026-26113 Microsoft Office Remote Code Execution Vulnerability - CSAF",
        "url": "https://msrc.microsoft.com/csaf/advisories/2026/msrc_cve-2026-26113.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Exploitability Index",
        "url": "https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "Microsoft Office Remote Code Execution Vulnerability",
    "tracking": {
      "current_release_date": "2026-03-10T07:00:00.000Z",
      "generator": {
        "date": "2026-03-10T17:04:32.278Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2026-26113",
      "initial_release_date": "2026-03-10T07:00:00.000Z",
      "revision_history": [
        {
          "date": "2026-03-10T07:00:00.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c16.0.5543.1000",
            "product": {
              "name": "Microsoft SharePoint Enterprise Server 2016 \u003c16.0.5543.1000",
              "product_id": "12"
            }
          },
          {
            "category": "product_version",
            "name": "16.0.5543.1000",
            "product": {
              "name": "Microsoft SharePoint Enterprise Server 2016 16.0.5543.1000",
              "product_id": "10950"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft SharePoint Enterprise Server 2016"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c16.0.19725.20076",
            "product": {
              "name": "Microsoft SharePoint Server Subscription Edition \u003c16.0.19725.20076",
              "product_id": "4"
            }
          },
          {
            "category": "product_version",
            "name": "16.0.19725.20076",
            "product": {
              "name": "Microsoft SharePoint Server Subscription Edition 16.0.19725.20076",
              "product_id": "11961"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft SharePoint Server Subscription Edition"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c16.0.10417.20102",
            "product": {
              "name": "Microsoft SharePoint Server 2019 \u003c16.0.10417.20102",
              "product_id": "9"
            }
          },
          {
            "category": "product_version",
            "name": "16.0.10417.20102",
            "product": {
              "name": "Microsoft SharePoint Server 2019 16.0.10417.20102",
              "product_id": "11585"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft SharePoint Server 2019"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003chttps://aka.ms/OfficeSecurityReleases",
            "product": {
              "name": "Microsoft Office 2019 for 32-bit editions \u003chttps://aka.ms/OfficeSecurityReleases",
              "product_id": "11"
            }
          },
          {
            "category": "product_version",
            "name": "https://aka.ms/OfficeSecurityReleases",
            "product": {
              "name": "Microsoft Office 2019 for 32-bit editions https://aka.ms/OfficeSecurityReleases",
              "product_id": "11573"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft Office 2019 for 32-bit editions"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003chttps://aka.ms/OfficeSecurityReleases",
            "product": {
              "name": "Microsoft Office 2019 for 64-bit editions \u003chttps://aka.ms/OfficeSecurityReleases",
              "product_id": "10"
            }
          },
          {
            "category": "product_version",
            "name": "https://aka.ms/OfficeSecurityReleases",
            "product": {
              "name": "Microsoft Office 2019 for 64-bit editions https://aka.ms/OfficeSecurityReleases",
              "product_id": "11574"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft Office 2019 for 64-bit editions"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003chttps://aka.ms/OfficeSecurityReleases",
            "product": {
              "name": "Microsoft 365 Apps for Enterprise for 32-bit Systems \u003chttps://aka.ms/OfficeSecurityReleases",
              "product_id": "8"
            }
          },
          {
            "category": "product_version",
            "name": "https://aka.ms/OfficeSecurityReleases",
            "product": {
              "name": "Microsoft 365 Apps for Enterprise for 32-bit Systems https://aka.ms/OfficeSecurityReleases",
              "product_id": "11762"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft 365 Apps for Enterprise for 32-bit Systems"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003chttps://aka.ms/OfficeSecurityReleases",
            "product": {
              "name": "Microsoft 365 Apps for Enterprise for 64-bit Systems \u003chttps://aka.ms/OfficeSecurityReleases",
              "product_id": "7"
            }
          },
          {
            "category": "product_version",
            "name": "https://aka.ms/OfficeSecurityReleases",
            "product": {
              "name": "Microsoft 365 Apps for Enterprise for 64-bit Systems https://aka.ms/OfficeSecurityReleases",
              "product_id": "11763"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft 365 Apps for Enterprise for 64-bit Systems"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c16.107.26030819",
            "product": {
              "name": "Microsoft Office LTSC for Mac 2021 \u003c16.107.26030819",
              "product_id": "6"
            }
          },
          {
            "category": "product_version",
            "name": "16.107.26030819",
            "product": {
              "name": "Microsoft Office LTSC for Mac 2021 16.107.26030819",
              "product_id": "11951"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft Office LTSC for Mac 2021"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003chttps://aka.ms/OfficeSecurityReleases",
            "product": {
              "name": "Microsoft Office LTSC 2021 for 64-bit editions \u003chttps://aka.ms/OfficeSecurityReleases",
              "product_id": "5"
            }
          },
          {
            "category": "product_version",
            "name": "https://aka.ms/OfficeSecurityReleases",
            "product": {
              "name": "Microsoft Office LTSC 2021 for 64-bit editions https://aka.ms/OfficeSecurityReleases",
              "product_id": "11952"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft Office LTSC 2021 for 64-bit editions"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003chttps://aka.ms/OfficeSecurityReleases",
            "product": {
              "name": "Microsoft Office LTSC 2024 for 32-bit editions \u003chttps://aka.ms/OfficeSecurityReleases",
              "product_id": "3"
            }
          },
          {
            "category": "product_version",
            "name": "https://aka.ms/OfficeSecurityReleases",
            "product": {
              "name": "Microsoft Office LTSC 2024 for 32-bit editions https://aka.ms/OfficeSecurityReleases",
              "product_id": "12420"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft Office LTSC 2024 for 32-bit editions"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003chttps://aka.ms/OfficeSecurityReleases",
            "product": {
              "name": "Microsoft Office LTSC 2024 for 64-bit editions \u003chttps://aka.ms/OfficeSecurityReleases",
              "product_id": "2"
            }
          },
          {
            "category": "product_version",
            "name": "https://aka.ms/OfficeSecurityReleases",
            "product": {
              "name": "Microsoft Office LTSC 2024 for 64-bit editions https://aka.ms/OfficeSecurityReleases",
              "product_id": "12421"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft Office LTSC 2024 for 64-bit editions"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c16.107.26030819",
            "product": {
              "name": "Microsoft Office LTSC for Mac 2024 \u003c16.107.26030819",
              "product_id": "1"
            }
          },
          {
            "category": "product_version",
            "name": "16.107.26030819",
            "product": {
              "name": "Microsoft Office LTSC for Mac 2024 16.107.26030819",
              "product_id": "12440"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft Office LTSC for Mac 2024"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c16.0.5543.1000",
            "product": {
              "name": "Microsoft Office 2016 (32-bit edition) \u003c16.0.5543.1000",
              "product_id": "14"
            }
          },
          {
            "category": "product_version",
            "name": "16.0.5543.1000",
            "product": {
              "name": "Microsoft Office 2016 (32-bit edition) 16.0.5543.1000",
              "product_id": "10753"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft Office 2016 (32-bit edition)"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c16.0.5543.1000",
            "product": {
              "name": "Microsoft Office 2016 (64-bit edition) \u003c16.0.5543.1000",
              "product_id": "13"
            }
          },
          {
            "category": "product_version",
            "name": "16.0.5543.1000",
            "product": {
              "name": "Microsoft Office 2016 (64-bit edition) 16.0.5543.1000",
              "product_id": "10754"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft Office 2016 (64-bit edition)"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-26113",
      "cwe": {
        "id": "CWE-822",
        "name": "Untrusted Pointer Dereference"
      },
      "notes": [
        {
          "category": "general",
          "text": "Microsoft",
          "title": "Assigning CNA"
        },
        {
          "category": "faq",
          "text": "The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.",
          "title": "According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?"
        },
        {
          "category": "faq",
          "text": "Yes, the Preview Pane is an attack vector.",
          "title": "Is the Preview Pane an attack vector for this vulnerability?"
        },
        {
          "category": "faq",
          "text": "Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.",
          "title": "There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?"
        }
      ],
      "product_status": {
        "fixed": [
          "10753",
          "10754",
          "10950",
          "11573",
          "11574",
          "11585",
          "11762",
          "11763",
          "11951",
          "11952",
          "11961",
          "12420",
          "12421",
          "12440"
        ],
        "known_affected": [
          "1",
          "2",
          "3",
          "4",
          "5",
          "6",
          "7",
          "8",
          "9",
          "10",
          "11",
          "12",
          "13",
          "14"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-26113 Microsoft Office Remote Code Execution Vulnerability - HTML",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26113"
        },
        {
          "category": "self",
          "summary": "CVE-2026-26113 Microsoft Office Remote Code Execution Vulnerability - CSAF",
          "url": "https://msrc.microsoft.com/csaf/advisories/2026/msrc_cve-2026-26113.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-03-10T07:00:00.000Z",
          "details": "16.0.5543.1000:Security Update:https://support.microsoft.com/help/5002850",
          "product_ids": [
            "12"
          ],
          "url": "https://support.microsoft.com/help/5002850"
        },
        {
          "category": "vendor_fix",
          "date": "2026-03-10T07:00:00.000Z",
          "details": "16.0.5543.1000:Security Update:https://support.microsoft.com/help/5002851",
          "product_ids": [
            "12"
          ],
          "url": "https://support.microsoft.com/help/5002851"
        },
        {
          "category": "vendor_fix",
          "date": "2026-03-10T07:00:00.000Z",
          "details": "16.0.19725.20076:Security Update:https://support.microsoft.com/help/5002843",
          "product_ids": [
            "4"
          ],
          "url": "https://support.microsoft.com/help/5002843"
        },
        {
          "category": "vendor_fix",
          "date": "2026-03-10T07:00:00.000Z",
          "details": "16.0.10417.20102:Security Update:https://support.microsoft.com/help/5002845",
          "product_ids": [
            "9"
          ],
          "url": "https://support.microsoft.com/help/5002845"
        },
        {
          "category": "vendor_fix",
          "date": "2026-03-10T07:00:00.000Z",
          "details": "16.0.10417.20102:Security Update:https://support.microsoft.com/help/5002847",
          "product_ids": [
            "9"
          ],
          "url": "https://support.microsoft.com/help/5002847"
        },
        {
          "category": "vendor_fix",
          "date": "2026-03-10T07:00:00.000Z",
          "details": "https://aka.ms/OfficeSecurityReleases:Security Update:https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates",
          "product_ids": [
            "11",
            "10",
            "8",
            "7",
            "5",
            "3",
            "2"
          ],
          "url": "https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates"
        },
        {
          "category": "vendor_fix",
          "date": "2026-03-10T07:00:00.000Z",
          "details": "16.107.26030819:Security Update:https://go.microsoft.com/fwlink/p/?linkid=831049",
          "product_ids": [
            "6",
            "1"
          ],
          "url": "https://go.microsoft.com/fwlink/p/?linkid=831049"
        },
        {
          "category": "vendor_fix",
          "date": "2026-03-10T07:00:00.000Z",
          "details": "16.0.5543.1000:Security Update:https://support.microsoft.com/help/5002848",
          "product_ids": [
            "14",
            "13"
          ],
          "url": "https://support.microsoft.com/help/5002848"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalsScore": 0.0,
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 7.3,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8",
            "9",
            "10",
            "11",
            "12",
            "13",
            "14"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Remote Code Execution"
        },
        {
          "category": "exploit_status",
          "details": "Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely"
        }
      ],
      "title": "Microsoft Office Remote Code Execution Vulnerability"
    }
  ]
}

