Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-32201 (GCVE-0-2026-32201)
Vulnerability from cvelistv5 – Published: 2026-04-14 16:58 – Updated: 2026-06-19 16:08Title
Microsoft SharePoint Server Spoofing Vulnerability
Summary
Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
Severity
SSVC
Exploitation: active
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisorypatch |
| https://www.cisa.gov/known-exploited-vulnerabilit… | government-resource |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Affected:
16.0.0 , < 16.0.5548.1003
(custom)
|
|
| Microsoft | Microsoft SharePoint Server 2019 |
Affected:
16.0.0 , < 16.0.10417.20114
(custom)
|
|
| Microsoft | Microsoft SharePoint Server Subscription Edition |
Affected:
16.0.0 , < 16.0.19725.20210
(custom)
|
Date Public
2026-04-14 14:00
CISA KEV
Known Exploited Vulnerability - GCVE BCP-07 Compliant
KEV entry ID: 6900f11f-52e4-4aca-ba00-96d6ca32b39a
Exploited: Yes
Timestamps
First Seen: 2026-04-14
Asserted: 2026-04-14
Scope
Notes: KEV entry: Microsoft SharePoint Server Improper Input Validation Vulnerability | Affected: Microsoft / SharePoint Server | Description: Microsoft SharePoint Server contains an improper input validation vulnerability that allows an unauthorized attacker to perform spoofing over a network. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-04-28 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-32201 ; https://nvd.nist.gov/vuln/detail/CVE-2026-32201
Evidence
Type: Vendor Report
Signal: Successful Exploitation
Confidence: 80%
Source: cisa-kev
Details
| Cwes | CWE-20 |
|---|---|
| Feed | CISA Known Exploited Vulnerabilities Catalog |
| Product | SharePoint Server |
| Due Date | 2026-04-28 |
| Date Added | 2026-04-14 |
| Vendorproject | Microsoft |
| Vulnerabilityname | Microsoft SharePoint Server Improper Input Validation Vulnerability |
| Knownransomwarecampaignuse | Unknown |
References
Created: 2026-04-14 18:00 UTC
| Updated: 2026-04-14 18:00 UTC
KEVintel KEV
Known Exploited Vulnerability - GCVE BCP-07 Compliant
KEV entry ID: c756faa3-4da9-4385-a9a9-0c143cf49501
Exploited: Yes
Timestamps
First Seen: 2026-06-01
Asserted: 2026-06-01
Scope
Notes: KEVIntel entry: Microsoft SharePoint Server Spoofing Vulnerability | Affected: Microsoft / Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2019, Microsoft SharePoint Server Subscription Edition | CVSS: 6.5 (MEDIUM) | EPSS: 0.24172 | Used in malware: unknown | Not yet in CISA KEV: False
Evidence
Type: Public Report
Signal: Successful Exploitation
Confidence: 70%
Source: kevintel
Details
| Feed | KEVIntel (kevintel.com) |
|---|---|
| Title | Microsoft SharePoint Server Spoofing Vulnerability |
| Vendor | Microsoft |
| Product | Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2019, Microsoft SharePoint Server Subscription Edition |
| Added Date | 2026-06-01T13:07:19.548Z |
| Cvss Score | 6.5 |
| Epss Score | 0.24172 |
| Cvss Severity | MEDIUM |
| Epss Percentile | 0.97571 |
| Used In Malware | unknown |
| Ahead Of Cisa Kev |
|
| Not Yet In Cisa Kev | False |
References
Created: 2026-06-19 12:45 UTC
| Updated: 2026-06-19 12:45 UTC
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-32201",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-09T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2026-04-14",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-32201"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-16T03:55:16.734Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-32201"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SharePoint Enterprise Server 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.5548.1003",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SharePoint Server 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.10417.20114",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SharePoint Server Subscription Edition",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.19725.20210",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server_2016:*:*:*:*:enterprise:*:*:*",
"versionEndExcluding": "16.0.5548.1003",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.0.10417.20114",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*",
"versionEndExcluding": "16.0.19725.20210",
"versionStartIncluding": "16.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2026-04-14T14:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:F/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-19T16:08:51.311Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft SharePoint Server Spoofing Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32201"
}
],
"title": "Microsoft SharePoint Server Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2026-32201",
"datePublished": "2026-04-14T16:58:36.981Z",
"dateReserved": "2026-03-11T01:49:58.658Z",
"dateUpdated": "2026-06-19T16:08:51.311Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"cisa_known_exploited": {
"cveID": "CVE-2026-32201",
"cwes": "[\"CWE-20\"]",
"dateAdded": "2026-04-14",
"dueDate": "2026-04-28",
"knownRansomwareCampaignUse": "Unknown",
"notes": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-32201 ; https://nvd.nist.gov/vuln/detail/CVE-2026-32201",
"product": "SharePoint Server",
"requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
"shortDescription": "Microsoft SharePoint Server contains an improper input validation vulnerability that allows an unauthorized attacker to perform spoofing over a network.",
"vendorProject": "Microsoft",
"vulnerabilityName": "Microsoft SharePoint Server Improper Input Validation Vulnerability"
},
"epss": {
"cve": "CVE-2026-32201",
"date": "2026-06-20",
"epss": "0.24172",
"percentile": "0.97568"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-32201\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2026-04-14T18:17:27.160\",\"lastModified\":\"2026-05-28T14:27:53.370\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":2.5},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":2.5}]},\"cisaExploitAdd\":\"2026-04-14\",\"cisaActionDue\":\"2026-04-28\",\"cisaRequiredAction\":\"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.\",\"cisaVulnerabilityName\":\"Microsoft SharePoint Server Improper Input Validation Vulnerability\",\"weaknesses\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*\",\"versionEndExcluding\":\"16.0.19725.20210\",\"matchCriteriaId\":\"5CA92EAC-72F0-43F4-A8E0-FA40C57AEF01\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"F815EF1D-7B60-47BE-9AC2-2548F99F10E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6122D014-5BF1-4AF4-8B4D-80205ED7785E\"}]}]}],\"references\":[{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32201\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-32201\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\",\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-32201\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-04-15T09:37:39.308837Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2026-04-14\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-32201\"}}}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-32201\", \"tags\": [\"government-resource\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-04-14T17:26:37.680Z\"}}], \"cna\": {\"title\": \"Microsoft SharePoint Server Spoofing Vulnerability\", \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:F/RL:O/RC:C\"}, \"scenarios\": [{\"lang\": \"en-US\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Microsoft\", \"product\": \"Microsoft SharePoint Enterprise Server 2016\", \"versions\": [{\"status\": \"affected\", \"version\": \"16.0.0\", \"lessThan\": \"16.0.5548.1003\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft SharePoint Server 2019\", \"versions\": [{\"status\": \"affected\", \"version\": \"16.0.0\", \"lessThan\": \"16.0.10417.20114\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft SharePoint Server Subscription Edition\", \"versions\": [{\"status\": \"affected\", \"version\": \"16.0.0\", \"lessThan\": \"16.0.19725.20210\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}], \"datePublic\": \"2026-04-14T14:00:00.000Z\", \"references\": [{\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32201\", \"name\": \"Microsoft SharePoint Server Spoofing Vulnerability\", \"tags\": [\"vendor-advisory\", \"patch\"]}], \"descriptions\": [{\"lang\": \"en-US\", \"value\": \"Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en-US\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"CWE-20: Improper Input Validation\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:microsoft:sharepoint_server_2016:*:*:*:*:enterprise:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"16.0.5548.1003\", \"versionStartIncluding\": \"16.0.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:sharepoint_server_2019:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"16.0.10417.20114\", \"versionStartIncluding\": \"16.0.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"16.0.19725.20210\", \"versionStartIncluding\": \"16.0.0\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"shortName\": \"microsoft\", \"dateUpdated\": \"2026-06-19T16:08:51.311Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-32201\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-06-19T16:08:51.311Z\", \"dateReserved\": \"2026-03-11T01:49:58.658Z\", \"assignerOrgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"datePublished\": \"2026-04-14T16:58:36.981Z\", \"assignerShortName\": \"microsoft\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
CERTFR-2026-AVI-0445
Vulnerability from certfr_avis - Published: 2026-04-15 - Updated: 2026-04-15
De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Microsoft indique que la vulnérabilité CVE-2026-32201 est activement exploitée.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | Microsoft SharePoint Server Subscription Edition versions antérieures à 16.0.19725.20210 | ||
| Microsoft | N/A | azl3 rubygem-addressable 2.8.5-2 versions antérieures à 2.9.0-1 | ||
| Microsoft | N/A | Microsoft Power Apps versions antérieures à 3.26032.10.0 | ||
| Microsoft | N/A | Microsoft SQL Server 2019 pour systèmes x64 (GDR) versions antérieures à 15.0.2165.1 | ||
| Microsoft | N/A | Microsoft Visual Studio 2017 version 15.9 (inclus 15.0 - 15.8) antérieures à 15.9.79 | ||
| Microsoft | N/A | Microsoft SQL Server 2022 pour systèmes x64 (GDR) versions antérieures à 16.0.1175.1 | ||
| Microsoft | N/A | Microsoft Visual Studio Code CoPilot Chat Extension versions antérieures à 0.37.3 | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.14 antérieures à 17.14.30 | ||
| Microsoft | N/A | Microsoft SQL Server 2022 pour systèmes x64 (CU 24) versions antérieures à 16.0.4250.1 | ||
| Microsoft | N/A | Microsoft SQL Server 2017 pour systèmes x64 (CU 31) versions antérieures à 14.0.3525.1 | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.12 antérieures à 17.12.19 | ||
| Microsoft | N/A | Microsoft SharePoint Server 2019 versions antérieures à 16.0.10417.20114 | ||
| Microsoft | N/A | azl3 libpng 1.6.56-1 versions antérieures à 1.6.57-1 | ||
| Microsoft | N/A | Microsoft Visual Studio 2019 version 16.4 (inclus 16.0 - 16.3) antérieures à 16.11.55 | ||
| Microsoft | N/A | Microsoft SQL Server 2016 pour systèmes x64 Service Pack 3 Azure Connect Feature Pack versions antérieures à 13.0.7080.1 | ||
| Microsoft | N/A | Microsoft Visual Studio 2019 version 16.11 (inclus 16.0 - 16.10) antérieures à 16.11.55 | ||
| Microsoft | N/A | Microsoft SQL Server 2025 pour systèmes x64 (GDR) versions antérieures à 17.0.1110.1 | ||
| Microsoft | N/A | Microsoft SQL Server 2019 pour systèmes x64 (CU 32) versions antérieures à 15.0.4465.1 | ||
| Microsoft | N/A | Microsoft SQL Server 2017 pour systèmes x64 (GDR) versions antérieures à 14.0.2105.1 | ||
| Microsoft | N/A | Microsoft SharePoint Enterprise Server 2016 versions antérieures à 16.0.5548.1003 | ||
| Microsoft | N/A | Microsoft Defender Antimalware Platform versions antérieures à 4.18.26030.3011 | ||
| Microsoft | N/A | Microsoft HPC Pack 2019 versions antérieures à 6.3.8355 | ||
| Microsoft | N/A | azl3 golang 1.25.8-1 versions antérieures à 1.25.9-1 | ||
| Microsoft | N/A | Microsoft SQL Server 2016 pour systèmes x64 Service Pack 3 (GDR) versions antérieures à 13.0.6485.1 | ||
| Microsoft | N/A | Microsoft Dynamics 365 (on-premises) version 9.0 antérieures à 9.1.0044.0015 | ||
| Microsoft | N/A | Microsoft SQL Server 2025 pour systèmes x64 (CU3) versions antérieures à 17.0.4030.1 | ||
| Microsoft | N/A | PowerShell 7.5 versions antérieures à 7.5.5 | ||
| Microsoft | N/A | PowerShell 7.4 versions antérieures à 7.4.14 | ||
| Microsoft | N/A | azl3 golang 1.26.1-1 versions antérieures à 1.26.2-1 | ||
