Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    1096 vulnerabilities found for sharepoint_server by microsoft

    CVE-2026-58277 (GCVE-0-2026-58277)

    Vulnerability from nvd – Published: 2026-07-14 17:09 – Updated: 2026-07-17 21:33
    VLAI
    Title
    Microsoft SharePoint Elevation of Privilege Vulnerability
    Summary
    Improper authorization in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft SharePoint Enterprise Server 2016 Affected: 16.0.0 , < 16.0.5561.1001 (custom)
    Create a notification for this product.
    Microsoft Microsoft SharePoint Server 2019 Affected: 16.0.0 , < 16.0.10417.20175 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-58277",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-13T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T03:57:23.574Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Enterprise Server 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1001",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.10417.20175",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server_2016:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "16.0.5561.1001",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.0.10417.20175",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Improper authorization in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "CWE-285: Improper Authorization",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T21:33:36.455Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft SharePoint Elevation of Privilege Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-58277"
            }
          ],
          "title": "Microsoft SharePoint Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-58277",
        "datePublished": "2026-07-14T17:09:43.419Z",
        "dateReserved": "2026-06-29T21:59:30.870Z",
        "dateUpdated": "2026-07-17T21:33:36.455Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-56192 (GCVE-0-2026-56192)

    Vulnerability from nvd – Published: 2026-07-14 17:09 – Updated: 2026-07-17 21:33
    VLAI
    Title
    Microsoft Office Information Disclosure Vulnerability
    Summary
    Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft 365 Apps for Enterprise Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2016 Affected: 16.0.0 , < 16.0.5561.1000 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2019 Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 365 for Mac Affected: 1.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2021 Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2024 Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2021 Affected: 16.0.1 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2024 Affected: 16.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft SharePoint Enterprise Server 2016 Affected: 16.0.0 , < 16.0.5561.1001 (custom)
    Create a notification for this product.
    Microsoft Microsoft SharePoint Server 2019 Affected: 16.0.0 , < 16.0.10417.20175 (custom)
    Create a notification for this product.
    Microsoft Microsoft SharePoint Server Subscription Edition Affected: 16.0.0 , < 16.0.19725.20434 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-56192",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-16T14:20:32.955984Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-16T14:20:43.739Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft 365 Apps for Enterprise",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1000",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office 365 for Mac",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Enterprise Server 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1001",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.10417.20175",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Server Subscription Edition",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.19725.20434",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server_2016:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "16.0.5561.1001",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.0.10417.20175",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*",
                      "versionEndExcluding": "16.0.19725.20434",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2016:*:*:*:*:*:*:x86:*",
                      "versionEndExcluding": "16.0.5561.1000",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_365:*:*:*:*:*:macos:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125: Out-of-bounds Read",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T21:33:16.038Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Office Information Disclosure Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-56192"
            }
          ],
          "title": "Microsoft Office Information Disclosure Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-56192",
        "datePublished": "2026-07-14T17:09:22.693Z",
        "dateReserved": "2026-06-19T13:54:04.006Z",
        "dateUpdated": "2026-07-17T21:33:16.038Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-56157 (GCVE-0-2026-56157)

    Vulnerability from nvd – Published: 2026-07-14 17:09 – Updated: 2026-07-17 21:33
    VLAI
    Title
    Microsoft SharePoint Server Spoofing Vulnerability
    Summary
    Improper access control in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    References
    Impacted products
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-56157",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T18:50:12.077838Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T18:50:17.082Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Enterprise Server 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1001",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.10417.20175",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Server Subscription Edition",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.19725.20434",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server_2016:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "16.0.5561.1001",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.0.10417.20175",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*",
                      "versionEndExcluding": "16.0.19725.20434",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Improper access control in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284: Improper Access Control",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T21:33:06.249Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft SharePoint Server Spoofing Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-56157"
            }
          ],
          "title": "Microsoft SharePoint Server Spoofing Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-56157",
        "datePublished": "2026-07-14T17:09:13.214Z",
        "dateReserved": "2026-06-19T13:53:31.988Z",
        "dateUpdated": "2026-07-17T21:33:06.249Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55142 (GCVE-0-2026-55142)

    Vulnerability from nvd – Published: 2026-07-14 17:09 – Updated: 2026-07-17 21:32
    VLAI
    Title
    Microsoft Word Information Disclosure Vulnerability
    Summary
    Numeric truncation error in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-197 - Numeric Truncation Error
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft 365 Apps for Enterprise Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2019 Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 365 for Mac Affected: 1.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2021 Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2024 Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft SharePoint Enterprise Server 2016 Affected: 16.0.0 , < 16.0.5561.1001 (custom)
    Create a notification for this product.
    Microsoft Microsoft SharePoint Server 2019 Affected: 16.0.0 , < 16.0.10417.20175 (custom)
    Create a notification for this product.
    Microsoft Microsoft SharePoint Server Subscription Edition Affected: 16.0.0 , < 16.0.19725.20434 (custom)
    Create a notification for this product.
    Microsoft Microsoft Word 2016 Affected: 16.0.1 , < 16.0.5561.1000 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55142",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T19:00:16.518724Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T19:00:27.148Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft 365 Apps for Enterprise",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office 365 for Mac",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Enterprise Server 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1001",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.10417.20175",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Server Subscription Edition",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.19725.20434",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Word 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1000",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_365:*:*:*:*:*:macos:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server_2016:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "16.0.5561.1001",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.0.10417.20175",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*",
                      "versionEndExcluding": "16.0.19725.20434",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:word_2016:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.0.5561.1000",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Numeric truncation error in Microsoft Office Word allows an unauthorized attacker to disclose information locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-197",
                  "description": "CWE-197: Numeric Truncation Error",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T21:32:54.149Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Word Information Disclosure Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55142"
            }
          ],
          "title": "Microsoft Word Information Disclosure Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-55142",
        "datePublished": "2026-07-14T17:09:01.202Z",
        "dateReserved": "2026-06-16T15:03:49.682Z",
        "dateUpdated": "2026-07-17T21:32:54.149Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55135 (GCVE-0-2026-55135)