NCSC-2026-0084

Vulnerability from csaf_ncscnl - Published: 2026-03-10 20:20 - Updated: 2026-03-10 20:20

Summary

Kwetsbaarheden verholpen in Microsoft Office

Notes

The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions: NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein. NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory. This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.

Feiten: Microsoft heeft kwetsbaarheden verholpen in diverse Office producten.

Interpretaties: Een kwaadwillende kan de kwetsbaarheden misbruiken om zich voor te doen als een andere gebruiker, zich verhoogde rechten toe te kennen en/of willekeurige code uit te voeren en mogelijk toegang te krijgen tot gevoelige gegevens in de context van het slachtoffer. Voor succesvol misbruik moet de kwaadwillende het slachtoffer misleiden een malfide document te openen, of link te volgen. ``` Microsoft Office Excel: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-26112 | 7.80 | Uitvoeren van willekeurige code | | CVE-2026-26107 | 7.80 | Uitvoeren van willekeurige code | | CVE-2026-26108 | 7.80 | Uitvoeren van willekeurige code | | CVE-2026-26109 | 8.40 | Uitvoeren van willekeurige code | | CVE-2026-26144 | 7.50 | Toegang tot gevoelige gegevens | |----------------|------|-------------------------------------| Microsoft Office: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-26113 | 8.40 | Uitvoeren van willekeurige code | | CVE-2026-26134 | 7.80 | Verkrijgen van verhoogde rechten | | CVE-2026-26110 | 8.40 | Uitvoeren van willekeurige code | |----------------|------|-------------------------------------| Microsoft Office SharePoint: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-26105 | 8.10 | Voordoen als andere gebruiker | | CVE-2026-26114 | 8.80 | Uitvoeren van willekeurige code | | CVE-2026-26106 | 8.80 | Uitvoeren van willekeurige code | |----------------|------|-------------------------------------| ```

Oplossingen: Microsoft heeft updates beschikbaar gesteld waarmee de beschreven kwetsbaarheden worden verholpen. We raden u aan om deze updates te installeren. Meer informatie over de kwetsbaarheden, de installatie van de updates en eventuele work-arounds vindt u op: https://portal.msrc.microsoft.com/en-us/security-guidance

Kans: medium

Schade: high

CWE-20: Improper Input Validation

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-122: Heap-based Buffer Overflow

CWE-125: Out-of-bounds Read

CWE-190: Integer Overflow or Wraparound

CWE-416: Use After Free

CWE-502: Deserialization of Untrusted Data

CWE-822: Untrusted Pointer Dereference

CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')

CVE-2026-26105

A cross-site scripting vulnerability in Microsoft Office SharePoint caused by improper input neutralization allows unauthorized attackers to perform network spoofing.