| Microsoft | N/A | azl3 libexif 0.6.24-2 versions antérieures à 0.6.24-3 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft SharePoint Server Subscription Edition versions ant\u00e9rieures \u00e0 16.0.19725.20210",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 rubygem-addressable 2.8.5-2 versions ant\u00e9rieures \u00e0 2.9.0-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Power Apps versions ant\u00e9rieures \u00e0 3.26032.10.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2019 pour syst\u00e8mes x64 (GDR) versions ant\u00e9rieures \u00e0 15.0.2165.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2017 version 15.9 (inclus 15.0 - 15.8) ant\u00e9rieures \u00e0 15.9.79",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2022 pour syst\u00e8mes x64 (GDR) versions ant\u00e9rieures \u00e0 16.0.1175.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio Code CoPilot Chat Extension versions ant\u00e9rieures \u00e0 0.37.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.14 ant\u00e9rieures \u00e0 17.14.30",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2022 pour syst\u00e8mes x64 (CU 24) versions ant\u00e9rieures \u00e0 16.0.4250.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2017 pour syst\u00e8mes x64 (CU 31) versions ant\u00e9rieures \u00e0 14.0.3525.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.12 ant\u00e9rieures \u00e0 17.12.19",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Server 2019 versions ant\u00e9rieures \u00e0 16.0.10417.20114",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 libpng 1.6.56-1 versions ant\u00e9rieures \u00e0 1.6.57-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2019 version 16.4 (inclus 16.0 - 16.3) ant\u00e9rieures \u00e0 16.11.55",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2016 pour syst\u00e8mes x64 Service Pack 3 Azure Connect Feature Pack versions ant\u00e9rieures \u00e0 13.0.7080.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2019 version 16.11 (inclus 16.0 - 16.10) ant\u00e9rieures \u00e0 16.11.55",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2025 pour syst\u00e8mes x64 (GDR) versions ant\u00e9rieures \u00e0 17.0.1110.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2019 pour syst\u00e8mes x64 (CU 32) versions ant\u00e9rieures \u00e0 15.0.4465.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2017 pour syst\u00e8mes x64 (GDR) versions ant\u00e9rieures \u00e0 14.0.2105.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Enterprise Server 2016 versions ant\u00e9rieures \u00e0 16.0.5548.1003",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Defender Antimalware Platform versions ant\u00e9rieures \u00e0 4.18.26030.3011",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft HPC Pack 2019 versions ant\u00e9rieures \u00e0 6.3.8355",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 golang 1.25.8-1 versions ant\u00e9rieures \u00e0 1.25.9-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2016 pour syst\u00e8mes x64 Service Pack 3 (GDR) versions ant\u00e9rieures \u00e0 13.0.6485.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Dynamics 365 (on-premises) version 9.0 ant\u00e9rieures \u00e0 9.1.0044.0015",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2025 pour syst\u00e8mes x64 (CU3) versions ant\u00e9rieures \u00e0 17.0.4030.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "PowerShell 7.5 versions ant\u00e9rieures \u00e0 7.5.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "PowerShell 7.4 versions ant\u00e9rieures \u00e0 7.4.14",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 golang 1.26.1-1 versions ant\u00e9rieures \u00e0 1.26.2-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 libexif 0.6.24-2 versions ant\u00e9rieures \u00e0 0.6.24-3",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-20945",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20945"
},
{
"name": "CVE-2026-21637",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21637"
},
{
"name": "CVE-2026-35611",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35611"
},
{
"name": "CVE-2026-40385",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40385"
},
{
"name": "CVE-2026-26143",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26143"
},
{
"name": "CVE-2026-32631",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32631"
},
{
"name": "CVE-2026-32167",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32167"
},
{
"name": "CVE-2026-34757",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34757"
},
{
"name": "CVE-2026-33120",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33120"
},
{
"name": "CVE-2026-33825",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33825"
},
{
"name": "CVE-2026-23653",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23653"
},
{
"name": "CVE-2026-26149",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26149"
},
{
"name": "CVE-2026-32184",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32184"
},
{
"name": "CVE-2026-32203",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32203"
},
{
"name": "CVE-2026-32201",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32201"
},
{
"name": "CVE-2026-32178",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32178"
},
{
"name": "CVE-2026-33810",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33810"
},
{
"name": "CVE-2026-40386",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40386"
},
{
"name": "CVE-2026-33103",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33103"
},
{
"name": "CVE-2026-32176",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32176"
}
],
"initial_release_date": "2026-04-15T00:00:00",
"last_revision_date": "2026-04-15T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0445",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-04-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Microsoft. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.\n\nMicrosoft indique que la vuln\u00e9rabilit\u00e9 CVE-2026-32201 est activement exploit\u00e9e.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
"vendor_advisories": [
{
"published_at": "2026-04-11",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-35611",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35611"
},
{
"published_at": "2026-04-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-26143",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26143"
},
{
"published_at": "2026-04-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-34757",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-34757"
},
{
"published_at": "2026-04-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-33103",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33103"
},
{
"published_at": "2026-04-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-32178",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32178"
},
{
"published_at": "2026-04-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-32176",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32176"
},
{
"published_at": "2026-04-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-32167",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32167"
},
{
"published_at": "2026-04-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-32631",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32631"
},
{
"published_at": "2026-04-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-32203",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32203"
},
{
"published_at": "2026-04-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-32184",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32184"
},
{
"published_at": "2026-04-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-32201",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32201"
},
{
"published_at": "2026-04-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-20945",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20945"
},
{
"published_at": "2026-04-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-21637",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21637"
},
{
"published_at": "2026-04-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-23653",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23653"
},
{
"published_at": "2026-04-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-33825",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33825"
},
{
"published_at": "2026-04-11",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-33810",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33810"
},
{
"published_at": "2026-04-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-40385",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40385"
},
{
"published_at": "2026-04-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-40386",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40386"
},
{
"published_at": "2026-04-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-33120",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33120"
},
{
"published_at": "2026-04-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-26149",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26149"
}
]
}
Title
Microsoft SharePoint Server欺骗漏洞(CNVD-2026-19432)
Description
Microsoft SharePoint Server是美国微软(Microsoft)公司的一套企业业务协作平台。该平台用于对业务信息进行整合,并能够共享工作、与他人协同工作、组织项目和工作组、搜索人员和信息。
Microsoft SharePoint Server存在欺骗漏洞,攻击者可利用该漏洞进行欺骗攻击。
Severity
中
Patch Name
Microsoft SharePoint Server欺骗漏洞(CNVD-2026-19432)的补丁
Patch Description
Microsoft SharePoint Server是美国微软(Microsoft)公司的一套企业业务协作平台。该平台用于对业务信息进行整合,并能够共享工作、与他人协同工作、组织项目和工作组、搜索人员和信息。
Microsoft SharePoint Server存在欺骗漏洞,攻击者可利用该漏洞进行欺骗攻击。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32201
Reference
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-32201
Impacted products
| Name | ['Microsoft SharePoint Enterprise Server 2016', 'Microsoft SharePoint Server 2019', 'Microsoft SharePoint Server Subscription Edition'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2026-32201",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2026-32201"
}
},
"description": "Microsoft SharePoint Server\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4e00\u5957\u4f01\u4e1a\u4e1a\u52a1\u534f\u4f5c\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u7528\u4e8e\u5bf9\u4e1a\u52a1\u4fe1\u606f\u8fdb\u884c\u6574\u5408\uff0c\u5e76\u80fd\u591f\u5171\u4eab\u5de5\u4f5c\u3001\u4e0e\u4ed6\u4eba\u534f\u540c\u5de5\u4f5c\u3001\u7ec4\u7ec7\u9879\u76ee\u548c\u5de5\u4f5c\u7ec4\u3001\u641c\u7d22\u4eba\u5458\u548c\u4fe1\u606f\u3002\n\nMicrosoft SharePoint Server\u5b58\u5728\u6b3a\u9a97\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8fdb\u884c\u6b3a\u9a97\u653b\u51fb\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32201",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2026-19432",
"openTime": "2026-05-08",
"patchDescription": "Microsoft SharePoint Server\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4e00\u5957\u4f01\u4e1a\u4e1a\u52a1\u534f\u4f5c\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u7528\u4e8e\u5bf9\u4e1a\u52a1\u4fe1\u606f\u8fdb\u884c\u6574\u5408\uff0c\u5e76\u80fd\u591f\u5171\u4eab\u5de5\u4f5c\u3001\u4e0e\u4ed6\u4eba\u534f\u540c\u5de5\u4f5c\u3001\u7ec4\u7ec7\u9879\u76ee\u548c\u5de5\u4f5c\u7ec4\u3001\u641c\u7d22\u4eba\u5458\u548c\u4fe1\u606f\u3002\r\n\r\nMicrosoft SharePoint Server\u5b58\u5728\u6b3a\u9a97\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8fdb\u884c\u6b3a\u9a97\u653b\u51fb\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Microsoft SharePoint Server\u6b3a\u9a97\u6f0f\u6d1e\uff08CNVD-2026-19432\uff09\u7684\u8865\u4e01",
"products": {
"product": [
"Microsoft SharePoint Enterprise Server 2016",
"Microsoft SharePoint Server 2019",
"Microsoft SharePoint Server Subscription Edition"
]
},
"referenceLink": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-32201",
"serverity": "\u4e2d",
"submitTime": "2026-04-21",
"title": "Microsoft SharePoint Server\u6b3a\u9a97\u6f0f\u6d1e\uff08CNVD-2026-19432\uff09"
}
FKIE_CVE-2026-32201
Vulnerability from fkie_nvd - Published: 2026-04-14 18:17 - Updated: 2026-06-17 10:35
Severity
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Summary
Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
References
| URL | Tags | ||
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32201 | Vendor Advisory | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-32201 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_server | * | |
| microsoft | sharepoint_server | 2016 | |
| microsoft | sharepoint_server | 2019 |
{
"affected": [
{
"affectedData": [
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SharePoint Enterprise Server 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.5548.1003",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SharePoint Server 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.10417.20114",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SharePoint Server Subscription Edition",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.19725.20210",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
}
],
"source": "secure@microsoft.com"
}
],
"cisaActionDue": "2026-04-28",
"cisaExploitAdd": "2026-04-14",
"cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "Microsoft SharePoint Server Improper Input Validation Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*",
"matchCriteriaId": "5CA92EAC-72F0-43F4-A8E0-FA40C57AEF01",
"versionEndExcluding": "16.0.19725.20210",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "F815EF1D-7B60-47BE-9AC2-2548F99F10E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*",
"matchCriteriaId": "6122D014-5BF1-4AF4-8B4D-80205ED7785E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network."