    Vulnerability from nvd – Published: 2026-07-14 17:09 – Updated: 2026-07-17 21:33
    VLAI
    Title
    Microsoft SharePoint Server Spoofing Vulnerability
    Summary
    Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55135",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-16T14:08:11.165075Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-16T14:10:30.389Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Enterprise Server 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1001",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.10417.20175",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Server Subscription Edition",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.19725.20434",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server_2016:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "16.0.5561.1001",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.0.10417.20175",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*",
                      "versionEndExcluding": "16.0.19725.20434",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Improper neutralization of input during web page generation (\u0027cross-site scripting\u0027) in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T21:33:00.445Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft SharePoint Server Spoofing Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55135"
            }
          ],
          "title": "Microsoft SharePoint Server Spoofing Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-55135",
        "datePublished": "2026-07-14T17:09:07.524Z",
        "dateReserved": "2026-06-16T15:03:49.681Z",
        "dateUpdated": "2026-07-17T21:33:00.445Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55134 (GCVE-0-2026-55134)

    Vulnerability from nvd – Published: 2026-07-14 17:08 – Updated: 2026-07-17 21:32
    VLAI
    Title
    Microsoft Word Remote Code Execution Vulnerability
    Summary
    Stack-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft 365 Apps for Enterprise Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2019 Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 365 for Mac Affected: 1.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2021 Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2024 Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2021 Affected: 16.0.1 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2024 Affected: 16.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft SharePoint Enterprise Server 2016 Affected: 16.0.0 , < 16.0.5561.1001 (custom)
    Create a notification for this product.
    Microsoft Microsoft SharePoint Server 2019 Affected: 16.0.0 , < 16.0.10417.20175 (custom)
    Create a notification for this product.
    Microsoft Microsoft SharePoint Server Subscription Edition Affected: 16.0.0 , < 16.0.19725.20434 (custom)
    Create a notification for this product.
    Microsoft Microsoft Word 2016 Affected: 16.0.1 , < 16.0.5561.1000 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55134",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-15T03:57:01.477674Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T11:04:14.894Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft 365 Apps for Enterprise",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office 365 for Mac",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Enterprise Server 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1001",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.10417.20175",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Server Subscription Edition",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.19725.20434",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Word 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1000",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_365:*:*:*:*:*:macos:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server_2016:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "16.0.5561.1001",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.0.10417.20175",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*",
                      "versionEndExcluding": "16.0.19725.20434",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:word_2016:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.0.5561.1000",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Stack-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121: Stack-based Buffer Overflow",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T21:32:52.472Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Word Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55134"
            }
          ],
          "title": "Microsoft Word Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-55134",
        "datePublished": "2026-07-14T17:08:59.548Z",
        "dateReserved": "2026-06-16T15:03:49.681Z",
        "dateUpdated": "2026-07-17T21:32:52.472Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55132 (GCVE-0-2026-55132)

    Vulnerability from nvd – Published: 2026-07-14 17:08 – Updated: 2026-07-17 21:32
    VLAI
    Title
    Microsoft Word Remote Code Execution Vulnerability
    Summary
    Double free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft 365 Apps for Enterprise Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2019 Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 365 for Mac Affected: 1.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2021 Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2024 Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2021 Affected: 16.0.1 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2024 Affected: 16.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft SharePoint Enterprise Server 2016 Affected: 16.0.0 , < 16.0.5561.1001 (custom)
    Create a notification for this product.
    Microsoft Microsoft SharePoint Server 2019 Affected: 16.0.0 , < 16.0.10417.20175 (custom)
    Create a notification for this product.
    Microsoft Microsoft SharePoint Server Subscription Edition Affected: 16.0.0 , < 16.0.19725.20434 (custom)
    Create a notification for this product.
    Microsoft Microsoft Word 2016 Affected: 16.0.1 , < 16.0.5561.1000 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55132",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-10T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T03:57:02.056Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft 365 Apps for Enterprise",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office 365 for Mac",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Enterprise Server 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1001",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.10417.20175",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Server Subscription Edition",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.19725.20434",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Word 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1000",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_365:*:*:*:*:*:macos:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server_2016:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "16.0.5561.1001",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.0.10417.20175",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*",
                      "versionEndExcluding": "16.0.19725.20434",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:word_2016:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.0.5561.1000",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Double free in Microsoft Office Word allows an unauthorized attacker to execute code locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-415",
                  "description": "CWE-415: Double Free",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T21:32:48.069Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Word Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55132"
            }
          ],
          "title": "Microsoft Word Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-55132",
        "datePublished": "2026-07-14T17:08:55.152Z",
        "dateReserved": "2026-06-16T15:03:49.681Z",
        "dateUpdated": "2026-07-17T21:32:48.069Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55130 (GCVE-0-2026-55130)

    Vulnerability from nvd – Published: 2026-07-14 17:09 – Updated: 2026-07-17 21:32
    VLAI
    Title
    Microsoft Word Remote Code Execution Vulnerability
    Summary
    Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft 365 Apps for Enterprise Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2019 Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2021 Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2024 Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft SharePoint Enterprise Server 2016 Affected: 16.0.0 , < 16.0.5561.1001 (custom)
    Create a notification for this product.
    Microsoft Microsoft SharePoint Server 2019 Affected: 16.0.0 , < 16.0.10417.20175 (custom)
    Create a notification for this product.
    Microsoft Microsoft SharePoint Server Subscription Edition Affected: 16.0.0 , < 16.0.19725.20434 (custom)
    Create a notification for this product.
    Microsoft Microsoft Word 2016 Affected: 16.0.1 , < 16.0.5561.1000 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55130",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T19:05:07.438529Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T19:06:13.648Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft 365 Apps for Enterprise",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Enterprise Server 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1001",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.10417.20175",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Server Subscription Edition",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.19725.20434",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Word 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1000",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server_2016:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "16.0.5561.1001",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.0.10417.20175",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*",
                      "versionEndExcluding": "16.0.19725.20434",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:word_2016:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.0.5561.1000",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T21:32:55.746Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Word Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55130"
            }
          ],
          "title": "Microsoft Word Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-55130",
        "datePublished": "2026-07-14T17:09:02.968Z",
        "dateReserved": "2026-06-16T15:03:49.681Z",
        "dateUpdated": "2026-07-17T21:32:55.746Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55128 (GCVE-0-2026-55128)