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Known affected 19 products

Product	Identifier	Version	Remediation
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Enterprise Server 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server Subscription Edition		vers:unknown/*
vers:unknown/* Microsoft / Office Online Server		vers:unknown/*

CVE-2026-26113

An untrusted pointer dereference vulnerability in Microsoft Office allows unauthorized local code execution, posing a significant security risk.

8.4 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE-822 - Untrusted Pointer Dereference

Affected products

Known affected 19 products

Product	Identifier	Version	Remediation
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Enterprise Server 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server Subscription Edition		vers:unknown/*
vers:unknown/* Microsoft / Office Online Server		vers:unknown/*

CVE-2026-26114

A deserialization vulnerability in Microsoft Office SharePoint allows an authorized attacker to remotely execute code over a network by processing untrusted data.

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE-502 - Deserialization of Untrusted Data

Affected products

Known affected 19 products

Product	Identifier	Version	Remediation
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Enterprise Server 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server Subscription Edition		vers:unknown/*
vers:unknown/* Microsoft / Office Online Server		vers:unknown/*

CVE-2026-26106

An improper input validation vulnerability in Microsoft Office SharePoint allows an authorized attacker to remotely execute code on the affected system.

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE-20 - Improper Input Validation

Affected products

Known affected 19 products

Product	Identifier	Version	Remediation
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Enterprise Server 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server Subscription Edition		vers:unknown/*
vers:unknown/* Microsoft / Office Online Server		vers:unknown/*

CVE-2026-26112

A vulnerability in Microsoft Office Excel allows untrusted pointer dereference, enabling unauthorized attackers to execute code locally.

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE-822 - Untrusted Pointer Dereference

Affected products

Known affected 19 products

Product	Identifier	Version	Remediation
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Enterprise Server 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server Subscription Edition		vers:unknown/*
vers:unknown/* Microsoft / Office Online Server		vers:unknown/*

CVE-2026-26107

A vulnerability in Microsoft Office Excel, termed 'use after free,' allows unauthorized attackers to execute code locally on affected systems.

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE-416 - Use After Free

Affected products

Known affected 19 products

Product	Identifier	Version	Remediation
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Enterprise Server 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server Subscription Edition		vers:unknown/*
vers:unknown/* Microsoft / Office Online Server		vers:unknown/*

CVE-2026-26108

A heap-based buffer overflow vulnerability in Microsoft Office Excel allows unauthorized attackers to execute code locally.

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE-122 - Heap-based Buffer Overflow

Affected products

Known affected 19 products

Product	Identifier	Version	Remediation
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Enterprise Server 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server Subscription Edition		vers:unknown/*
vers:unknown/* Microsoft / Office Online Server		vers:unknown/*

CVE-2026-26109

An out-of-bounds read vulnerability in Microsoft Office Excel allows an unauthorized attacker to execute code locally, posing a significant security risk.

8.4 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE-125 - Out-of-bounds Read

Affected products

Known affected 19 products

Product	Identifier	Version	Remediation
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Enterprise Server 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server Subscription Edition		vers:unknown/*
vers:unknown/* Microsoft / Office Online Server		vers:unknown/*

CVE-2026-26110

A type confusion vulnerability in Microsoft Office allows unauthorized local code execution, posing a significant security risk.

8.4 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Affected products

Known affected 19 products

Product	Identifier	Version	Remediation
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Enterprise Server 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server Subscription Edition		vers:unknown/*
vers:unknown/* Microsoft / Office Online Server		vers:unknown/*

CVE-2026-26144

A cross-site scripting vulnerability in Microsoft Office Excel caused by improper input neutralization during web page generation allows unauthorized attackers to disclose information over a network.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Known affected 19 products

Product	Identifier	Version	Remediation
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Enterprise Server 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server Subscription Edition		vers:unknown/*
vers:unknown/* Microsoft / Office Online Server		vers:unknown/*

CVE-2026-26134

An integer overflow or wraparound vulnerability in Microsoft Office allows an authorized local attacker to elevate privileges on the affected system.

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE-190 - Integer Overflow or Wraparound

Affected products

Known affected 19 products

Product	Identifier	Version	Remediation
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office for Android		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Enterprise Server 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server Subscription Edition		vers:unknown/*
vers:unknown/* Microsoft / Office Online Server		vers:unknown/*