}
],
"id": "CVE-2026-32201",
"lastModified": "2026-06-17T10:35:20.103",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2026-32201",
"options": [
{
"exploitation": "active"
},
{
"automatable": "yes"
},
{
"technicalImpact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-09T00:00:00+00:00",
"version": "2.0.3"
}
}
]
},
"published": "2026-04-14T18:17:27.160",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32201"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-32201"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-JMJ9-QM9W-HRQJ
Vulnerability from github – Published: 2026-04-14 18:30 – Updated: 2026-04-14 18:30
VLAI
Details
Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
Severity
6.5 (Medium)
{
"affected": [],
"aliases": [
"CVE-2026-32201"
],
"database_specific": {
"cwe_ids": [
"CWE-20"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-14T18:17:27Z",
"severity": "MODERATE"
},
"details": "Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.",
"id": "GHSA-jmj9-qm9w-hrqj",
"modified": "2026-04-14T18:30:41Z",
"published": "2026-04-14T18:30:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32201"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32201"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-32201"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
MSRC_CVE-2026-32201
Vulnerability from csaf_microsoft - Published: 2026-04-14 07:00 - Updated: 2026-04-14 07:00Summary
Microsoft SharePoint Server Spoofing Vulnerability
Severity
Important
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
Customer Action: Required. The vulnerability documented by this CVE requires customer action to resolve.
CWE-20
- Improper Input Validation
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft SharePoint Enterprise Server 2016 16.0.5548.1003
Microsoft SharePoint Enterprise Server 2016
|
16.0.5548.1003 | ||
|
Microsoft SharePoint Server 2019 16.0.10417.20114
Microsoft SharePoint Server 2019
|
16.0.10417.20114 | ||
|
Microsoft SharePoint Server Subscription Edition 16.0.19725.20210
Microsoft SharePoint Server Subscription Edition
|
16.0.19725.20210 |
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft SharePoint Server Subscription Edition <16.0.19725.20210
Microsoft SharePoint Server Subscription Edition
|
<16.0.19725.20210 |
Vendor Fix
fix
|
|
|
Microsoft SharePoint Server 2019 <16.0.10417.20114
Microsoft SharePoint Server 2019
|
<16.0.10417.20114 |
Vendor Fix
fix
|
|
|
Microsoft SharePoint Enterprise Server 2016 <16.0.5548.1003
Microsoft SharePoint Enterprise Server 2016
|
<16.0.5548.1003 |
Vendor Fix
fix
|
Threats
Impact
Spoofing
Exploit Status
Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Detected
References
7 references
| URL | Category |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | self |
| https://msrc.microsoft.com/csaf/advisories/2026/m… | self |
| https://www.microsoft.com/en-us/msrc/exploitabili… | external |
| https://support.microsoft.com/lifecycle | external |
| https://www.first.org/cvss | external |
| https://msrc.microsoft.com/update-guide/vulnerabi… | self |
| https://msrc.microsoft.com/csaf/advisories/2026/m… | self |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.microsoft.com/en-us/msrc/security-update-severity-rating-system",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
},
{
"category": "general",
"text": "Required. The vulnerability documented by this CVE requires customer action to resolve.",
"title": "Customer Action"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2026-32201 Microsoft SharePoint Server Spoofing Vulnerability - HTML",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32201"
},
{
"category": "self",
"summary": "CVE-2026-32201 Microsoft SharePoint Server Spoofing Vulnerability - CSAF",
"url": "https://msrc.microsoft.com/csaf/advisories/2026/msrc_cve-2026-32201.json"
},
{
"category": "external",
"summary": "Microsoft Exploitability Index",
"url": "https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "Microsoft SharePoint Server Spoofing Vulnerability",
"tracking": {
"current_release_date": "2026-04-14T07:00:00.000Z",
"generator": {
"date": "2026-04-14T16:56:52.388Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2026-32201",
"initial_release_date": "2026-04-14T07:00:00.000Z",
"revision_history": [
{
"date": "2026-04-14T07:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c16.0.5548.1003",
"product": {
"name": "Microsoft SharePoint Enterprise Server 2016 \u003c16.0.5548.1003",
"product_id": "3"
}
},
{
"category": "product_version",
"name": "16.0.5548.1003",
"product": {
"name": "Microsoft SharePoint Enterprise Server 2016 16.0.5548.1003",
"product_id": "10950"
}
}
],
"category": "product_name",
"name": "Microsoft SharePoint Enterprise Server 2016"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c16.0.10417.20114",
"product": {
"name": "Microsoft SharePoint Server 2019 \u003c16.0.10417.20114",
"product_id": "2"
}
},
{
"category": "product_version",
"name": "16.0.10417.20114",
"product": {
"name": "Microsoft SharePoint Server 2019 16.0.10417.20114",
"product_id": "11585"
}
}
],
"category": "product_name",
"name": "Microsoft SharePoint Server 2019"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c16.0.19725.20210",
"product": {
"name": "Microsoft SharePoint Server Subscription Edition \u003c16.0.19725.20210",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "16.0.19725.20210",
"product": {
"name": "Microsoft SharePoint Server Subscription Edition 16.0.19725.20210",
"product_id": "11961"
}
}
],
"category": "product_name",
"name": "Microsoft SharePoint Server Subscription Edition"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-32201",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "general",
"text": "Microsoft",
"title": "Assigning CNA"
},
{
"category": "faq",
"text": "An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality), make changes to disclosed information (Integrity), but cannot limit access to the resource (Availability).",
"title": "According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L), and integrity (I:L) but lead to no loss of availability (A:N). What is the impact of this vulnerability?"
}
],
"product_status": {
"fixed": [
"10950",
"11585",
"11961"
],
"known_affected": [
"1",
"2",
"3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-32201 Microsoft SharePoint Server Spoofing Vulnerability - HTML",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32201"
},
{
"category": "self",
"summary": "CVE-2026-32201 Microsoft SharePoint Server Spoofing Vulnerability - CSAF",
"url": "https://msrc.microsoft.com/csaf/advisories/2026/msrc_cve-2026-32201.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-14T07:00:00.000Z",
"details": "16.0.5548.1003:Security Update:https://support.microsoft.com/help/5002861",
"product_ids": [
"3"
],
"url": "https://support.microsoft.com/help/5002861"
},
{
"category": "vendor_fix",
"date": "2026-04-14T07:00:00.000Z",
"details": "16.0.10417.20114:Security Update:https://support.microsoft.com/help/5002854",
"product_ids": [
"2"
],
"url": "https://support.microsoft.com/help/5002854"
},
{
"category": "vendor_fix",
"date": "2026-04-14T07:00:00.000Z",
"details": "16.0.19725.20210:Security Update:https://support.microsoft.com/help/5002853",
"product_ids": [
"1"
],
"url": "https://support.microsoft.com/help/5002853"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalsScore": 0.0,
"exploitCodeMaturity": "FUNCTIONAL",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:F/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"threats": [
{
"category": "impact",
"details": "Spoofing"
},
{
"category": "exploit_status",
"details": "Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Detected"
}
],
"title": "Microsoft SharePoint Server Spoofing Vulnerability"
}
]
}
NCSC-2026-0116
Vulnerability from csaf_ncscnl - Published: 2026-04-14 19:20 - Updated: 2026-04-14 19:20Summary
Kwetsbaarheden verholpen in Microsoft Office
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Microsoft heeft kwetsbaarheden verholpen in diverse Office producten.
Interpretaties: Een kwaadwillende kan de kwetsbaarheden misbruiken om beveiligingsmaatregelen te omzeilen, zoch voor te doen als andere gebruiker en zich zo verhoogde rechten toe te kennen en toegang te krijgen tot gevoelige gegevens.
Voor succesvol misbruik moet de kwaadwillende het slachtoffer misleiden en malafide bestand te openen of link te volgen.
```
Microsoft Office PowerPoint:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2026-32200 | 7,80 | Uitvoeren van willekeurige code |
|----------------|------|-------------------------------------|
Microsoft Office Word:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2026-33095 | 7,80 | Uitvoeren van willekeurige code |
| CVE-2026-33822 | 6,10 | Toegang tot gevoelige gegevens |
| CVE-2026-23657 | 7,80 | Uitvoeren van willekeurige code |
| CVE-2026-33114 | 8,40 | Uitvoeren van willekeurige code |
| CVE-2026-33115 | 8,40 | Uitvoeren van willekeurige code |
|----------------|------|-------------------------------------|
Microsoft Office:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2026-32190 | 8,40 | Uitvoeren van willekeurige code |
|----------------|------|-------------------------------------|
Microsoft Office SharePoint:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2026-20945 | 4,60 | Voordoen als andere gebruiker |
| CVE-2026-32201 | 6,50 | Voordoen als andere gebruiker |
|----------------|------|-------------------------------------|
Microsoft Office Excel:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2026-32188 | 7,10 | Toegang tot gevoelige gegevens |
| CVE-2026-32189 | 7,80 | Uitvoeren van willekeurige code |
| CVE-2026-32197 | 7,80 | Uitvoeren van willekeurige code |
| CVE-2026-32198 | 7,80 | Uitvoeren van willekeurige code |
| CVE-2026-32199 | 7,80 | Uitvoeren van willekeurige code |
|----------------|------|-------------------------------------|
```
Oplossingen: Microsoft heeft updates beschikbaar gesteld waarmee de beschreven kwetsbaarheden worden verholpen. We raden u aan om deze updates te installeren. Meer informatie over de kwetsbaarheden, de installatie van de updates en eventuele work-arounds vindt u op:
https://portal.msrc.microsoft.com/en-us/security-guidance
Kans: medium
Schade: high
CWE-20: Improper Input Validation
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-125: Out-of-bounds Read
CWE-416: Use After Free
CWE-822: Untrusted Pointer Dereference
Microsoft Office SharePoint contains a vulnerability due to improper input neutralization during web page generation, allowing authorized attackers to conduct network spoofing via cross-site scripting.