    Vulnerability from nvd – Published: 2026-07-14 17:09 – Updated: 2026-07-17 21:32
    VLAI
    Title
    Microsoft Word Remote Code Execution Vulnerability
    Summary
    Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft 365 Apps for Enterprise Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2019 Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 365 for Mac Affected: 1.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2021 Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2024 Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2021 Affected: 16.0.1 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2024 Affected: 16.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft SharePoint Enterprise Server 2016 Affected: 16.0.0 , < 16.0.5561.1001 (custom)
    Create a notification for this product.
    Microsoft Microsoft SharePoint Server 2019 Affected: 16.0.0 , < 16.0.10417.20175 (custom)
    Create a notification for this product.
    Microsoft Microsoft SharePoint Server Subscription Edition Affected: 16.0.0 , < 16.0.19725.20434 (custom)
    Create a notification for this product.
    Microsoft Microsoft Word 2016 Affected: 16.0.1 , < 16.0.5561.1000 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55128",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-15T03:57:04.985731Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T11:03:59.784Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft 365 Apps for Enterprise",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office 365 for Mac",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Enterprise Server 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1001",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.10417.20175",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Server Subscription Edition",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.19725.20434",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Word 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1000",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server_2016:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "16.0.5561.1001",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.0.10417.20175",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*",
                      "versionEndExcluding": "16.0.19725.20434",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:word_2016:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.0.5561.1000",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_365:*:*:*:*:*:macos:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416: Use After Free",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T21:32:55.279Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Word Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55128"
            }
          ],
          "title": "Microsoft Word Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-55128",
        "datePublished": "2026-07-14T17:09:02.323Z",
        "dateReserved": "2026-06-16T15:03:49.681Z",
        "dateUpdated": "2026-07-17T21:32:55.279Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55127 (GCVE-0-2026-55127)

    Vulnerability from nvd – Published: 2026-07-14 17:08 – Updated: 2026-07-17 21:32
    VLAI
    Title
    Microsoft Word Remote Code Execution Vulnerability
    Summary
    Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft 365 Apps for Enterprise Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2019 Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 365 for Mac Affected: 1.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2021 Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2024 Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2021 Affected: 16.0.1 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2024 Affected: 16.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft SharePoint Enterprise Server 2016 Affected: 16.0.0 , < 16.0.5561.1001 (custom)
    Create a notification for this product.
    Microsoft Microsoft SharePoint Server 2019 Affected: 16.0.0 , < 16.0.10417.20175 (custom)
    Create a notification for this product.
    Microsoft Microsoft SharePoint Server Subscription Edition Affected: 16.0.0 , < 16.0.19725.20434 (custom)
    Create a notification for this product.
    Microsoft Microsoft Word 2016 Affected: 16.0.1 , < 16.0.5561.1000 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55127",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-10T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T03:57:03.557Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft 365 Apps for Enterprise",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office 365 for Mac",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Enterprise Server 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1001",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.10417.20175",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Server Subscription Edition",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.19725.20434",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Word 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1000",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.0.10417.20175",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:word_2016:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.0.5561.1000",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*",
                      "versionEndExcluding": "16.0.19725.20434",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_365:*:*:*:*:*:macos:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server_2016:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "16.0.5561.1001",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T21:32:38.540Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Word Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55127"
            }
          ],
          "title": "Microsoft Word Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-55127",
        "datePublished": "2026-07-14T17:08:48.385Z",
        "dateReserved": "2026-06-16T15:03:49.681Z",
        "dateUpdated": "2026-07-17T21:32:38.540Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55126 (GCVE-0-2026-55126)

    Vulnerability from nvd – Published: 2026-07-14 17:08 – Updated: 2026-07-17 21:32
    VLAI
    Title
    Microsoft SharePoint Server Spoofing Vulnerability
    Summary
    Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55126",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-13T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T03:57:19.610Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Enterprise Server 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1001",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.10417.20175",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Server Subscription Edition",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.19725.20434",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server_2016:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "16.0.5561.1001",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.0.10417.20175",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*",
                      "versionEndExcluding": "16.0.19725.20434",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Improper neutralization of input during web page generation (\u0027cross-site scripting\u0027) in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T21:32:51.464Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft SharePoint Server Spoofing Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55126"
            }
          ],
          "title": "Microsoft SharePoint Server Spoofing Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-55126",
        "datePublished": "2026-07-14T17:08:58.373Z",
        "dateReserved": "2026-06-16T15:03:49.680Z",
        "dateUpdated": "2026-07-17T21:32:51.464Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55125 (GCVE-0-2026-55125)

    Vulnerability from nvd – Published: 2026-07-14 17:08 – Updated: 2026-07-17 21:32
    VLAI
    Title
    Microsoft Office Remote Code Execution Vulnerability
    Summary
    Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft 365 Apps for Enterprise Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2016 Affected: 16.0.0 , < 16.0.5561.1000 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2019 Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 365 for Mac Affected: 1.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2021 Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2024 Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2021 Affected: 16.0.1 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2024 Affected: 16.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft SharePoint Enterprise Server 2016 Affected: 16.0.0 , < 16.0.5561.1001 (custom)
    Create a notification for this product.
    Microsoft Microsoft SharePoint Server 2019 Affected: 16.0.0 , < 16.0.10417.20175 (custom)
    Create a notification for this product.
    Microsoft Microsoft SharePoint Server Subscription Edition Affected: 16.0.0 , < 16.0.19725.20434 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55125",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-15T03:56:35.580780Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T11:09:12.586Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft 365 Apps for Enterprise",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1000",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office 365 for Mac",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Enterprise Server 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1001",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.10417.20175",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Server Subscription Edition",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.19725.20434",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server_2016:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "16.0.5561.1001",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.0.10417.20175",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*",
                      "versionEndExcluding": "16.0.19725.20434",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2016:*:*:*:*:*:*:x86:*",
                      "versionEndExcluding": "16.0.5561.1000",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_365:*:*:*:*:*:macos:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T21:32:28.208Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Office Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55125"
            }
          ],
          "title": "Microsoft Office Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-55125",
        "datePublished": "2026-07-14T17:08:38.525Z",
        "dateReserved": "2026-06-16T15:03:49.680Z",
        "dateUpdated": "2026-07-17T21:32:28.208Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55124 (GCVE-0-2026-55124)