References

11 references

URL	Category
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "Microsoft heeft kwetsbaarheden verholpen in diverse Office producten.",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "Een kwaadwillende kan de kwetsbaarheden misbruiken om zich voor te doen als een andere gebruiker, zich verhoogde rechten toe te kennen en/of willekeurige code uit te voeren en mogelijk toegang te krijgen tot gevoelige gegevens in de context van het slachtoffer.\n\nVoor succesvol misbruik moet de kwaadwillende het slachtoffer misleiden een malfide document te openen, of link te volgen.\n\n```\nMicrosoft Office Excel: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-26112 | 7.80 | Uitvoeren van willekeurige code     | \n| CVE-2026-26107 | 7.80 | Uitvoeren van willekeurige code     | \n| CVE-2026-26108 | 7.80 | Uitvoeren van willekeurige code     | \n| CVE-2026-26109 | 8.40 | Uitvoeren van willekeurige code     | \n| CVE-2026-26144 | 7.50 | Toegang tot gevoelige gegevens      | \n|----------------|------|-------------------------------------|\n\nMicrosoft Office: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-26113 | 8.40 | Uitvoeren van willekeurige code     | \n| CVE-2026-26134 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-26110 | 8.40 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nMicrosoft Office SharePoint: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-26105 | 8.10 | Voordoen als andere gebruiker       | \n| CVE-2026-26114 | 8.80 | Uitvoeren van willekeurige code     | \n| CVE-2026-26106 | 8.80 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n```",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "Microsoft heeft updates beschikbaar gesteld waarmee de beschreven kwetsbaarheden worden verholpen. We raden u aan om deze updates te installeren. Meer informatie over de kwetsbaarheden, de installatie van de updates en eventuele work-arounds vindt u op:\n\nhttps://portal.msrc.microsoft.com/en-us/security-guidance",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Improper Input Validation",
        "title": "CWE-20"
      },
      {
        "category": "general",
        "text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
        "title": "CWE-79"
      },
      {
        "category": "general",
        "text": "Heap-based Buffer Overflow",
        "title": "CWE-122"
      },
      {
        "category": "general",
        "text": "Out-of-bounds Read",
        "title": "CWE-125"
      },
      {
        "category": "general",
        "text": "Integer Overflow or Wraparound",
        "title": "CWE-190"
      },
      {
        "category": "general",
        "text": "Use After Free",
        "title": "CWE-416"
      },
      {
        "category": "general",
        "text": "Deserialization of Untrusted Data",
        "title": "CWE-502"
      },
      {
        "category": "general",
        "text": "Untrusted Pointer Dereference",
        "title": "CWE-822"
      },
      {
        "category": "general",
        "text": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
        "title": "CWE-843"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "title": "Kwetsbaarheden verholpen in Microsoft Office",
    "tracking": {
      "current_release_date": "2026-03-10T20:20:08.157658Z",
      "generator": {
        "date": "2025-08-04T16:30:00Z",
        "engine": {
          "name": "V.A.",
          "version": "1.3"
        }
      },
      "id": "NCSC-2026-0084",
      "initial_release_date": "2026-03-10T20:20:08.157658Z",
      "revision_history": [
        {
          "date": "2026-03-10T20:20:08.157658Z",
          "number": "1.0.0",
          "summary": "Initiele versie"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-1"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft 365 Apps for Enterprise for 32-bit Systems"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-2"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft 365 Apps for Enterprise for 64-bit Systems"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-3"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Excel 2016 (32-bit edition)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-4"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Excel 2016 (64-bit edition)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-5"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Office 2016 (32-bit edition)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-6"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Office 2016 (64-bit edition)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-7"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Office 2019 for 32-bit editions"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-8"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Office 2019 for 64-bit editions"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-9"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Office LTSC 2021 for 32-bit editions"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-10"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Office LTSC 2021 for 64-bit editions"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-11"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Office LTSC 2024 for 32-bit editions"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-12"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Office LTSC 2024 for 64-bit editions"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-13"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Office LTSC for Mac 2021"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-14"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Office LTSC for Mac 2024"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-15"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Office for Android"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-16"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft SharePoint Enterprise Server 2016"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-17"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft SharePoint Server 2019"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-18"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft SharePoint Server Subscription Edition"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-19"
                }
              }
            ],
            "category": "product_name",
            "name": "Office Online Server"
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-26105",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
          "title": "CWE-79"
        },
        {
          "category": "description",
          "text": "A cross-site scripting vulnerability in Microsoft Office SharePoint caused by improper input neutralization allows unauthorized attackers to perform network spoofing.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-26105 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-26105.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19"
          ]
        }
      ],
      "title": "CVE-2026-26105"
    },
    {
      "cve": "CVE-2026-26113",
      "cwe": {
        "id": "CWE-822",
        "name": "Untrusted Pointer Dereference"
      },
      "notes": [
        {
          "category": "other",
          "text": "Untrusted Pointer Dereference",
          "title": "CWE-822"
        },
        {
          "category": "description",
          "text": "An untrusted pointer dereference vulnerability in Microsoft Office allows unauthorized local code execution, posing a significant security risk.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-26113 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-26113.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19"
          ]
        }
      ],
      "title": "CVE-2026-26113"
    },
    {
      "cve": "CVE-2026-26114",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "notes": [
        {
          "category": "other",
          "text": "Deserialization of Untrusted Data",
          "title": "CWE-502"
        },
        {
          "category": "description",
          "text": "A deserialization vulnerability in Microsoft Office SharePoint allows an authorized attacker to remotely execute code over a network by processing untrusted data.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-26114 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-26114.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19"
          ]
        }
      ],
      "title": "CVE-2026-26114"
    },
    {
      "cve": "CVE-2026-26106",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        },
        {
          "category": "description",
          "text": "An improper input validation vulnerability in Microsoft Office SharePoint allows an authorized attacker to remotely execute code on the affected system.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-26106 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-26106.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19"
          ]
        }
      ],
      "title": "CVE-2026-26106"
    },
    {
      "cve": "CVE-2026-26112",
      "cwe": {
        "id": "CWE-822",
        "name": "Untrusted Pointer Dereference"
      },
      "notes": [
        {
          "category": "other",
          "text": "Untrusted Pointer Dereference",
          "title": "CWE-822"
        },
        {
          "category": "description",
          "text": "A vulnerability in Microsoft Office Excel allows untrusted pointer dereference, enabling unauthorized attackers to execute code locally.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-26112 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-26112.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19"
          ]
        }
      ],
      "title": "CVE-2026-26112"
    },
    {
      "cve": "CVE-2026-26107",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        },
        {
          "category": "description",
          "text": "A vulnerability in Microsoft Office Excel, termed \u0027use after free,\u0027 allows unauthorized attackers to execute code locally on affected systems.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-26107 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-26107.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19"
          ]
        }
      ],
      "title": "CVE-2026-26107"
    },
    {
      "cve": "CVE-2026-26108",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "other",
          "text": "Heap-based Buffer Overflow",
          "title": "CWE-122"
        },
        {
          "category": "description",
          "text": "A heap-based buffer overflow vulnerability in Microsoft Office Excel allows unauthorized attackers to execute code locally.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-26108 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-26108.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19"
          ]
        }
      ],
      "title": "CVE-2026-26108"
    },
    {
      "cve": "CVE-2026-26109",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Read",
          "title": "CWE-125"
        },
        {
          "category": "description",
          "text": "An out-of-bounds read vulnerability in Microsoft Office Excel allows an unauthorized attacker to execute code locally, posing a significant security risk.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-26109 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-26109.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19"
          ]
        }
      ],
      "title": "CVE-2026-26109"
    },
    {
      "cve": "CVE-2026-26110",
      "cwe": {
        "id": "CWE-843",
        "name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
          "title": "CWE-843"
        },
        {
          "category": "description",
          "text": "A type confusion vulnerability in Microsoft Office allows unauthorized local code execution, posing a significant security risk.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-26110 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-26110.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19"
          ]
        }
      ],
      "title": "CVE-2026-26110"
    },
    {
      "cve": "CVE-2026-26144",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
          "title": "CWE-79"
        },
        {
          "category": "description",
          "text": "A cross-site scripting vulnerability in Microsoft Office Excel caused by improper input neutralization during web page generation allows unauthorized attackers to disclose information over a network.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-26144 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-26144.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19"
          ]
        }
      ],
      "title": "CVE-2026-26144"
    },
    {
      "cve": "CVE-2026-26134",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "notes": [
        {
          "category": "other",
          "text": "Integer Overflow or Wraparound",
          "title": "CWE-190"
        },
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        },
        {
          "category": "description",
          "text": "An integer overflow or wraparound vulnerability in Microsoft Office allows an authorized local attacker to elevate privileges on the affected system.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-26134 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-26134.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19"
          ]
        }
      ],
      "title": "CVE-2026-26134"
    }
  ]
}

WID-SEC-W-2026-0659

Vulnerability from csaf_certbund - Published: 2026-03-10 23:00 - Updated: 2026-03-10 23:00

Summary

Microsoft Office und SharePoint Produkte: Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Die Microsoft Office Suite beinhaltet zahlreiche Büroanwendungen wie Textverarbeitung, Tabellenkalkulation, Datenbank und weitere Applikationen. Microsoft Office Online Server ist ein Serverprodukt, das browserbasierte Versionen von Word, PowerPoint, Excel und OneNote bereitstellt. Microsoft Sharepoint ist ein Portalsystem für die zentrale Verwaltung von Dokumenten und Anwendungen. Die Inhalte werden u. a. über Webseiten zur Verfügung gestellt. Microsoft 365 Apps ist eine Office Suite für zahlreiche Büroanwendungen.