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')Affected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft PowerPoint 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft PowerPoint 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft PowerPoint 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Enterprise Server 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server Subscription Edition
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Office Online Server
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / SharePoint Server
|
vers:unknown/* |
A use after free vulnerability in Microsoft Office Word allows unauthorized attackers to execute code locally, posing a significant security risk.
CWE-416 - Use After FreeAffected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft PowerPoint 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft PowerPoint 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft PowerPoint 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Enterprise Server 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server Subscription Edition
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Office Online Server
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / SharePoint Server
|
vers:unknown/* |
An out-of-bounds read vulnerability in Microsoft Office Excel allows unauthorized local information disclosure, potentially exposing sensitive data to attackers.
CWE-125 - Out-of-bounds ReadAffected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft PowerPoint 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft PowerPoint 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft PowerPoint 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Enterprise Server 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server Subscription Edition
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Office Online Server
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / SharePoint Server
|
vers:unknown/* |
A vulnerability in Microsoft Office Excel, termed 'use after free,' allows unauthorized attackers to execute code locally on affected systems.
CWE-416 - Use After FreeAffected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft PowerPoint 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft PowerPoint 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft PowerPoint 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Enterprise Server 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server Subscription Edition
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Office Online Server
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / SharePoint Server
|
vers:unknown/* |
The document highlights a 'use after free' vulnerability in Microsoft Office that allows unauthorized attackers to execute code locally.
CWE-416 - Use After FreeAffected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft PowerPoint 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft PowerPoint 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft PowerPoint 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Enterprise Server 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server Subscription Edition
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Office Online Server
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / SharePoint Server
|
vers:unknown/* |
A vulnerability in Microsoft Office Excel, termed 'use after free,' allows unauthorized attackers to execute code locally on affected systems.
CWE-416 - Use After FreeAffected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft PowerPoint 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft PowerPoint 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft PowerPoint 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Enterprise Server 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server Subscription Edition
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Office Online Server
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / SharePoint Server
|
vers:unknown/* |
A vulnerability in Microsoft Office Excel, termed 'use after free,' allows unauthorized attackers to execute code locally on affected systems.
CWE-416 - Use After FreeAffected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft PowerPoint 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft PowerPoint 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft PowerPoint 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Enterprise Server 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server Subscription Edition
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Office Online Server
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / SharePoint Server
|
vers:unknown/* |
A vulnerability in Microsoft Office Excel, termed 'use after free,' allows unauthorized attackers to execute code locally on affected systems.
CWE-416 - Use After FreeAffected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft PowerPoint 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft PowerPoint 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft PowerPoint 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Enterprise Server 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server Subscription Edition
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Office Online Server
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / SharePoint Server
|
vers:unknown/* |
A use-after-free vulnerability in Microsoft Office PowerPoint allows an attacker to execute unauthorized local code, potentially compromising the affected system.
CWE-416 - Use After FreeAffected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft PowerPoint 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft PowerPoint 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft PowerPoint 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Enterprise Server 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server Subscription Edition
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Office Online Server
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / SharePoint Server
|
vers:unknown/* |
Microsoft Office SharePoint suffers from an improper input validation vulnerability that enables unauthorized attackers to perform network spoofing.
Affected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft PowerPoint 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft PowerPoint 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft PowerPoint 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Enterprise Server 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server Subscription Edition
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Office Online Server
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / SharePoint Server
|
vers:unknown/* |
A use after free vulnerability in Microsoft Office Word allows unauthorized attackers to execute code locally, posing a significant security risk.
CWE-416 - Use After FreeAffected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft PowerPoint 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft PowerPoint 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft PowerPoint 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Enterprise Server 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server Subscription Edition
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Office Online Server
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / SharePoint Server
|
vers:unknown/* |
An untrusted pointer dereference vulnerability in Microsoft Office Word enables unauthorized local code execution by attackers.
CWE-822 - Untrusted Pointer DereferenceAffected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft PowerPoint 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft PowerPoint 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft PowerPoint 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Enterprise Server 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server Subscription Edition
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Office Online Server
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / SharePoint Server
|
vers:unknown/* |
A use after free vulnerability in Microsoft Office Word allows unauthorized attackers to execute code locally, posing a significant security risk.
CWE-416 - Use After FreeAffected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft PowerPoint 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft PowerPoint 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft PowerPoint 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Enterprise Server 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server Subscription Edition
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Office Online Server
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / SharePoint Server
|
vers:unknown/* |
An out-of-bounds read vulnerability in Microsoft Office Word allows an unauthorized local attacker to disclose sensitive information.
CWE-125 - Out-of-bounds ReadAffected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft PowerPoint 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft PowerPoint 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft PowerPoint 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Enterprise Server 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server Subscription Edition
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Office Online Server
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / SharePoint Server
|
vers:unknown/* |
References
14 references
| URL | Category |
|---|---|
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Microsoft heeft kwetsbaarheden verholpen in diverse Office producten.",
"title": "Feiten"
},
{
"category": "description",