    Vulnerability from nvd – Published: 2026-07-14 17:08 – Updated: 2026-07-17 21:32
    VLAI
    Title
    Microsoft Word Information Disclosure Vulnerability
    Summary
    Improper validation of specified type of input in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1287 - Improper Validation of Specified Type of Input
    • CWE-20 - Improper Input Validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft 365 Apps for Enterprise Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2019 Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 365 for Mac Affected: 1.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2021 Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2024 Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2021 Affected: 16.0.1 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2024 Affected: 16.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft SharePoint Enterprise Server 2016 Affected: 16.0.0 , < 16.0.5561.1001 (custom)
    Create a notification for this product.
    Microsoft Microsoft SharePoint Server 2019 Affected: 16.0.0 , < 16.0.10417.20175 (custom)
    Create a notification for this product.
    Microsoft Microsoft SharePoint Server Subscription Edition Affected: 16.0.0 , < 16.0.19725.20434 (custom)
    Create a notification for this product.
    Microsoft Microsoft Word 2016 Affected: 16.0.1 , < 16.0.5561.1000 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55124",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T19:07:32.233924Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T19:08:30.186Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft 365 Apps for Enterprise",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office 365 for Mac",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Enterprise Server 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1001",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.10417.20175",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Server Subscription Edition",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.19725.20434",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Word 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1000",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server_2016:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "16.0.5561.1001",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.0.10417.20175",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*",
                      "versionEndExcluding": "16.0.19725.20434",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:word_2016:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.0.5561.1000",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_365:*:*:*:*:*:macos:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Improper validation of specified type of input in Microsoft Office Word allows an unauthorized attacker to disclose information locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1287",
                  "description": "CWE-1287: Improper Validation of Specified Type of Input",
                  "lang": "en-US",
                  "type": "CWE"
                },
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20: Improper Input Validation",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T21:32:37.922Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Word Information Disclosure Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55124"
            }
          ],
          "title": "Microsoft Word Information Disclosure Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-55124",
        "datePublished": "2026-07-14T17:08:47.741Z",
        "dateReserved": "2026-06-16T15:03:49.680Z",
        "dateUpdated": "2026-07-17T21:32:37.922Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55121 (GCVE-0-2026-55121)

    Vulnerability from nvd – Published: 2026-07-14 17:10 – Updated: 2026-07-17 21:34
    VLAI
    Title
    Microsoft Office Information Disclosure Vulnerability
    Summary
    Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft 365 Apps for Enterprise Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2016 Affected: 16.0.0 , < 16.0.5561.1000 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2019 Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 365 for Mac Affected: 1.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2021 Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2024 Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2021 Affected: 16.0.1 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2024 Affected: 16.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft SharePoint Enterprise Server 2016 Affected: 16.0.0 , < 16.0.5561.1001 (custom)
    Create a notification for this product.
    Microsoft Microsoft SharePoint Server 2019 Affected: 16.0.0 , < 16.0.10417.20175 (custom)
    Create a notification for this product.
    Microsoft Microsoft SharePoint Server Subscription Edition Affected: 16.0.0 , < 16.0.19725.20434 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55121",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T17:46:06.794813Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T17:46:13.578Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft 365 Apps for Enterprise",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1000",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office 365 for Mac",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Enterprise Server 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1001",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.10417.20175",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Server Subscription Edition",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.19725.20434",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_365:*:*:*:*:*:macos:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server_2016:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "16.0.5561.1001",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.0.10417.20175",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*",
                      "versionEndExcluding": "16.0.19725.20434",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2016:*:*:*:*:*:*:x86:*",
                      "versionEndExcluding": "16.0.5561.1000",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125: Out-of-bounds Read",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T21:34:16.128Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Office Information Disclosure Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55121"
            }
          ],
          "title": "Microsoft Office Information Disclosure Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-55121",
        "datePublished": "2026-07-14T17:10:17.586Z",
        "dateReserved": "2026-06-16T15:03:49.680Z",
        "dateUpdated": "2026-07-17T21:34:16.128Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55055 (GCVE-0-2026-55055)

    Vulnerability from nvd – Published: 2026-07-14 17:08 – Updated: 2026-07-17 21:32
    VLAI
    Title
    Microsoft Word Remote Code Execution Vulnerability
    Summary
    Stack-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft 365 Apps for Enterprise Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2019 Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 365 for Mac Affected: 1.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2021 Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2024 Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2021 Affected: 16.0.1 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2024 Affected: 16.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft SharePoint Enterprise Server 2016 Affected: 16.0.0 , < 16.0.5561.1001 (custom)
    Create a notification for this product.
    Microsoft Microsoft SharePoint Server 2019 Affected: 16.0.0 , < 16.0.10417.20175 (custom)
    Create a notification for this product.
    Microsoft Microsoft SharePoint Server Subscription Edition Affected: 16.0.0 , < 16.0.19725.20434 (custom)
    Create a notification for this product.
    Microsoft Microsoft Word 2016 Affected: 16.0.1 , < 16.0.5561.1000 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55055",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-15T03:57:05.771055Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T11:03:45.353Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft 365 Apps for Enterprise",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office 365 for Mac",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Enterprise Server 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1001",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.10417.20175",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Server Subscription Edition",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.19725.20434",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Word 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1000",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server_2016:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "16.0.5561.1001",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.0.10417.20175",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*",
                      "versionEndExcluding": "16.0.19725.20434",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:word_2016:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.0.5561.1000",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_365:*:*:*:*:*:macos:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Stack-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121: Stack-based Buffer Overflow",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T21:32:45.597Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Word Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55055"
            }
          ],
          "title": "Microsoft Word Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-55055",
        "datePublished": "2026-07-14T17:08:52.454Z",
        "dateReserved": "2026-06-16T14:13:49.836Z",
        "dateUpdated": "2026-07-17T21:32:45.597Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55052 (GCVE-0-2026-55052)