Angriff: Ein Angreifer kann mehrere Schwachstellen in verschiedenen Microsoft Office und SharePoint Produkten ausnutzen, um beliebigen Programmcode auszuführen, um falsche Informationen darzustellen, um Informationen offenzulegen, und um seine Privilegien zu erhöhen.

Betroffene Betriebssysteme: - Android - MacOS X - Windows

CVE-2026-24285

Affected products

Known affected 13 products

Product	Identifier	Version
Microsoft Excel 2016 Microsoft / Excel	`cpe:/a:microsoft:excel:2016`	2016
Microsoft Office for Android Microsoft / Office	`cpe:/a:microsoft:office:for_android`	for Android
Microsoft SharePoint Server 2019 Microsoft	`cpe:/a:microsoft:sharepoint_server_2019:-`	—
Microsoft Office LTSC for Mac 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2021`	LTSC for Mac 2021
Microsoft 365 Apps Microsoft	`cpe:/a:microsoft:365_apps:-`	—
Microsoft SharePoint Enterprise Server 2016 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2016`	Enterprise Server 2016
Microsoft Office Online Server Microsoft	`cpe:/a:microsoft:office_online_server:-`	—
Microsoft SharePoint Server Subscription Edition Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition`	Server Subscription Edition
Microsoft Office 2016 Microsoft / Office	`cpe:/a:microsoft:office:2016`	2016
Microsoft Office LTSC 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2021`	LTSC 2021
Microsoft Office LTSC for Mac 2024 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2024`	LTSC for Mac 2024
Microsoft Office LTSC 2024 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2024`	LTSC 2024
Microsoft Office 2019 Microsoft / Office	`cpe:/a:microsoft:office:2019`	2019

CVE-2026-25180

Affected products

Known affected 13 products

Product	Identifier	Version
Microsoft Excel 2016 Microsoft / Excel	`cpe:/a:microsoft:excel:2016`	2016
Microsoft Office for Android Microsoft / Office	`cpe:/a:microsoft:office:for_android`	for Android
Microsoft SharePoint Server 2019 Microsoft	`cpe:/a:microsoft:sharepoint_server_2019:-`	—
Microsoft Office LTSC for Mac 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2021`	LTSC for Mac 2021
Microsoft 365 Apps Microsoft	`cpe:/a:microsoft:365_apps:-`	—
Microsoft SharePoint Enterprise Server 2016 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2016`	Enterprise Server 2016
Microsoft Office Online Server Microsoft	`cpe:/a:microsoft:office_online_server:-`	—
Microsoft SharePoint Server Subscription Edition Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition`	Server Subscription Edition
Microsoft Office 2016 Microsoft / Office	`cpe:/a:microsoft:office:2016`	2016
Microsoft Office LTSC 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2021`	LTSC 2021
Microsoft Office LTSC for Mac 2024 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2024`	LTSC for Mac 2024
Microsoft Office LTSC 2024 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2024`	LTSC 2024
Microsoft Office 2019 Microsoft / Office	`cpe:/a:microsoft:office:2019`	2019

CVE-2026-26105

Affected products

Known affected 13 products

Product	Identifier	Version
Microsoft Excel 2016 Microsoft / Excel	`cpe:/a:microsoft:excel:2016`	2016
Microsoft Office for Android Microsoft / Office	`cpe:/a:microsoft:office:for_android`	for Android
Microsoft SharePoint Server 2019 Microsoft	`cpe:/a:microsoft:sharepoint_server_2019:-`	—
Microsoft Office LTSC for Mac 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2021`	LTSC for Mac 2021
Microsoft 365 Apps Microsoft	`cpe:/a:microsoft:365_apps:-`	—
Microsoft SharePoint Enterprise Server 2016 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2016`	Enterprise Server 2016
Microsoft Office Online Server Microsoft	`cpe:/a:microsoft:office_online_server:-`	—
Microsoft SharePoint Server Subscription Edition Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition`	Server Subscription Edition
Microsoft Office 2016 Microsoft / Office	`cpe:/a:microsoft:office:2016`	2016
Microsoft Office LTSC 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2021`	LTSC 2021
Microsoft Office LTSC for Mac 2024 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2024`	LTSC for Mac 2024
Microsoft Office LTSC 2024 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2024`	LTSC 2024
Microsoft Office 2019 Microsoft / Office	`cpe:/a:microsoft:office:2019`	2019

CVE-2026-26106

Affected products

Known affected 13 products

Product	Identifier	Version
Microsoft Excel 2016 Microsoft / Excel	`cpe:/a:microsoft:excel:2016`	2016
Microsoft Office for Android Microsoft / Office	`cpe:/a:microsoft:office:for_android`	for Android
Microsoft SharePoint Server 2019 Microsoft	`cpe:/a:microsoft:sharepoint_server_2019:-`	—
Microsoft Office LTSC for Mac 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2021`	LTSC for Mac 2021
Microsoft 365 Apps Microsoft	`cpe:/a:microsoft:365_apps:-`	—
Microsoft SharePoint Enterprise Server 2016 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2016`	Enterprise Server 2016
Microsoft Office Online Server Microsoft	`cpe:/a:microsoft:office_online_server:-`	—
Microsoft SharePoint Server Subscription Edition Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition`	Server Subscription Edition
Microsoft Office 2016 Microsoft / Office	`cpe:/a:microsoft:office:2016`	2016
Microsoft Office LTSC 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2021`	LTSC 2021
Microsoft Office LTSC for Mac 2024 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2024`	LTSC for Mac 2024
Microsoft Office LTSC 2024 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2024`	LTSC 2024
Microsoft Office 2019 Microsoft / Office	`cpe:/a:microsoft:office:2019`	2019

CVE-2026-26107

Affected products

Known affected 13 products

Product	Identifier	Version
Microsoft Excel 2016 Microsoft / Excel	`cpe:/a:microsoft:excel:2016`	2016
Microsoft Office for Android Microsoft / Office	`cpe:/a:microsoft:office:for_android`	for Android
Microsoft SharePoint Server 2019 Microsoft	`cpe:/a:microsoft:sharepoint_server_2019:-`	—
Microsoft Office LTSC for Mac 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2021`	LTSC for Mac 2021
Microsoft 365 Apps Microsoft	`cpe:/a:microsoft:365_apps:-`	—
Microsoft SharePoint Enterprise Server 2016 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2016`	Enterprise Server 2016
Microsoft Office Online Server Microsoft	`cpe:/a:microsoft:office_online_server:-`	—
Microsoft SharePoint Server Subscription Edition Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition`	Server Subscription Edition
Microsoft Office 2016 Microsoft / Office	`cpe:/a:microsoft:office:2016`	2016
Microsoft Office LTSC 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2021`	LTSC 2021
Microsoft Office LTSC for Mac 2024 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2024`	LTSC for Mac 2024
Microsoft Office LTSC 2024 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2024`	LTSC 2024
Microsoft Office 2019 Microsoft / Office	`cpe:/a:microsoft:office:2019`	2019