"text": "Een kwaadwillende kan de kwetsbaarheden misbruiken om beveiligingsmaatregelen te omzeilen, zoch voor te doen als andere gebruiker en zich zo verhoogde rechten toe te kennen en toegang te krijgen tot gevoelige gegevens.\n\nVoor succesvol misbruik moet de kwaadwillende het slachtoffer misleiden en malafide bestand te openen of link te volgen.\n\n```\nMicrosoft Office PowerPoint: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-32200 | 7,80 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nMicrosoft Office Word: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-33095 | 7,80 | Uitvoeren van willekeurige code | \n| CVE-2026-33822 | 6,10 | Toegang tot gevoelige gegevens | \n| CVE-2026-23657 | 7,80 | Uitvoeren van willekeurige code | \n| CVE-2026-33114 | 8,40 | Uitvoeren van willekeurige code | \n| CVE-2026-33115 | 8,40 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nMicrosoft Office: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-32190 | 8,40 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nMicrosoft Office SharePoint: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-20945 | 4,60 | Voordoen als andere gebruiker | \n| CVE-2026-32201 | 6,50 | Voordoen als andere gebruiker | \n|----------------|------|-------------------------------------|\n\nMicrosoft Office Excel: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-32188 | 7,10 | Toegang tot gevoelige gegevens | \n| CVE-2026-32189 | 7,80 | Uitvoeren van willekeurige code | \n| CVE-2026-32197 | 7,80 | Uitvoeren van willekeurige code | \n| CVE-2026-32198 | 7,80 | Uitvoeren van willekeurige code | \n| CVE-2026-32199 | 7,80 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\n```",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Microsoft heeft updates beschikbaar gesteld waarmee de beschreven kwetsbaarheden worden verholpen. We raden u aan om deze updates te installeren. Meer informatie over de kwetsbaarheden, de installatie van de updates en eventuele work-arounds vindt u op:\n\nhttps://portal.msrc.microsoft.com/en-us/security-guidance",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "general",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "general",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "general",
"text": "Untrusted Pointer Dereference",
"title": "CWE-822"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"title": "Kwetsbaarheden verholpen in Microsoft Office",
"tracking": {
"current_release_date": "2026-04-14T19:20:56.343558Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2026-0116",
"initial_release_date": "2026-04-14T19:20:56.343558Z",
"revision_history": [
{
"date": "2026-04-14T19:20:56.343558Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "Microsoft 365 Apps for Enterprise"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-3"
}
}
],
"category": "product_name",
"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-4"
}
}
],
"category": "product_name",
"name": "Microsoft Excel 2016"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-5"
}
}
],
"category": "product_name",
"name": "Microsoft Excel 2016 (32-bit edition)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-6"
}
}
],
"category": "product_name",
"name": "Microsoft Excel 2016 (64-bit edition)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-7"
}
}
],
"category": "product_name",
"name": "Microsoft Office 2016"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-8"
}
}
],
"category": "product_name",
"name": "Microsoft Office 2016 (32-bit edition)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-9"
}
}
],
"category": "product_name",
"name": "Microsoft Office 2016 (64-bit edition)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-10"
}
}
],
"category": "product_name",
"name": "Microsoft Office 2019"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-11"
}
}
],
"category": "product_name",
"name": "Microsoft Office 2019 for 32-bit editions"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-12"
}
}
],
"category": "product_name",
"name": "Microsoft Office 2019 for 64-bit editions"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-13"
}
}
],
"category": "product_name",
"name": "Microsoft Office LTSC 2021"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-14"
}
}
],
"category": "product_name",
"name": "Microsoft Office LTSC 2021 for 32-bit editions"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-15"
}
}
],
"category": "product_name",
"name": "Microsoft Office LTSC 2021 for 64-bit editions"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-16"
}
}
],
"category": "product_name",
"name": "Microsoft Office LTSC 2024"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-17"
}
}
],
"category": "product_name",
"name": "Microsoft Office LTSC 2024 for 32-bit editions"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-18"
}
}
],
"category": "product_name",
"name": "Microsoft Office LTSC 2024 for 64-bit editions"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-19"
}
}
],
"category": "product_name",
"name": "Microsoft Office LTSC for Mac 2021"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-20"
}
}
],
"category": "product_name",
"name": "Microsoft Office LTSC for Mac 2024"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-21"
}
}
],
"category": "product_name",
"name": "Microsoft PowerPoint 2016"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-22"
}
}
],
"category": "product_name",
"name": "Microsoft PowerPoint 2016 (32-bit edition)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-23"
}
}
],
"category": "product_name",
"name": "Microsoft PowerPoint 2016 (64-bit edition)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-24"
}
}
],
"category": "product_name",
"name": "Microsoft SharePoint Enterprise Server 2016"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-25"
}
}
],
"category": "product_name",
"name": "Microsoft SharePoint Server 2019"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-26"
}
}
],
"category": "product_name",
"name": "Microsoft SharePoint Server Subscription Edition"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-27"
}
}
],
"category": "product_name",
"name": "Office Online Server"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-28"
}
}
],
"category": "product_name",
"name": "SharePoint Server"
}
],
"category": "vendor",
"name": "Microsoft"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-20945",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "description",
"text": "Microsoft Office SharePoint contains a vulnerability due to improper input neutralization during web page generation, allowing authorized attackers to conduct network spoofing via cross-site scripting.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20945 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20945.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28"
]
}
],
"title": "CVE-2026-20945"
},
{
"cve": "CVE-2026-23657",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use after free vulnerability in Microsoft Office Word allows unauthorized attackers to execute code locally, posing a significant security risk.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-23657 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-23657.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28"
]
}
],
"title": "CVE-2026-23657"
},
{
"cve": "CVE-2026-32188",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "An out-of-bounds read vulnerability in Microsoft Office Excel allows unauthorized local information disclosure, potentially exposing sensitive data to attackers.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-32188 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-32188.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28"
]
}
],
"title": "CVE-2026-32188"
},
{
"cve": "CVE-2026-32189",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A vulnerability in Microsoft Office Excel, termed \u0027use after free,\u0027 allows unauthorized attackers to execute code locally on affected systems.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-32189 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-32189.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28"
]
}
],
"title": "CVE-2026-32189"
},
{
"cve": "CVE-2026-32190",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "The document highlights a \u0027use after free\u0027 vulnerability in Microsoft Office that allows unauthorized attackers to execute code locally.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-32190 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-32190.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28"
]
}
],
"title": "CVE-2026-32190"
},
{
"cve": "CVE-2026-32197",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A vulnerability in Microsoft Office Excel, termed \u0027use after free,\u0027 allows unauthorized attackers to execute code locally on affected systems.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-32197 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-32197.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28"
]
}
],
"title": "CVE-2026-32197"
},
{
"cve": "CVE-2026-32198",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A vulnerability in Microsoft Office Excel, termed \u0027use after free,\u0027 allows unauthorized attackers to execute code locally on affected systems.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-32198 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-32198.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28"
]
}
],
"title": "CVE-2026-32198"
},
{
"cve": "CVE-2026-32199",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A vulnerability in Microsoft Office Excel, termed \u0027use after free,\u0027 allows unauthorized attackers to execute code locally on affected systems.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-32199 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-32199.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28"
]
}
],
"title": "CVE-2026-32199"
},
{
"cve": "CVE-2026-32200",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in Microsoft Office PowerPoint allows an attacker to execute unauthorized local code, potentially compromising the affected system.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-32200 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-32200.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28"
]
}
],
"title": "CVE-2026-32200"
},
{
"cve": "CVE-2026-32201",
"notes": [
{
"category": "description",
"text": "Microsoft Office SharePoint suffers from an improper input validation vulnerability that enables unauthorized attackers to perform network spoofing.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-32201 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-32201.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:F/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28"
]
}
],
"title": "CVE-2026-32201"
},
{
"cve": "CVE-2026-33095",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use after free vulnerability in Microsoft Office Word allows unauthorized attackers to execute code locally, posing a significant security risk.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-33095 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-33095.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28"