    Vulnerability from nvd – Published: 2026-07-14 17:09 – Updated: 2026-07-17 21:32
    VLAI
    Title
    Microsoft SharePoint Elevation of Privilege Vulnerability
    Summary
    Missing authorization in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55052",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-13T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T03:57:24.373Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Enterprise Server 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1001",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.10417.20175",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Server Subscription Edition",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.19725.20434",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server_2016:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "16.0.5561.1001",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.0.10417.20175",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*",
                      "versionEndExcluding": "16.0.19725.20434",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Missing authorization in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862: Missing Authorization",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T21:32:59.902Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft SharePoint Elevation of Privilege Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55052"
            }
          ],
          "title": "Microsoft SharePoint Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-55052",
        "datePublished": "2026-07-14T17:09:06.976Z",
        "dateReserved": "2026-06-16T14:13:49.836Z",
        "dateUpdated": "2026-07-17T21:32:59.902Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55051 (GCVE-0-2026-55051)

    Vulnerability from nvd – Published: 2026-07-14 17:08 – Updated: 2026-07-17 21:32
    VLAI
    Title
    Microsoft SharePoint Server Information Disclosure Vulnerability
    Summary
    Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to disclose information over a network.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    References
    Impacted products
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55051",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T19:15:59.362366Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T19:16:23.067Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Enterprise Server 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1001",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.10417.20175",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Server Subscription Edition",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.19725.20434",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server_2016:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "16.0.5561.1001",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.0.10417.20175",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*",
                      "versionEndExcluding": "16.0.19725.20434",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to disclose information over a network."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918: Server-Side Request Forgery (SSRF)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T21:32:51.929Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft SharePoint Server Information Disclosure Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55051"
            }
          ],
          "title": "Microsoft SharePoint Server Information Disclosure Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-55051",
        "datePublished": "2026-07-14T17:08:58.921Z",
        "dateReserved": "2026-06-16T14:13:49.836Z",
        "dateUpdated": "2026-07-17T21:32:51.929Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55050 (GCVE-0-2026-55050)

    Vulnerability from nvd – Published: 2026-07-14 17:08 – Updated: 2026-07-17 21:32
    VLAI
    Title
    Microsoft Word Information Disclosure Vulnerability
    Summary
    Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft 365 Apps for Enterprise Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2019 Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 365 for Mac Affected: 1.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2021 Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2024 Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2021 Affected: 16.0.1 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2024 Affected: 16.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft SharePoint Enterprise Server 2016 Affected: 16.0.0 , < 16.0.5561.1001 (custom)
    Create a notification for this product.
    Microsoft Microsoft SharePoint Server 2019 Affected: 16.0.0 , < 16.0.10417.20175 (custom)
    Create a notification for this product.
    Microsoft Microsoft SharePoint Server Subscription Edition Affected: 16.0.0 , < 16.0.19725.20434 (custom)
    Create a notification for this product.
    Microsoft Microsoft Word 2016 Affected: 16.0.1 , < 16.0.5561.1000 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55050",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-16T14:03:53.825147Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-16T14:06:52.530Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft 365 Apps for Enterprise",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office 365 for Mac",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Enterprise Server 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1001",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.10417.20175",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Server Subscription Edition",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.19725.20434",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Word 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1000",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_365:*:*:*:*:*:macos:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server_2016:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "16.0.5561.1001",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.0.10417.20175",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*",
                      "versionEndExcluding": "16.0.19725.20434",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:word_2016:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.0.5561.1000",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to disclose information locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125: Out-of-bounds Read",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T21:32:34.510Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Word Information Disclosure Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55050"
            }
          ],
          "title": "Microsoft Word Information Disclosure Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-55050",
        "datePublished": "2026-07-14T17:08:44.445Z",
        "dateReserved": "2026-06-16T14:13:49.836Z",
        "dateUpdated": "2026-07-17T21:32:34.510Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55047 (GCVE-0-2026-55047)

    Vulnerability from nvd – Published: 2026-07-14 17:08 – Updated: 2026-07-17 21:32
    VLAI
    Title
    Microsoft Office Information Disclosure Vulnerability
    Summary
    Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft 365 Apps for Enterprise Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2016 Affected: 16.0.0 , < 16.0.5561.1000 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2019 Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 365 for Mac Affected: 1.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2021 Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2024 Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2021 Affected: 16.0.1 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2024 Affected: 16.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft SharePoint Enterprise Server 2016 Affected: 16.0.0 , < 16.0.5561.1001 (custom)
    Create a notification for this product.
    Microsoft Microsoft SharePoint Server 2019 Affected: 16.0.0 , < 16.0.10417.20175 (custom)
    Create a notification for this product.
    Microsoft Microsoft SharePoint Server Subscription Edition Affected: 16.0.0 , < 16.0.19725.20434 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55047",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T18:54:23.232100Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T18:54:28.553Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft 365 Apps for Enterprise",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1000",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office 365 for Mac",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Enterprise Server 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1001",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.10417.20175",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Server Subscription Edition",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.19725.20434",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_365:*:*:*:*:*:macos:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server_2016:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "16.0.5561.1001",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.0.10417.20175",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*",
                      "versionEndExcluding": "16.0.19725.20434",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2016:*:*:*:*:*:*:x86:*",
                      "versionEndExcluding": "16.0.5561.1000",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125: Out-of-bounds Read",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T21:32:32.782Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Office Information Disclosure Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55047"
            }
          ],
          "title": "Microsoft Office Information Disclosure Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-55047",
        "datePublished": "2026-07-14T17:08:42.792Z",
        "dateReserved": "2026-06-16T14:13:49.836Z",
        "dateUpdated": "2026-07-17T21:32:32.782Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55045 (GCVE-0-2026-55045)