CVE-2026-26108

Affected products

Known affected 13 products

Product	Identifier	Version
Microsoft Excel 2016 Microsoft / Excel	`cpe:/a:microsoft:excel:2016`	2016
Microsoft Office for Android Microsoft / Office	`cpe:/a:microsoft:office:for_android`	for Android
Microsoft SharePoint Server 2019 Microsoft	`cpe:/a:microsoft:sharepoint_server_2019:-`	—
Microsoft Office LTSC for Mac 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2021`	LTSC for Mac 2021
Microsoft 365 Apps Microsoft	`cpe:/a:microsoft:365_apps:-`	—
Microsoft SharePoint Enterprise Server 2016 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2016`	Enterprise Server 2016
Microsoft Office Online Server Microsoft	`cpe:/a:microsoft:office_online_server:-`	—
Microsoft SharePoint Server Subscription Edition Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition`	Server Subscription Edition
Microsoft Office 2016 Microsoft / Office	`cpe:/a:microsoft:office:2016`	2016
Microsoft Office LTSC 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2021`	LTSC 2021
Microsoft Office LTSC for Mac 2024 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2024`	LTSC for Mac 2024
Microsoft Office LTSC 2024 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2024`	LTSC 2024
Microsoft Office 2019 Microsoft / Office	`cpe:/a:microsoft:office:2019`	2019

CVE-2026-26109

Affected products

Known affected 13 products

Product	Identifier	Version
Microsoft Excel 2016 Microsoft / Excel	`cpe:/a:microsoft:excel:2016`	2016
Microsoft Office for Android Microsoft / Office	`cpe:/a:microsoft:office:for_android`	for Android
Microsoft SharePoint Server 2019 Microsoft	`cpe:/a:microsoft:sharepoint_server_2019:-`	—
Microsoft Office LTSC for Mac 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2021`	LTSC for Mac 2021
Microsoft 365 Apps Microsoft	`cpe:/a:microsoft:365_apps:-`	—
Microsoft SharePoint Enterprise Server 2016 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2016`	Enterprise Server 2016
Microsoft Office Online Server Microsoft	`cpe:/a:microsoft:office_online_server:-`	—
Microsoft SharePoint Server Subscription Edition Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition`	Server Subscription Edition
Microsoft Office 2016 Microsoft / Office	`cpe:/a:microsoft:office:2016`	2016
Microsoft Office LTSC 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2021`	LTSC 2021
Microsoft Office LTSC for Mac 2024 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2024`	LTSC for Mac 2024
Microsoft Office LTSC 2024 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2024`	LTSC 2024
Microsoft Office 2019 Microsoft / Office	`cpe:/a:microsoft:office:2019`	2019

CVE-2026-26110

Affected products

Known affected 13 products

Product	Identifier	Version
Microsoft Excel 2016 Microsoft / Excel	`cpe:/a:microsoft:excel:2016`	2016
Microsoft Office for Android Microsoft / Office	`cpe:/a:microsoft:office:for_android`	for Android
Microsoft SharePoint Server 2019 Microsoft	`cpe:/a:microsoft:sharepoint_server_2019:-`	—
Microsoft Office LTSC for Mac 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2021`	LTSC for Mac 2021
Microsoft 365 Apps Microsoft	`cpe:/a:microsoft:365_apps:-`	—
Microsoft SharePoint Enterprise Server 2016 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2016`	Enterprise Server 2016
Microsoft Office Online Server Microsoft	`cpe:/a:microsoft:office_online_server:-`	—
Microsoft SharePoint Server Subscription Edition Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition`	Server Subscription Edition
Microsoft Office 2016 Microsoft / Office	`cpe:/a:microsoft:office:2016`	2016
Microsoft Office LTSC 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2021`	LTSC 2021
Microsoft Office LTSC for Mac 2024 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2024`	LTSC for Mac 2024
Microsoft Office LTSC 2024 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2024`	LTSC 2024
Microsoft Office 2019 Microsoft / Office	`cpe:/a:microsoft:office:2019`	2019

CVE-2026-26112

Affected products

Known affected 13 products

Product	Identifier	Version
Microsoft Excel 2016 Microsoft / Excel	`cpe:/a:microsoft:excel:2016`	2016
Microsoft Office for Android Microsoft / Office	`cpe:/a:microsoft:office:for_android`	for Android
Microsoft SharePoint Server 2019 Microsoft	`cpe:/a:microsoft:sharepoint_server_2019:-`	—
Microsoft Office LTSC for Mac 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2021`	LTSC for Mac 2021
Microsoft 365 Apps Microsoft	`cpe:/a:microsoft:365_apps:-`	—
Microsoft SharePoint Enterprise Server 2016 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2016`	Enterprise Server 2016
Microsoft Office Online Server Microsoft	`cpe:/a:microsoft:office_online_server:-`	—
Microsoft SharePoint Server Subscription Edition Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition`	Server Subscription Edition
Microsoft Office 2016 Microsoft / Office	`cpe:/a:microsoft:office:2016`	2016
Microsoft Office LTSC 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2021`	LTSC 2021
Microsoft Office LTSC for Mac 2024 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2024`	LTSC for Mac 2024
Microsoft Office LTSC 2024 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2024`	LTSC 2024
Microsoft Office 2019 Microsoft / Office	`cpe:/a:microsoft:office:2019`	2019

CVE-2026-26113

Affected products

Known affected 13 products

Product	Identifier	Version
Microsoft Excel 2016 Microsoft / Excel	`cpe:/a:microsoft:excel:2016`	2016
Microsoft Office for Android Microsoft / Office	`cpe:/a:microsoft:office:for_android`	for Android
Microsoft SharePoint Server 2019 Microsoft	`cpe:/a:microsoft:sharepoint_server_2019:-`	—
Microsoft Office LTSC for Mac 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2021`	LTSC for Mac 2021
Microsoft 365 Apps Microsoft	`cpe:/a:microsoft:365_apps:-`	—
Microsoft SharePoint Enterprise Server 2016 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2016`	Enterprise Server 2016
Microsoft Office Online Server Microsoft	`cpe:/a:microsoft:office_online_server:-`	—
Microsoft SharePoint Server Subscription Edition Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition`	Server Subscription Edition
Microsoft Office 2016 Microsoft / Office	`cpe:/a:microsoft:office:2016`	2016
Microsoft Office LTSC 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2021`	LTSC 2021
Microsoft Office LTSC for Mac 2024 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2024`	LTSC for Mac 2024
Microsoft Office LTSC 2024 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2024`	LTSC 2024
Microsoft Office 2019 Microsoft / Office	`cpe:/a:microsoft:office:2019`	2019