]
}
],
"title": "CVE-2026-33095"
},
{
"cve": "CVE-2026-33114",
"cwe": {
"id": "CWE-822",
"name": "Untrusted Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "Untrusted Pointer Dereference",
"title": "CWE-822"
},
{
"category": "description",
"text": "An untrusted pointer dereference vulnerability in Microsoft Office Word enables unauthorized local code execution by attackers.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-33114 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-33114.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28"
]
}
],
"title": "CVE-2026-33114"
},
{
"cve": "CVE-2026-33115",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use after free vulnerability in Microsoft Office Word allows unauthorized attackers to execute code locally, posing a significant security risk.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-33115 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-33115.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28"
]
}
],
"title": "CVE-2026-33115"
},
{
"cve": "CVE-2026-33822",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "An out-of-bounds read vulnerability in Microsoft Office Word allows an unauthorized local attacker to disclose sensitive information.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-33822 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-33822.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28"
]
}
],
"title": "CVE-2026-33822"
}
]
}
WID-SEC-W-2026-1102
Vulnerability from csaf_certbund - Published: 2026-04-14 22:00 - Updated: 2026-04-14 22:00Summary
Microsoft Office: Mehrere Schwachstellen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Die Microsoft Office Suite beinhaltet zahlreiche Büroanwendungen wie Textverarbeitung, Tabellenkalkulation, Datenbank und weitere Applikationen.
Microsoft Office Online Server ist ein Serverprodukt, das browserbasierte Versionen von Word, PowerPoint, Excel und OneNote bereitstellt.
Microsoft Sharepoint Services ist ein Portalsystem für die zentrale Verwaltung von Dokumenten und Anwendungen. Die Inhalte werden u.a. über Webseiten zur Verfügung gestellt.
Microsoft 365 Apps ist eine Office Suite für zahlreiche Büroanwendungen.
Angriff: Ein Angreifer kann mehrere Schwachstellen in Microsoft Excel, Microsoft PowerPoint, Microsoft Office, Microsoft Office Online Server, Microsoft SharePoint, Microsoft SharePoint Server 2019 und Microsoft 365 Apps ausnutzen, um beliebigen Programmcode auszuführen, Spoofing-Angriffe durchzuführen, Daten zu manipulieren und vertrauliche Informationen offenzulegen.
Betroffene Betriebssysteme: - MacOS X
- Windows
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft PowerPoint 2016
Microsoft / PowerPoint
|
cpe:/a:microsoft:powerpoint:2016
|
2016 | |
|
Microsoft Office 2016
Microsoft / Office
|
cpe:/a:microsoft:office:2016
|
2016 | |
|
Microsoft Excel 2016
Microsoft / Excel
|
cpe:/a:microsoft:excel:2016
|
2016 | |
|
Microsoft SharePoint Server Subscription Edition
Microsoft / SharePoint
|
cpe:/a:microsoft:sharepoint:server_subscription_edition
|
Server Subscription Edition | |
|
Microsoft Office LTSC 2024
Microsoft / Office
|
cpe:/a:microsoft:office:ltsc_2024
|
LTSC 2024 | |
|
Microsoft Office LTSC for Mac 2021
Microsoft / Office
|
cpe:/a:microsoft:office:ltsc_for_mac_2021
|
LTSC for Mac 2021 | |
|
Microsoft Office LTSC 2021
Microsoft / Office
|
cpe:/a:microsoft:office:ltsc_2021
|
LTSC 2021 | |
|
Microsoft SharePoint Server 2019
Microsoft
|
cpe:/a:microsoft:sharepoint_server_2019:-
|
— | |
|
Microsoft 365 Apps
Microsoft
|
cpe:/a:microsoft:365_apps:-
|
— | |
|
Microsoft Office Online Server
Microsoft
|
cpe:/a:microsoft:office_online_server:-
|
— | |
|
Microsoft SharePoint Enterprise Server 2016
Microsoft / SharePoint
|
cpe:/a:microsoft:sharepoint:enterprise_server_2016
|
Enterprise Server 2016 | |
|
Microsoft Office 2019
Microsoft / Office
|
cpe:/a:microsoft:office:2019
|
2019 | |
|
Microsoft Office LTSC for Mac 2024
Microsoft / Office
|
cpe:/a:microsoft:office:ltsc_for_mac_2024
|
LTSC for Mac 2024 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft PowerPoint 2016
Microsoft / PowerPoint
|
cpe:/a:microsoft:powerpoint:2016
|
2016 | |
|
Microsoft Office 2016
Microsoft / Office
|
cpe:/a:microsoft:office:2016
|
2016 | |
|
Microsoft Excel 2016
Microsoft / Excel
|
cpe:/a:microsoft:excel:2016
|
2016 | |
|
Microsoft SharePoint Server Subscription Edition
Microsoft / SharePoint
|
cpe:/a:microsoft:sharepoint:server_subscription_edition
|
Server Subscription Edition | |
|
Microsoft Office LTSC 2024
Microsoft / Office
|
cpe:/a:microsoft:office:ltsc_2024
|
LTSC 2024 | |
|
Microsoft Office LTSC for Mac 2021
Microsoft / Office
|
cpe:/a:microsoft:office:ltsc_for_mac_2021
|
LTSC for Mac 2021 | |
|
Microsoft Office LTSC 2021
Microsoft / Office
|
cpe:/a:microsoft:office:ltsc_2021
|
LTSC 2021 | |
|
Microsoft SharePoint Server 2019
Microsoft
|
cpe:/a:microsoft:sharepoint_server_2019:-
|
— | |
|
Microsoft 365 Apps
Microsoft
|
cpe:/a:microsoft:365_apps:-
|
— | |
|
Microsoft Office Online Server
Microsoft
|
cpe:/a:microsoft:office_online_server:-
|
— | |
|
Microsoft SharePoint Enterprise Server 2016
Microsoft / SharePoint
|
cpe:/a:microsoft:sharepoint:enterprise_server_2016
|
Enterprise Server 2016 | |
|
Microsoft Office 2019
Microsoft / Office
|
cpe:/a:microsoft:office:2019
|
2019 | |
|
Microsoft Office LTSC for Mac 2024
Microsoft / Office
|
cpe:/a:microsoft:office:ltsc_for_mac_2024
|
LTSC for Mac 2024 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft PowerPoint 2016
Microsoft / PowerPoint
|
cpe:/a:microsoft:powerpoint:2016
|
2016 | |
|
Microsoft Office 2016
Microsoft / Office
|
cpe:/a:microsoft:office:2016
|
2016 | |
|
Microsoft Excel 2016
Microsoft / Excel
|
cpe:/a:microsoft:excel:2016
|
2016 | |
|
Microsoft SharePoint Server Subscription Edition
Microsoft / SharePoint
|
cpe:/a:microsoft:sharepoint:server_subscription_edition
|
Server Subscription Edition | |
|
Microsoft Office LTSC 2024
Microsoft / Office
|
cpe:/a:microsoft:office:ltsc_2024
|
LTSC 2024 | |
|
Microsoft Office LTSC for Mac 2021
Microsoft / Office
|
cpe:/a:microsoft:office:ltsc_for_mac_2021
|
LTSC for Mac 2021 | |
|
Microsoft Office LTSC 2021
Microsoft / Office
|
cpe:/a:microsoft:office:ltsc_2021
|
LTSC 2021 | |
|
Microsoft SharePoint Server 2019
Microsoft
|
cpe:/a:microsoft:sharepoint_server_2019:-
|
— | |
|
Microsoft 365 Apps
Microsoft
|
cpe:/a:microsoft:365_apps:-
|
— | |
|
Microsoft Office Online Server
Microsoft
|
cpe:/a:microsoft:office_online_server:-
|
— | |
|
Microsoft SharePoint Enterprise Server 2016
Microsoft / SharePoint
|
cpe:/a:microsoft:sharepoint:enterprise_server_2016
|
Enterprise Server 2016 | |
|
Microsoft Office 2019
Microsoft / Office
|
cpe:/a:microsoft:office:2019
|
2019 | |
|
Microsoft Office LTSC for Mac 2024
Microsoft / Office
|
cpe:/a:microsoft:office:ltsc_for_mac_2024
|
LTSC for Mac 2024 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft PowerPoint 2016
Microsoft / PowerPoint
|
cpe:/a:microsoft:powerpoint:2016
|
2016 | |
|
Microsoft Office 2016
Microsoft / Office
|
cpe:/a:microsoft:office:2016
|
2016 | |
|
Microsoft Excel 2016
Microsoft / Excel
|
cpe:/a:microsoft:excel:2016
|
2016 | |
|
Microsoft SharePoint Server Subscription Edition
Microsoft / SharePoint
|
cpe:/a:microsoft:sharepoint:server_subscription_edition
|
Server Subscription Edition | |
|
Microsoft Office LTSC 2024
Microsoft / Office
|
cpe:/a:microsoft:office:ltsc_2024
|
LTSC 2024 | |
|
Microsoft Office LTSC for Mac 2021
Microsoft / Office
|
cpe:/a:microsoft:office:ltsc_for_mac_2021
|
LTSC for Mac 2021 | |
|
Microsoft Office LTSC 2021
Microsoft / Office
|
cpe:/a:microsoft:office:ltsc_2021
|
LTSC 2021 | |
|
Microsoft SharePoint Server 2019
Microsoft
|
cpe:/a:microsoft:sharepoint_server_2019:-
|
— | |
|
Microsoft 365 Apps
Microsoft
|
cpe:/a:microsoft:365_apps:-
|
— | |
|
Microsoft Office Online Server
Microsoft
|
cpe:/a:microsoft:office_online_server:-
|
— | |
|
Microsoft SharePoint Enterprise Server 2016
Microsoft / SharePoint
|
cpe:/a:microsoft:sharepoint:enterprise_server_2016
|
Enterprise Server 2016 | |
|
Microsoft Office 2019
Microsoft / Office
|
cpe:/a:microsoft:office:2019
|
2019 | |
|
Microsoft Office LTSC for Mac 2024
Microsoft / Office
|
cpe:/a:microsoft:office:ltsc_for_mac_2024
|
LTSC for Mac 2024 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft PowerPoint 2016
Microsoft / PowerPoint
|
cpe:/a:microsoft:powerpoint:2016
|
2016 | |
|
Microsoft Office 2016
Microsoft / Office
|
cpe:/a:microsoft:office:2016
|
2016 | |
|
Microsoft Excel 2016
Microsoft / Excel
|
cpe:/a:microsoft:excel:2016
|
2016 | |
|
Microsoft SharePoint Server Subscription Edition
Microsoft / SharePoint
|
cpe:/a:microsoft:sharepoint:server_subscription_edition
|
Server Subscription Edition | |
|
Microsoft Office LTSC 2024
Microsoft / Office
|
cpe:/a:microsoft:office:ltsc_2024
|
LTSC 2024 | |
|
Microsoft Office LTSC for Mac 2021
Microsoft / Office
|
cpe:/a:microsoft:office:ltsc_for_mac_2021
|
LTSC for Mac 2021 | |
|
Microsoft Office LTSC 2021
Microsoft / Office
|
cpe:/a:microsoft:office:ltsc_2021
|
LTSC 2021 | |
|
Microsoft SharePoint Server 2019
Microsoft
|
cpe:/a:microsoft:sharepoint_server_2019:-
|
— | |
|
Microsoft 365 Apps
Microsoft
|
cpe:/a:microsoft:365_apps:-
|
— | |
|
Microsoft Office Online Server
Microsoft
|
cpe:/a:microsoft:office_online_server:-
|
— | |
|
Microsoft SharePoint Enterprise Server 2016
Microsoft / SharePoint
|
cpe:/a:microsoft:sharepoint:enterprise_server_2016
|
Enterprise Server 2016 | |
|
Microsoft Office 2019
Microsoft / Office
|
cpe:/a:microsoft:office:2019
|
2019 | |
|
Microsoft Office LTSC for Mac 2024
Microsoft / Office
|
cpe:/a:microsoft:office:ltsc_for_mac_2024
|
LTSC for Mac 2024 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft PowerPoint 2016
Microsoft / PowerPoint
|
cpe:/a:microsoft:powerpoint:2016
|
2016 | |
|
Microsoft Office 2016
Microsoft / Office
|
cpe:/a:microsoft:office:2016
|
2016 | |
|
Microsoft Excel 2016
Microsoft / Excel
|
cpe:/a:microsoft:excel:2016
|
2016 | |
|
Microsoft SharePoint Server Subscription Edition
Microsoft / SharePoint
|
cpe:/a:microsoft:sharepoint:server_subscription_edition
|
Server Subscription Edition | |
|
Microsoft Office LTSC 2024
Microsoft / Office
|
cpe:/a:microsoft:office:ltsc_2024
|
LTSC 2024 | |
|
Microsoft Office LTSC for Mac 2021
Microsoft / Office
|
cpe:/a:microsoft:office:ltsc_for_mac_2021
|
LTSC for Mac 2021 | |
|
Microsoft Office LTSC 2021
Microsoft / Office