    Vulnerability from nvd – Published: 2026-07-14 17:08 – Updated: 2026-07-17 21:32
    VLAI
    Title
    Microsoft Office Remote Code Execution Vulnerability
    Summary
    Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft 365 Apps for Enterprise Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2016 Affected: 16.0.0 , < 16.0.5561.1000 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2019 Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 365 for Mac Affected: 1.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2021 Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2024 Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2021 Affected: 16.0.1 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2024 Affected: 16.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft SharePoint Enterprise Server 2016 Affected: 16.0.0 , < 16.0.5561.1001 (custom)
    Create a notification for this product.
    Microsoft Microsoft SharePoint Server 2019 Affected: 16.0.0 , < 16.0.10417.20175 (custom)
    Create a notification for this product.
    Microsoft Microsoft SharePoint Server Subscription Edition Affected: 16.0.0 , < 16.0.19725.20434 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55045",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-10T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T03:56:37.474Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft 365 Apps for Enterprise",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1000",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office 365 for Mac",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Enterprise Server 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1001",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.10417.20175",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Server Subscription Edition",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.19725.20434",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server_2016:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "16.0.5561.1001",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.0.10417.20175",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*",
                      "versionEndExcluding": "16.0.19725.20434",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2016:*:*:*:*:*:*:x86:*",
                      "versionEndExcluding": "16.0.5561.1000",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_365:*:*:*:*:*:macos:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125: Out-of-bounds Read",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T21:32:33.965Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Office Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55045"
            }
          ],
          "title": "Microsoft Office Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-55045",
        "datePublished": "2026-07-14T17:08:43.821Z",
        "dateReserved": "2026-06-16T14:13:49.836Z",
        "dateUpdated": "2026-07-17T21:32:33.965Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55040 (GCVE-0-2026-55040)

    Vulnerability from nvd – Published: 2026-07-14 17:09 – Updated: 2026-07-17 21:32
    VLAI
    Title
    Microsoft SharePoint Server Security Feature Bypass Vulnerability
    Summary
    Weak authentication in Microsoft Office SharePoint allows an unauthorized attacker to bypass a security feature over a network.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55040",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-13T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T03:57:22.057Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Enterprise Server 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1001",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.10417.20175",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Server Subscription Edition",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.19725.20434",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server_2016:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "16.0.5561.1001",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.0.10417.20175",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*",
                      "versionEndExcluding": "16.0.19725.20434",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Weak authentication in Microsoft Office SharePoint allows an unauthorized attacker to bypass a security feature over a network."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1390",
                  "description": "CWE-1390: Weak Authentication",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T21:32:53.583Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft SharePoint Server Security Feature Bypass Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55040"
            }
          ],
          "title": "Microsoft SharePoint Server Security Feature Bypass Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-55040",
        "datePublished": "2026-07-14T17:09:00.641Z",
        "dateReserved": "2026-06-16T14:13:49.835Z",
        "dateUpdated": "2026-07-17T21:32:53.583Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55038 (GCVE-0-2026-55038)

    Vulnerability from nvd – Published: 2026-07-14 17:08 – Updated: 2026-07-17 21:32
    VLAI
    Title
    Microsoft Word Remote Code Execution Vulnerability
    Summary
    Stack-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft 365 Apps for Enterprise Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2019 Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 365 for Mac Affected: 1.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2021 Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2024 Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2021 Affected: 16.0.1 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2024 Affected: 16.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft SharePoint Enterprise Server 2016 Affected: 16.0.0 , < 16.0.5561.1001 (custom)
    Create a notification for this product.
    Microsoft Microsoft SharePoint Server 2019 Affected: 16.0.0 , < 16.0.10417.20175 (custom)
    Create a notification for this product.
    Microsoft Microsoft SharePoint Server Subscription Edition Affected: 16.0.0 , < 16.0.19725.20434 (custom)
    Create a notification for this product.
    Microsoft Microsoft Word 2016 Affected: 16.0.1 , < 16.0.5561.1000 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55038",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-15T03:57:06.512505Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T11:03:31.702Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft 365 Apps for Enterprise",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office 365 for Mac",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Enterprise Server 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1001",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.10417.20175",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Server Subscription Edition",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.19725.20434",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Word 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1000",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_365:*:*:*:*:*:macos:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server_2016:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "16.0.5561.1001",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.0.10417.20175",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*",
                      "versionEndExcluding": "16.0.19725.20434",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:word_2016:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.0.5561.1000",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Stack-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121: Stack-based Buffer Overflow",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T21:32:47.607Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Word Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55038"
            }
          ],
          "title": "Microsoft Word Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-55038",
        "datePublished": "2026-07-14T17:08:54.676Z",
        "dateReserved": "2026-06-16T14:13:49.835Z",
        "dateUpdated": "2026-07-17T21:32:47.607Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55035 (GCVE-0-2026-55035)

    Vulnerability from nvd – Published: 2026-07-14 17:08 – Updated: 2026-07-17 21:32
    VLAI
    Title
    Microsoft Office Information Disclosure Vulnerability
    Summary
    Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft 365 Apps for Enterprise Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2016 Affected: 16.0.0 , < 16.0.5561.1000 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2019 Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 365 for Mac Affected: 1.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2021 Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2024 Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2021 Affected: 16.0.1 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2024 Affected: 16.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft SharePoint Enterprise Server 2016 Affected: 16.0.0 , < 16.0.5561.1001 (custom)
    Create a notification for this product.
    Microsoft Microsoft SharePoint Server 2019 Affected: 16.0.0 , < 16.0.10417.20175 (custom)
    Create a notification for this product.
    Microsoft Microsoft SharePoint Server Subscription Edition Affected: 16.0.0 , < 16.0.19725.20434 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55035",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T18:51:41.947841Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T18:51:48.535Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft 365 Apps for Enterprise",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1000",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office 365 for Mac",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Enterprise Server 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1001",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.10417.20175",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Server Subscription Edition",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.19725.20434",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server_2016:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "16.0.5561.1001",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.0.10417.20175",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*",
                      "versionEndExcluding": "16.0.19725.20434",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2016:*:*:*:*:*:*:x86:*",
                      "versionEndExcluding": "16.0.5561.1000",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_365:*:*:*:*:*:macos:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125: Out-of-bounds Read",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T21:32:44.001Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Office Information Disclosure Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55035"
            }
          ],
          "title": "Microsoft Office Information Disclosure Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-55035",
        "datePublished": "2026-07-14T17:08:50.812Z",
        "dateReserved": "2026-06-16T14:13:49.835Z",
        "dateUpdated": "2026-07-17T21:32:44.001Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55034 (GCVE-0-2026-55034)