CVE-2026-26114

Affected products

Known affected 13 products

Product	Identifier	Version
Microsoft Excel 2016 Microsoft / Excel	`cpe:/a:microsoft:excel:2016`	2016
Microsoft Office for Android Microsoft / Office	`cpe:/a:microsoft:office:for_android`	for Android
Microsoft SharePoint Server 2019 Microsoft	`cpe:/a:microsoft:sharepoint_server_2019:-`	—
Microsoft Office LTSC for Mac 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2021`	LTSC for Mac 2021
Microsoft 365 Apps Microsoft	`cpe:/a:microsoft:365_apps:-`	—
Microsoft SharePoint Enterprise Server 2016 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2016`	Enterprise Server 2016
Microsoft Office Online Server Microsoft	`cpe:/a:microsoft:office_online_server:-`	—
Microsoft SharePoint Server Subscription Edition Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition`	Server Subscription Edition
Microsoft Office 2016 Microsoft / Office	`cpe:/a:microsoft:office:2016`	2016
Microsoft Office LTSC 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2021`	LTSC 2021
Microsoft Office LTSC for Mac 2024 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2024`	LTSC for Mac 2024
Microsoft Office LTSC 2024 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2024`	LTSC 2024
Microsoft Office 2019 Microsoft / Office	`cpe:/a:microsoft:office:2019`	2019

CVE-2026-26134

Affected products

Known affected 13 products

Product	Identifier	Version
Microsoft Excel 2016 Microsoft / Excel	`cpe:/a:microsoft:excel:2016`	2016
Microsoft Office for Android Microsoft / Office	`cpe:/a:microsoft:office:for_android`	for Android
Microsoft SharePoint Server 2019 Microsoft	`cpe:/a:microsoft:sharepoint_server_2019:-`	—
Microsoft Office LTSC for Mac 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2021`	LTSC for Mac 2021
Microsoft 365 Apps Microsoft	`cpe:/a:microsoft:365_apps:-`	—
Microsoft SharePoint Enterprise Server 2016 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2016`	Enterprise Server 2016
Microsoft Office Online Server Microsoft	`cpe:/a:microsoft:office_online_server:-`	—
Microsoft SharePoint Server Subscription Edition Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition`	Server Subscription Edition
Microsoft Office 2016 Microsoft / Office	`cpe:/a:microsoft:office:2016`	2016
Microsoft Office LTSC 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2021`	LTSC 2021
Microsoft Office LTSC for Mac 2024 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2024`	LTSC for Mac 2024
Microsoft Office LTSC 2024 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2024`	LTSC 2024
Microsoft Office 2019 Microsoft / Office	`cpe:/a:microsoft:office:2019`	2019

CVE-2026-26144

Affected products

Known affected 13 products

Product	Identifier	Version
Microsoft Excel 2016 Microsoft / Excel	`cpe:/a:microsoft:excel:2016`	2016
Microsoft Office for Android Microsoft / Office	`cpe:/a:microsoft:office:for_android`	for Android
Microsoft SharePoint Server 2019 Microsoft	`cpe:/a:microsoft:sharepoint_server_2019:-`	—
Microsoft Office LTSC for Mac 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2021`	LTSC for Mac 2021
Microsoft 365 Apps Microsoft	`cpe:/a:microsoft:365_apps:-`	—
Microsoft SharePoint Enterprise Server 2016 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2016`	Enterprise Server 2016
Microsoft Office Online Server Microsoft	`cpe:/a:microsoft:office_online_server:-`	—
Microsoft SharePoint Server Subscription Edition Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition`	Server Subscription Edition
Microsoft Office 2016 Microsoft / Office	`cpe:/a:microsoft:office:2016`	2016
Microsoft Office LTSC 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2021`	LTSC 2021
Microsoft Office LTSC for Mac 2024 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2024`	LTSC for Mac 2024
Microsoft Office LTSC 2024 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2024`	LTSC 2024
Microsoft Office 2019 Microsoft / Office	`cpe:/a:microsoft:office:2019`	2019