|
cpe:/a:microsoft:office:ltsc_2021
|
LTSC 2021 | |
|
Microsoft SharePoint Server 2019
Microsoft
|
cpe:/a:microsoft:sharepoint_server_2019:-
|
— | |
|
Microsoft 365 Apps
Microsoft
|
cpe:/a:microsoft:365_apps:-
|
— | |
|
Microsoft Office Online Server
Microsoft
|
cpe:/a:microsoft:office_online_server:-
|
— | |
|
Microsoft SharePoint Enterprise Server 2016
Microsoft / SharePoint
|
cpe:/a:microsoft:sharepoint:enterprise_server_2016
|
Enterprise Server 2016 | |
|
Microsoft Office 2019
Microsoft / Office
|
cpe:/a:microsoft:office:2019
|
2019 | |
|
Microsoft Office LTSC for Mac 2024
Microsoft / Office
|
cpe:/a:microsoft:office:ltsc_for_mac_2024
|
LTSC for Mac 2024 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft PowerPoint 2016
Microsoft / PowerPoint
|
cpe:/a:microsoft:powerpoint:2016
|
2016 | |
|
Microsoft Office 2016
Microsoft / Office
|
cpe:/a:microsoft:office:2016
|
2016 | |
|
Microsoft Excel 2016
Microsoft / Excel
|
cpe:/a:microsoft:excel:2016
|
2016 | |
|
Microsoft SharePoint Server Subscription Edition
Microsoft / SharePoint
|
cpe:/a:microsoft:sharepoint:server_subscription_edition
|
Server Subscription Edition | |
|
Microsoft Office LTSC 2024
Microsoft / Office
|
cpe:/a:microsoft:office:ltsc_2024
|
LTSC 2024 | |
|
Microsoft Office LTSC for Mac 2021
Microsoft / Office
|
cpe:/a:microsoft:office:ltsc_for_mac_2021
|
LTSC for Mac 2021 | |
|
Microsoft Office LTSC 2021
Microsoft / Office
|
cpe:/a:microsoft:office:ltsc_2021
|
LTSC 2021 | |
|
Microsoft SharePoint Server 2019
Microsoft
|
cpe:/a:microsoft:sharepoint_server_2019:-
|
— | |
|
Microsoft 365 Apps
Microsoft
|
cpe:/a:microsoft:365_apps:-
|
— | |
|
Microsoft Office Online Server
Microsoft
|
cpe:/a:microsoft:office_online_server:-
|
— | |
|
Microsoft SharePoint Enterprise Server 2016
Microsoft / SharePoint
|
cpe:/a:microsoft:sharepoint:enterprise_server_2016
|
Enterprise Server 2016 | |
|
Microsoft Office 2019
Microsoft / Office
|
cpe:/a:microsoft:office:2019
|
2019 | |
|
Microsoft Office LTSC for Mac 2024
Microsoft / Office
|
cpe:/a:microsoft:office:ltsc_for_mac_2024
|
LTSC for Mac 2024 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft PowerPoint 2016
Microsoft / PowerPoint
|
cpe:/a:microsoft:powerpoint:2016
|
2016 | |
|
Microsoft Office 2016
Microsoft / Office
|
cpe:/a:microsoft:office:2016
|
2016 | |
|
Microsoft Excel 2016
Microsoft / Excel
|
cpe:/a:microsoft:excel:2016
|
2016 | |
|
Microsoft SharePoint Server Subscription Edition
Microsoft / SharePoint
|
cpe:/a:microsoft:sharepoint:server_subscription_edition
|
Server Subscription Edition | |
|
Microsoft Office LTSC 2024
Microsoft / Office
|
cpe:/a:microsoft:office:ltsc_2024
|
LTSC 2024 | |
|
Microsoft Office LTSC for Mac 2021
Microsoft / Office
|
cpe:/a:microsoft:office:ltsc_for_mac_2021
|
LTSC for Mac 2021 | |
|
Microsoft Office LTSC 2021
Microsoft / Office
|
cpe:/a:microsoft:office:ltsc_2021
|
LTSC 2021 | |
|
Microsoft SharePoint Server 2019
Microsoft
|
cpe:/a:microsoft:sharepoint_server_2019:-
|
— | |
|
Microsoft 365 Apps
Microsoft
|
cpe:/a:microsoft:365_apps:-
|
— | |
|
Microsoft Office Online Server
Microsoft
|
cpe:/a:microsoft:office_online_server:-
|
— | |
|
Microsoft SharePoint Enterprise Server 2016
Microsoft / SharePoint
|
cpe:/a:microsoft:sharepoint:enterprise_server_2016
|
Enterprise Server 2016 | |
|
Microsoft Office 2019
Microsoft / Office
|
cpe:/a:microsoft:office:2019
|
2019 | |
|
Microsoft Office LTSC for Mac 2024
Microsoft / Office
|
cpe:/a:microsoft:office:ltsc_for_mac_2024
|
LTSC for Mac 2024 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft PowerPoint 2016
Microsoft / PowerPoint
|
cpe:/a:microsoft:powerpoint:2016
|
2016 | |
|
Microsoft Office 2016
Microsoft / Office
|
cpe:/a:microsoft:office:2016
|
2016 | |
|
Microsoft Excel 2016
Microsoft / Excel
|
cpe:/a:microsoft:excel:2016
|
2016 | |
|
Microsoft SharePoint Server Subscription Edition
Microsoft / SharePoint
|
cpe:/a:microsoft:sharepoint:server_subscription_edition
|
Server Subscription Edition | |
|
Microsoft Office LTSC 2024
Microsoft / Office
|
cpe:/a:microsoft:office:ltsc_2024
|
LTSC 2024 | |
|
Microsoft Office LTSC for Mac 2021
Microsoft / Office
|
cpe:/a:microsoft:office:ltsc_for_mac_2021
|
LTSC for Mac 2021 | |
|
Microsoft Office LTSC 2021
Microsoft / Office
|
cpe:/a:microsoft:office:ltsc_2021
|
LTSC 2021 | |
|
Microsoft SharePoint Server 2019
Microsoft
|
cpe:/a:microsoft:sharepoint_server_2019:-
|
— | |
|
Microsoft 365 Apps
Microsoft
|
cpe:/a:microsoft:365_apps:-
|
— | |
|
Microsoft Office Online Server
Microsoft
|
cpe:/a:microsoft:office_online_server:-
|
— | |
|
Microsoft SharePoint Enterprise Server 2016
Microsoft / SharePoint
|
cpe:/a:microsoft:sharepoint:enterprise_server_2016
|
Enterprise Server 2016 | |
|
Microsoft Office 2019
Microsoft / Office
|
cpe:/a:microsoft:office:2019
|
2019 | |
|
Microsoft Office LTSC for Mac 2024
Microsoft / Office
|
cpe:/a:microsoft:office:ltsc_for_mac_2024
|
LTSC for Mac 2024 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft PowerPoint 2016
Microsoft / PowerPoint
|
cpe:/a:microsoft:powerpoint:2016
|
2016 | |
|
Microsoft Office 2016
Microsoft / Office
|
cpe:/a:microsoft:office:2016
|
2016 | |
|
Microsoft Excel 2016
Microsoft / Excel
|
cpe:/a:microsoft:excel:2016
|
2016 | |
|
Microsoft SharePoint Server Subscription Edition
Microsoft / SharePoint
|
cpe:/a:microsoft:sharepoint:server_subscription_edition
|
Server Subscription Edition | |
|
Microsoft Office LTSC 2024
Microsoft / Office
|
cpe:/a:microsoft:office:ltsc_2024
|
LTSC 2024 | |
|
Microsoft Office LTSC for Mac 2021
Microsoft / Office
|
cpe:/a:microsoft:office:ltsc_for_mac_2021
|
LTSC for Mac 2021 | |
|
Microsoft Office LTSC 2021
Microsoft / Office
|
cpe:/a:microsoft:office:ltsc_2021
|
LTSC 2021 | |
|
Microsoft SharePoint Server 2019
Microsoft
|
cpe:/a:microsoft:sharepoint_server_2019:-
|
— | |
|
Microsoft 365 Apps
Microsoft
|
cpe:/a:microsoft:365_apps:-
|
— | |
|
Microsoft Office Online Server
Microsoft
|
cpe:/a:microsoft:office_online_server:-
|
— | |
|
Microsoft SharePoint Enterprise Server 2016
Microsoft / SharePoint
|
cpe:/a:microsoft:sharepoint:enterprise_server_2016
|
Enterprise Server 2016 | |
|
Microsoft Office 2019
Microsoft / Office
|
cpe:/a:microsoft:office:2019
|
2019 | |
|
Microsoft Office LTSC for Mac 2024
Microsoft / Office
|
cpe:/a:microsoft:office:ltsc_for_mac_2024
|
LTSC for Mac 2024 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft PowerPoint 2016
Microsoft / PowerPoint
|
cpe:/a:microsoft:powerpoint:2016
|
2016 | |
|
Microsoft Office 2016
Microsoft / Office
|
cpe:/a:microsoft:office:2016
|
2016 | |
|
Microsoft Excel 2016
Microsoft / Excel
|
cpe:/a:microsoft:excel:2016
|
2016 | |
|
Microsoft SharePoint Server Subscription Edition
Microsoft / SharePoint
|
cpe:/a:microsoft:sharepoint:server_subscription_edition
|
Server Subscription Edition | |
|
Microsoft Office LTSC 2024
Microsoft / Office
|
cpe:/a:microsoft:office:ltsc_2024
|
LTSC 2024 | |
|
Microsoft Office LTSC for Mac 2021
Microsoft / Office
|
cpe:/a:microsoft:office:ltsc_for_mac_2021
|
LTSC for Mac 2021 | |
|
Microsoft Office LTSC 2021
Microsoft / Office
|
cpe:/a:microsoft:office:ltsc_2021
|
LTSC 2021 | |
|
Microsoft SharePoint Server 2019
Microsoft
|
cpe:/a:microsoft:sharepoint_server_2019:-
|
— | |
|
Microsoft 365 Apps
Microsoft
|
cpe:/a:microsoft:365_apps:-
|
— | |
|
Microsoft Office Online Server
Microsoft
|
cpe:/a:microsoft:office_online_server:-
|
— | |
|
Microsoft SharePoint Enterprise Server 2016
Microsoft / SharePoint
|
cpe:/a:microsoft:sharepoint:enterprise_server_2016
|
Enterprise Server 2016 | |
|
Microsoft Office 2019
Microsoft / Office
|
cpe:/a:microsoft:office:2019
|
2019 | |
|
Microsoft Office LTSC for Mac 2024
Microsoft / Office
|
cpe:/a:microsoft:office:ltsc_for_mac_2024
|
LTSC for Mac 2024 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft PowerPoint 2016
Microsoft / PowerPoint
|
cpe:/a:microsoft:powerpoint:2016
|
2016 | |
|
Microsoft Office 2016
Microsoft / Office
|
cpe:/a:microsoft:office:2016
|
2016 | |
|
Microsoft Excel 2016
Microsoft / Excel
|
cpe:/a:microsoft:excel:2016
|
2016 | |
|
Microsoft SharePoint Server Subscription Edition
Microsoft / SharePoint
|
cpe:/a:microsoft:sharepoint:server_subscription_edition
|
Server Subscription Edition | |
|
Microsoft Office LTSC 2024
Microsoft / Office
|
cpe:/a:microsoft:office:ltsc_2024
|
LTSC 2024 | |
|
Microsoft Office LTSC for Mac 2021
Microsoft / Office
|
cpe:/a:microsoft:office:ltsc_for_mac_2021
|
LTSC for Mac 2021 | |
|
Microsoft Office LTSC 2021
Microsoft / Office
|
cpe:/a:microsoft:office:ltsc_2021
|
LTSC 2021 | |
|
Microsoft SharePoint Server 2019
Microsoft
|
cpe:/a:microsoft:sharepoint_server_2019:-
|
— | |
|
Microsoft 365 Apps
Microsoft
|
cpe:/a:microsoft:365_apps:-
|
— | |
|
Microsoft Office Online Server
Microsoft
|
cpe:/a:microsoft:office_online_server:-
|
— | |
|
Microsoft SharePoint Enterprise Server 2016
Microsoft / SharePoint
|
cpe:/a:microsoft:sharepoint:enterprise_server_2016
|
Enterprise Server 2016 | |
|
Microsoft Office 2019
Microsoft / Office
|
cpe:/a:microsoft:office:2019
|
2019 | |
|
Microsoft Office LTSC for Mac 2024
Microsoft / Office
|
cpe:/a:microsoft:office:ltsc_for_mac_2024
|
LTSC for Mac 2024 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft PowerPoint 2016
Microsoft / PowerPoint
|
cpe:/a:microsoft:powerpoint:2016
|
2016 | |
|
Microsoft Office 2016
Microsoft / Office
|
cpe:/a:microsoft:office:2016
|
2016 | |
|
Microsoft Excel 2016
Microsoft / Excel
|
cpe:/a:microsoft:excel:2016
|
2016 | |
|
Microsoft SharePoint Server Subscription Edition
Microsoft / SharePoint
|
cpe:/a:microsoft:sharepoint:server_subscription_edition
|
Server Subscription Edition | |
|
Microsoft Office LTSC 2024
Microsoft / Office
|
cpe:/a:microsoft:office:ltsc_2024
|
LTSC 2024 | |
|
Microsoft Office LTSC for Mac 2021
Microsoft / Office
|
cpe:/a:microsoft:office:ltsc_for_mac_2021
|
LTSC for Mac 2021 | |
|
Microsoft Office LTSC 2021
Microsoft / Office
|
cpe:/a:microsoft:office:ltsc_2021
|
LTSC 2021 | |
|
Microsoft SharePoint Server 2019
Microsoft
|
cpe:/a:microsoft:sharepoint_server_2019:-
|
— | |
|
Microsoft 365 Apps
Microsoft
|
cpe:/a:microsoft:365_apps:-
|
— | |
|
Microsoft Office Online Server
Microsoft
|
cpe:/a:microsoft:office_online_server:-
|
— | |
|
Microsoft SharePoint Enterprise Server 2016
Microsoft / SharePoint
|
cpe:/a:microsoft:sharepoint:enterprise_server_2016
|
Enterprise Server 2016 | |
|
Microsoft Office 2019
Microsoft / Office
|
cpe:/a:microsoft:office:2019
|
2019 | |
|
Microsoft Office LTSC for Mac 2024
Microsoft / Office
|
cpe:/a:microsoft:office:ltsc_for_mac_2024