    Vulnerability from nvd – Published: 2026-07-14 17:08 – Updated: 2026-07-17 21:32
    VLAI
    Title
    Microsoft SharePoint Server Spoofing Vulnerability
    Summary
    Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55034",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-15T03:57:20.933812Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T11:00:16.279Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Enterprise Server 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1001",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.10417.20175",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Server Subscription Edition",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.19725.20434",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server_2016:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "16.0.5561.1001",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.0.10417.20175",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*",
                      "versionEndExcluding": "16.0.19725.20434",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Improper neutralization of input during web page generation (\u0027cross-site scripting\u0027) in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T21:32:30.538Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft SharePoint Server Spoofing Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55034"
            }
          ],
          "title": "Microsoft SharePoint Server Spoofing Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-55034",
        "datePublished": "2026-07-14T17:08:40.594Z",
        "dateReserved": "2026-06-16T14:13:49.835Z",
        "dateUpdated": "2026-07-17T21:32:30.538Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55033 (GCVE-0-2026-55033)

    Vulnerability from nvd – Published: 2026-07-14 17:08 – Updated: 2026-07-17 21:32
    VLAI
    Title
    Microsoft Word Remote Code Execution Vulnerability
    Summary
    Integer overflow or wraparound in Microsoft Office Word allows an unauthorized attacker to execute code locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-190 - Integer Overflow or Wraparound
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft 365 Apps for Enterprise Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2019 Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 365 for Mac Affected: 1.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2021 Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2024 Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2021 Affected: 16.0.1 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2024 Affected: 16.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft SharePoint Enterprise Server 2016 Affected: 16.0.0 , < 16.0.5561.1001 (custom)
    Create a notification for this product.
    Microsoft Microsoft SharePoint Server 2019 Affected: 16.0.0 , < 16.0.10417.20175 (custom)
    Create a notification for this product.
    Microsoft Microsoft SharePoint Server Subscription Edition Affected: 16.0.0 , < 16.0.19725.20434 (custom)
    Create a notification for this product.
    Microsoft Microsoft Word 2016 Affected: 16.0.1 , < 16.0.5561.1000 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55033",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-10T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T03:57:07.618Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft 365 Apps for Enterprise",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office 365 for Mac",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Enterprise Server 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1001",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.10417.20175",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Server Subscription Edition",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.19725.20434",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Word 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1000",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.0.10417.20175",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:word_2016:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.0.5561.1000",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server_2016:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "16.0.5561.1001",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*",
                      "versionEndExcluding": "16.0.19725.20434",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_365:*:*:*:*:*:macos:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Integer overflow or wraparound in Microsoft Office Word allows an unauthorized attacker to execute code locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-190",
                  "description": "CWE-190: Integer Overflow or Wraparound",
                  "lang": "en-US",
                  "type": "CWE"
                },
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T21:32:36.215Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Word Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55033"
            }
          ],
          "title": "Microsoft Word Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-55033",
        "datePublished": "2026-07-14T17:08:46.146Z",
        "dateReserved": "2026-06-16T14:13:49.835Z",
        "dateUpdated": "2026-07-17T21:32:36.215Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55032 (GCVE-0-2026-55032)

    Vulnerability from nvd – Published: 2026-07-14 17:08 – Updated: 2026-07-17 21:32
    VLAI
    Title
    Microsoft Word Remote Code Execution Vulnerability
    Summary
    Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft 365 Apps for Enterprise Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2019 Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 365 for Mac Affected: 1.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2021 Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2024 Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2021 Affected: 16.0.1 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2024 Affected: 16.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft SharePoint Enterprise Server 2016 Affected: 16.0.0 , < 16.0.5561.1001 (custom)
    Create a notification for this product.
    Microsoft Microsoft SharePoint Server 2019 Affected: 16.0.0 , < 16.0.10417.20175 (custom)
    Create a notification for this product.
    Microsoft Microsoft SharePoint Server Subscription Edition Affected: 16.0.0 , < 16.0.19725.20434 (custom)
    Create a notification for this product.
    Microsoft Microsoft Word 2016 Affected: 16.0.1 , < 16.0.5561.1000 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55032",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-15T03:57:07.261596Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T11:03:18.503Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft 365 Apps for Enterprise",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office 365 for Mac",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Enterprise Server 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1001",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.10417.20175",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Server Subscription Edition",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.19725.20434",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Word 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1000",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server_2016:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "16.0.5561.1001",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.0.10417.20175",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*",
                      "versionEndExcluding": "16.0.19725.20434",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:word_2016:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.0.5561.1000",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_365:*:*:*:*:*:macos:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416: Use After Free",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T21:32:35.592Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Word Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55032"
            }
          ],
          "title": "Microsoft Word Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-55032",
        "datePublished": "2026-07-14T17:08:45.598Z",
        "dateReserved": "2026-06-16T14:12:44.285Z",
        "dateUpdated": "2026-07-17T21:32:35.592Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55030 (GCVE-0-2026-55030)