References

3 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://msrc.microsoft.com/update-guide/	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Die Microsoft Office Suite beinhaltet zahlreiche B\u00fcroanwendungen wie Textverarbeitung, Tabellenkalkulation, Datenbank und weitere Applikationen.\r\nMicrosoft Office Online Server ist ein Serverprodukt, das browserbasierte Versionen von Word, PowerPoint, Excel und OneNote bereitstellt. \r\nMicrosoft Sharepoint ist ein Portalsystem f\u00fcr die zentrale Verwaltung von Dokumenten und Anwendungen. Die Inhalte werden u. a. \u00fcber Webseiten zur Verf\u00fcgung gestellt.\r\nMicrosoft 365 Apps ist eine Office Suite f\u00fcr zahlreiche B\u00fcroanwendungen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in verschiedenen Microsoft Office und SharePoint Produkten ausnutzen, um beliebigen Programmcode auszuf\u00fchren, um falsche Informationen darzustellen, um Informationen offenzulegen, und um seine Privilegien zu erh\u00f6hen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Android\n- MacOS X\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-0659 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0659.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-0659 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0659"
      },
      {
        "category": "external",
        "summary": "Microsoft Leitfaden f\u00fcr Sicherheitsupdates",
        "url": "https://msrc.microsoft.com/update-guide/"
      }
    ],
    "source_lang": "en-US",
    "title": "Microsoft Office und SharePoint Produkte: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-03-10T23:00:00.000+00:00",
      "generator": {
        "date": "2026-03-11T07:46:30.707+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2026-0659",
      "initial_release_date": "2026-03-10T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-03-10T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Microsoft 365 Apps",
            "product": {
              "name": "Microsoft 365 Apps",
              "product_id": "T050753",
              "product_identification_helper": {
                "cpe": "cpe:/a:microsoft:365_apps:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "2016",
                "product": {
                  "name": "Microsoft Excel 2016",
                  "product_id": "318577",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:excel:2016"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Excel"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "2019",
                "product": {
                  "name": "Microsoft Office 2019",
                  "product_id": "902302",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:office:2019"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "for Android",
                "product": {
                  "name": "Microsoft Office for Android",
                  "product_id": "T043649",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:office:for_android"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "LTSC for Mac 2021",
                "product": {
                  "name": "Microsoft Office LTSC for Mac 2021",
                  "product_id": "T050754",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:office:ltsc_for_mac_2021"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "LTSC 2021",
                "product": {
                  "name": "Microsoft Office LTSC 2021",
                  "product_id": "T050755",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:office:ltsc_2021"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "LTSC 2024",
                "product": {
                  "name": "Microsoft Office LTSC 2024",
                  "product_id": "T050757",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:office:ltsc_2024"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "LTSC for Mac 2024",
                "product": {
                  "name": "Microsoft Office LTSC for Mac 2024",
                  "product_id": "T050758",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:office:ltsc_for_mac_2024"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "2016",
                "product": {
                  "name": "Microsoft Office 2016",
                  "product_id": "T051516",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:office:2016"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Office"
          },
          {
            "category": "product_name",
            "name": "Microsoft Office Online Server",
            "product": {
              "name": "Microsoft Office Online Server",
              "product_id": "T050749",
              "product_identification_helper": {
                "cpe": "cpe:/a:microsoft:office_online_server:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "Enterprise Server 2016",
                "product": {
                  "name": "Microsoft SharePoint Enterprise Server 2016",
                  "product_id": "T050750",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:sharepoint:enterprise_server_2016"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Server Subscription Edition",
                "product": {
                  "name": "Microsoft SharePoint Server Subscription Edition",
                  "product_id": "T050756",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:sharepoint:server_subscription_edition"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SharePoint"
          },
          {
            "category": "product_name",
            "name": "Microsoft SharePoint Server 2019",
            "product": {
              "name": "Microsoft SharePoint Server 2019",
              "product_id": "T050752",
              "product_identification_helper": {
                "cpe": "cpe:/a:microsoft:sharepoint_server_2019:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-24285",
      "product_status": {
        "known_affected": [
          "318577",
          "T043649",
          "T050752",
          "T050754",
          "T050753",
          "T050750",
          "T050749",
          "T050756",
          "T051516",
          "T050755",
          "T050758",
          "T050757",
          "902302"
        ]
      },
      "release_date": "2026-03-10T23:00:00.000+00:00",
      "title": "CVE-2026-24285"
    },
    {
      "cve": "CVE-2026-25180",
      "product_status": {
        "known_affected": [
          "318577",
          "T043649",
          "T050752",
          "T050754",
          "T050753",
          "T050750",
          "T050749",
          "T050756",
          "T051516",
          "T050755",
          "T050758",
          "T050757",
          "902302"
        ]
      },
      "release_date": "2026-03-10T23:00:00.000+00:00",
      "title": "CVE-2026-25180"
    },
    {
      "cve": "CVE-2026-26105",
      "product_status": {
        "known_affected": [
          "318577",
          "T043649",
          "T050752",
          "T050754",
          "T050753",
          "T050750",
          "T050749",
          "T050756",
          "T051516",
          "T050755",
          "T050758",
          "T050757",
          "902302"
        ]
      },
      "release_date": "2026-03-10T23:00:00.000+00:00",
      "title": "CVE-2026-26105"
    },
    {
      "cve": "CVE-2026-26106",
      "product_status": {
        "known_affected": [
          "318577",
          "T043649",
          "T050752",
          "T050754",
          "T050753",
          "T050750",
          "T050749",
          "T050756",
          "T051516",
          "T050755",
          "T050758",
          "T050757",
          "902302"
        ]
      },
      "release_date": "2026-03-10T23:00:00.000+00:00",
      "title": "CVE-2026-26106"
    },
    {
      "cve": "CVE-2026-26107",
      "product_status": {
        "known_affected": [
          "318577",
          "T043649",
          "T050752",
          "T050754",
          "T050753",
          "T050750",
          "T050749",
          "T050756",
          "T051516",
          "T050755",
          "T050758",
          "T050757",
          "902302"
        ]
      },
      "release_date": "2026-03-10T23:00:00.000+00:00",
      "title": "CVE-2026-26107"
    },
    {
      "cve": "CVE-2026-26108",
      "product_status": {
        "known_affected": [
          "318577",
          "T043649",
          "T050752",
          "T050754",
          "T050753",
          "T050750",
          "T050749",
          "T050756",
          "T051516",
          "T050755",
          "T050758",
          "T050757",
          "902302"
        ]
      },
      "release_date": "2026-03-10T23:00:00.000+00:00",
      "title": "CVE-2026-26108"
    },
    {
      "cve": "CVE-2026-26109",
      "product_status": {
        "known_affected": [
          "318577",
          "T043649",
          "T050752",
          "T050754",
          "T050753",
          "T050750",
          "T050749",
          "T050756",
          "T051516",
          "T050755",
          "T050758",
          "T050757",
          "902302"
        ]
      },
      "release_date": "2026-03-10T23:00:00.000+00:00",
      "title": "CVE-2026-26109"
    },
    {
      "cve": "CVE-2026-26110",
      "product_status": {
        "known_affected": [
          "318577",
          "T043649",
          "T050752",
          "T050754",
          "T050753",
          "T050750",
          "T050749",
          "T050756",
          "T051516",
          "T050755",
          "T050758",
          "T050757",
          "902302"
        ]
      },
      "release_date": "2026-03-10T23:00:00.000+00:00",
      "title": "CVE-2026-26110"
    },
    {
      "cve": "CVE-2026-26112",
      "product_status": {
        "known_affected": [
          "318577",
          "T043649",
          "T050752",
          "T050754",
          "T050753",
          "T050750",
          "T050749",
          "T050756",
          "T051516",
          "T050755",
          "T050758",
          "T050757",
          "902302"
        ]
      },
      "release_date": "2026-03-10T23:00:00.000+00:00",
      "title": "CVE-2026-26112"
    },
    {
      "cve": "CVE-2026-26113",
      "product_status": {
        "known_affected": [
          "318577",
          "T043649",
          "T050752",
          "T050754",
          "T050753",
          "T050750",
          "T050749",
          "T050756",
          "T051516",
          "T050755",
          "T050758",
          "T050757",
          "902302"
        ]
      },
      "release_date": "2026-03-10T23:00:00.000+00:00",
      "title": "CVE-2026-26113"
    },
    {
      "cve": "CVE-2026-26114",
      "product_status": {
        "known_affected": [
          "318577",
          "T043649",
          "T050752",
          "T050754",
          "T050753",
          "T050750",
          "T050749",
          "T050756",
          "T051516",
          "T050755",
          "T050758",
          "T050757",
          "902302"
        ]
      },
      "release_date": "2026-03-10T23:00:00.000+00:00",
      "title": "CVE-2026-26114"
    },
    {
      "cve": "CVE-2026-26134",
      "product_status": {
        "known_affected": [
          "318577",
          "T043649",
          "T050752",
          "T050754",
          "T050753",
          "T050750",
          "T050749",
          "T050756",
          "T051516",
          "T050755",
          "T050758",
          "T050757",
          "902302"
        ]
      },
      "release_date": "2026-03-10T23:00:00.000+00:00",
      "title": "CVE-2026-26134"
    },
    {
      "cve": "CVE-2026-26144",
      "product_status": {
        "known_affected": [
          "318577",
          "T043649",
          "T050752",
          "T050754",
          "T050753",
          "T050750",
          "T050749",
          "T050756",
          "T051516",
          "T050755",
          "T050758",
          "T050757",
          "902302"
        ]
      },
      "release_date": "2026-03-10T23:00:00.000+00:00",
      "title": "CVE-2026-26144"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-26113 (GCVE-0-2026-26113)

Solutions

Solutions

Tags

Sightings

Nomenclature