|
LTSC for Mac 2024 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft PowerPoint 2016
Microsoft / PowerPoint
|
cpe:/a:microsoft:powerpoint:2016
|
2016 | |
|
Microsoft Office 2016
Microsoft / Office
|
cpe:/a:microsoft:office:2016
|
2016 | |
|
Microsoft Excel 2016
Microsoft / Excel
|
cpe:/a:microsoft:excel:2016
|
2016 | |
|
Microsoft SharePoint Server Subscription Edition
Microsoft / SharePoint
|
cpe:/a:microsoft:sharepoint:server_subscription_edition
|
Server Subscription Edition | |
|
Microsoft Office LTSC 2024
Microsoft / Office
|
cpe:/a:microsoft:office:ltsc_2024
|
LTSC 2024 | |
|
Microsoft Office LTSC for Mac 2021
Microsoft / Office
|
cpe:/a:microsoft:office:ltsc_for_mac_2021
|
LTSC for Mac 2021 | |
|
Microsoft Office LTSC 2021
Microsoft / Office
|
cpe:/a:microsoft:office:ltsc_2021
|
LTSC 2021 | |
|
Microsoft SharePoint Server 2019
Microsoft
|
cpe:/a:microsoft:sharepoint_server_2019:-
|
— | |
|
Microsoft 365 Apps
Microsoft
|
cpe:/a:microsoft:365_apps:-
|
— | |
|
Microsoft Office Online Server
Microsoft
|
cpe:/a:microsoft:office_online_server:-
|
— | |
|
Microsoft SharePoint Enterprise Server 2016
Microsoft / SharePoint
|
cpe:/a:microsoft:sharepoint:enterprise_server_2016
|
Enterprise Server 2016 | |
|
Microsoft Office 2019
Microsoft / Office
|
cpe:/a:microsoft:office:2019
|
2019 | |
|
Microsoft Office LTSC for Mac 2024
Microsoft / Office
|
cpe:/a:microsoft:office:ltsc_for_mac_2024
|
LTSC for Mac 2024 |
References
3 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Die Microsoft Office Suite beinhaltet zahlreiche B\u00fcroanwendungen wie Textverarbeitung, Tabellenkalkulation, Datenbank und weitere Applikationen.\r\nMicrosoft Office Online Server ist ein Serverprodukt, das browserbasierte Versionen von Word, PowerPoint, Excel und OneNote bereitstellt. \r\nMicrosoft Sharepoint Services ist ein Portalsystem f\u00fcr die zentrale Verwaltung von Dokumenten und Anwendungen. Die Inhalte werden u.a. \u00fcber Webseiten zur Verf\u00fcgung gestellt.\r\nMicrosoft 365 Apps ist eine Office Suite f\u00fcr zahlreiche B\u00fcroanwendungen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Microsoft Excel, Microsoft PowerPoint, Microsoft Office, Microsoft Office Online Server, Microsoft SharePoint, Microsoft SharePoint Server 2019 und Microsoft 365 Apps ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu manipulieren und vertrauliche Informationen offenzulegen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- MacOS X\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-1102 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1102.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-1102 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1102"
},
{
"category": "external",
"summary": "Microsoft Leitfaden f\u00fcr Sicherheitsupdates",
"url": "https://msrc.microsoft.com/update-guide/"
}
],
"source_lang": "en-US",
"title": "Microsoft Office: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-04-14T22:00:00.000+00:00",
"generator": {
"date": "2026-04-15T07:14:15.473+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2026-1102",
"initial_release_date": "2026-04-14T22:00:00.000+00:00",
"revision_history": [
{
"date": "2026-04-14T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Microsoft 365 Apps",
"product": {
"name": "Microsoft 365 Apps",
"product_id": "T052804",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:365_apps:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "2016",
"product": {
"name": "Microsoft Excel 2016",
"product_id": "T052798",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:excel:2016"
}
}
}
],
"category": "product_name",
"name": "Excel"
},
{
"branches": [
{
"category": "product_version",
"name": "2019",
"product": {
"name": "Microsoft Office 2019",
"product_id": "902302",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:office:2019"
}
}
},
{
"category": "product_version",
"name": "2016",
"product": {
"name": "Microsoft Office 2016",
"product_id": "T052800",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:office:2016"
}
}
},
{
"category": "product_version",
"name": "LTSC for Mac 2021",
"product": {
"name": "Microsoft Office LTSC for Mac 2021",
"product_id": "T052805",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:office:ltsc_for_mac_2021"
}
}
},
{
"category": "product_version",
"name": "LTSC 2021",
"product": {
"name": "Microsoft Office LTSC 2021",
"product_id": "T052806",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:office:ltsc_2021"
}
}
},
{
"category": "product_version",
"name": "LTSC 2024",
"product": {
"name": "Microsoft Office LTSC 2024",
"product_id": "T052808",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:office:ltsc_2024"
}
}
},
{
"category": "product_version",
"name": "LTSC for Mac 2024",
"product": {
"name": "Microsoft Office LTSC for Mac 2024",
"product_id": "T052809",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:office:ltsc_for_mac_2024"
}
}
}
],
"category": "product_name",
"name": "Office"
},
{
"category": "product_name",
"name": "Microsoft Office Online Server",
"product": {
"name": "Microsoft Office Online Server",
"product_id": "T052801",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:office_online_server:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "2016",
"product": {
"name": "Microsoft PowerPoint 2016",
"product_id": "T052799",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:powerpoint:2016"
}
}
}
],
"category": "product_name",
"name": "PowerPoint"
},
{
"branches": [
{
"category": "product_version",
"name": "Enterprise Server 2016",
"product": {
"name": "Microsoft SharePoint Enterprise Server 2016",
"product_id": "T052802",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:sharepoint:enterprise_server_2016"
}
}
},
{
"category": "product_version",
"name": "Server Subscription Edition",
"product": {
"name": "Microsoft SharePoint Server Subscription Edition",
"product_id": "T052807",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:sharepoint:server_subscription_edition"
}
}
}
],
"category": "product_name",
"name": "SharePoint"
},
{
"category": "product_name",
"name": "Microsoft SharePoint Server 2019",
"product": {
"name": "Microsoft SharePoint Server 2019",
"product_id": "T052803",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:sharepoint_server_2019:-"
}
}
}
],
"category": "vendor",
"name": "Microsoft"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-20945",
"product_status": {
"known_affected": [
"T052799",
"T052800",
"T052798",
"T052807",
"T052808",
"T052805",
"T052806",
"T052803",
"T052804",
"T052801",
"T052802",
"902302",
"T052809"
]
},
"release_date": "2026-04-14T22:00:00.000+00:00",
"title": "CVE-2026-20945"
},
{
"cve": "CVE-2026-23657",
"product_status": {
"known_affected": [
"T052799",
"T052800",
"T052798",
"T052807",
"T052808",
"T052805",
"T052806",
"T052803",
"T052804",
"T052801",
"T052802",
"902302",
"T052809"
]
},
"release_date": "2026-04-14T22:00:00.000+00:00",
"title": "CVE-2026-23657"
},
{
"cve": "CVE-2026-32188",
"product_status": {
"known_affected": [
"T052799",
"T052800",
"T052798",
"T052807",
"T052808",
"T052805",
"T052806",
"T052803",
"T052804",
"T052801",
"T052802",
"902302",
"T052809"
]
},
"release_date": "2026-04-14T22:00:00.000+00:00",
"title": "CVE-2026-32188"
},
{
"cve": "CVE-2026-32189",
"product_status": {
"known_affected": [
"T052799",
"T052800",
"T052798",
"T052807",
"T052808",
"T052805",
"T052806",
"T052803",
"T052804",
"T052801",
"T052802",
"902302",
"T052809"
]
},
"release_date": "2026-04-14T22:00:00.000+00:00",
"title": "CVE-2026-32189"
},
{
"cve": "CVE-2026-32190",
"product_status": {
"known_affected": [
"T052799",
"T052800",
"T052798",
"T052807",
"T052808",
"T052805",
"T052806",
"T052803",
"T052804",
"T052801",
"T052802",
"902302",
"T052809"
]
},
"release_date": "2026-04-14T22:00:00.000+00:00",
"title": "CVE-2026-32190"
},
{
"cve": "CVE-2026-32197",
"product_status": {
"known_affected": [
"T052799",
"T052800",
"T052798",
"T052807",
"T052808",
"T052805",
"T052806",
"T052803",
"T052804",
"T052801",
"T052802",
"902302",
"T052809"
]
},
"release_date": "2026-04-14T22:00:00.000+00:00",
"title": "CVE-2026-32197"
},
{
"cve": "CVE-2026-32198",
"product_status": {
"known_affected": [
"T052799",
"T052800",
"T052798",
"T052807",
"T052808",
"T052805",
"T052806",
"T052803",
"T052804",
"T052801",
"T052802",
"902302",
"T052809"
]
},
"release_date": "2026-04-14T22:00:00.000+00:00",
"title": "CVE-2026-32198"
},
{
"cve": "CVE-2026-32199",
"product_status": {
"known_affected": [
"T052799",
"T052800",
"T052798",
"T052807",
"T052808",
"T052805",
"T052806",
"T052803",
"T052804",
"T052801",
"T052802",
"902302",
"T052809"
]
},
"release_date": "2026-04-14T22:00:00.000+00:00",
"title": "CVE-2026-32199"
},
{
"cve": "CVE-2026-32200",
"product_status": {
"known_affected": [
"T052799",
"T052800",
"T052798",
"T052807",
"T052808",
"T052805",
"T052806",
"T052803",
"T052804",
"T052801",
"T052802",
"902302",
"T052809"
]
},
"release_date": "2026-04-14T22:00:00.000+00:00",
"title": "CVE-2026-32200"
},
{
"cve": "CVE-2026-32201",
"product_status": {
"known_affected": [
"T052799",
"T052800",
"T052798",
"T052807",
"T052808",
"T052805",
"T052806",
"T052803",
"T052804",
"T052801",
"T052802",
"902302",
"T052809"
]
},
"release_date": "2026-04-14T22:00:00.000+00:00",
"title": "CVE-2026-32201"
},
{
"cve": "CVE-2026-33095",
"product_status": {
"known_affected": [
"T052799",
"T052800",
"T052798",
"T052807",
"T052808",
"T052805",
"T052806",
"T052803",
"T052804",
"T052801",
"T052802",
"902302",
"T052809"
]
},
"release_date": "2026-04-14T22:00:00.000+00:00",
"title": "CVE-2026-33095"
},
{
"cve": "CVE-2026-33114",
"product_status": {
"known_affected": [
"T052799",
"T052800",
"T052798",
"T052807",
"T052808",
"T052805",
"T052806",
"T052803",
"T052804",
"T052801",
"T052802",
"902302",
"T052809"
]
},
"release_date": "2026-04-14T22:00:00.000+00:00",
"title": "CVE-2026-33114"
},
{
"cve": "CVE-2026-33115",
"product_status": {
"known_affected": [
"T052799",
"T052800",
"T052798",
"T052807",
"T052808",
"T052805",
"T052806",
"T052803",
"T052804",
"T052801",
"T052802",
"902302",
"T052809"
]
},
"release_date": "2026-04-14T22:00:00.000+00:00",
"title": "CVE-2026-33115"
},
{
"cve": "CVE-2026-33822",
"product_status": {
"known_affected": [
"T052799",
"T052800",
"T052798",
"T052807",
"T052808",
"T052805",
"T052806",
"T052803",
"T052804",
"T052801",
"T052802",
"902302",
"T052809"
]
},
"release_date": "2026-04-14T22:00:00.000+00:00",
"title": "CVE-2026-33822"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…