    Vulnerability from nvd – Published: 2026-07-14 17:08 – Updated: 2026-07-17 21:32
    VLAI
    Title
    Microsoft SharePoint Server Spoofing Vulnerability
    Summary
    Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55030",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T18:11:41.418920Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T18:11:51.233Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Enterprise Server 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1001",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.10417.20175",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Server Subscription Edition",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.19725.20434",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server_2016:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "16.0.5561.1001",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.0.10417.20175",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*",
                      "versionEndExcluding": "16.0.19725.20434",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Improper neutralization of input during web page generation (\u0027cross-site scripting\u0027) in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T21:32:27.669Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft SharePoint Server Spoofing Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55030"
            }
          ],
          "title": "Microsoft SharePoint Server Spoofing Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-55030",
        "datePublished": "2026-07-14T17:08:37.976Z",
        "dateReserved": "2026-06-16T14:12:44.285Z",
        "dateUpdated": "2026-07-17T21:32:27.669Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55028 (GCVE-0-2026-55028)

    Vulnerability from nvd – Published: 2026-07-14 17:08 – Updated: 2026-07-17 21:32
    VLAI
    Title
    Microsoft Office Information Disclosure Vulnerability
    Summary
    Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft 365 Apps for Enterprise Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2016 Affected: 16.0.0 , < 16.0.5561.1000 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2019 Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 365 for Mac Affected: 1.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2021 Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2024 Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2021 Affected: 16.0.1 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2024 Affected: 16.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft SharePoint Enterprise Server 2016 Affected: 16.0.0 , < 16.0.5561.1001 (custom)
    Create a notification for this product.
    Microsoft Microsoft SharePoint Server 2019 Affected: 16.0.0 , < 16.0.10417.20175 (custom)
    Create a notification for this product.
    Microsoft Microsoft SharePoint Server Subscription Edition Affected: 16.0.0 , < 16.0.19725.20434 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55028",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-15T14:00:19.736539Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T14:00:27.385Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft 365 Apps for Enterprise",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1000",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office 365 for Mac",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Enterprise Server 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1001",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.10417.20175",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Server Subscription Edition",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.19725.20434",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server_2016:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "16.0.5561.1001",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.0.10417.20175",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*",
                      "versionEndExcluding": "16.0.19725.20434",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2016:*:*:*:*:*:*:x86:*",
                      "versionEndExcluding": "16.0.5561.1000",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_365:*:*:*:*:*:macos:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125: Out-of-bounds Read",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T21:32:32.238Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Office Information Disclosure Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55028"
            }
          ],
          "title": "Microsoft Office Information Disclosure Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-55028",
        "datePublished": "2026-07-14T17:08:42.241Z",
        "dateReserved": "2026-06-16T14:12:44.285Z",
        "dateUpdated": "2026-07-17T21:32:32.238Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55027 (GCVE-0-2026-55027)

    Vulnerability from nvd – Published: 2026-07-14 17:08 – Updated: 2026-07-17 21:32
    VLAI
    Title
    Microsoft Office Information Disclosure Vulnerability
    Summary
    Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft 365 Apps for Enterprise Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2016 Affected: 16.0.0 , < 16.0.5561.1000 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2019 Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 365 for Mac Affected: 1.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2021 Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2024 Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2021 Affected: 16.0.1 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2024 Affected: 16.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft SharePoint Enterprise Server 2016 Affected: 16.0.0 , < 16.0.5561.1001 (custom)
    Create a notification for this product.
    Microsoft Microsoft SharePoint Server 2019 Affected: 16.0.0 , < 16.0.10417.20175 (custom)
    Create a notification for this product.
    Microsoft Microsoft SharePoint Server Subscription Edition Affected: 16.0.0 , < 16.0.19725.20434 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55027",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T19:17:04.446621Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T19:17:15.816Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft 365 Apps for Enterprise",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1000",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office 365 for Mac",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Enterprise Server 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1001",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.10417.20175",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Server Subscription Edition",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.19725.20434",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server_2016:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "16.0.5561.1001",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.0.10417.20175",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*",
                      "versionEndExcluding": "16.0.19725.20434",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2016:*:*:*:*:*:*:x86:*",
                      "versionEndExcluding": "16.0.5561.1000",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_365:*:*:*:*:*:macos:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125: Out-of-bounds Read",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T21:32:31.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Office Information Disclosure Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55027"
            }
          ],
          "title": "Microsoft Office Information Disclosure Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-55027",
        "datePublished": "2026-07-14T17:08:41.141Z",
        "dateReserved": "2026-06-16T14:12:44.285Z",
        "dateUpdated": "2026-07-17T21:32:31.000Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55026 (GCVE-0-2026-55026)

    Vulnerability from nvd – Published: 2026-07-14 17:08 – Updated: 2026-07-17 21:32
    VLAI
    Title
    Microsoft Office Information Disclosure Vulnerability
    Summary
    Integer overflow or wraparound in Microsoft Office allows an unauthorized attacker to disclose information locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-190 - Integer Overflow or Wraparound
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft 365 Apps for Enterprise Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2016 Affected: 16.0.0 , < 16.0.5561.1000 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2019 Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 365 for Mac Affected: 1.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2021 Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2024 Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2021 Affected: 16.0.1 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2024 Affected: 16.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft SharePoint Enterprise Server 2016 Affected: 16.0.0 , < 16.0.5561.1001 (custom)
    Create a notification for this product.
    Microsoft Microsoft SharePoint Server 2019 Affected: 16.0.0 , < 16.0.10417.20175 (custom)
    Create a notification for this product.
    Microsoft Microsoft SharePoint Server Subscription Edition Affected: 16.0.0 , < 16.0.19725.20434 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55026",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-16T14:02:27.369968Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-16T14:02:42.836Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft 365 Apps for Enterprise",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1000",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office 365 for Mac",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Enterprise Server 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1001",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.10417.20175",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Server Subscription Edition",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.19725.20434",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server_2016:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "16.0.5561.1001",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.0.10417.20175",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*",
                      "versionEndExcluding": "16.0.19725.20434",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2016:*:*:*:*:*:*:x86:*",
                      "versionEndExcluding": "16.0.5561.1000",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_365:*:*:*:*:*:macos:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Integer overflow or wraparound in Microsoft Office allows an unauthorized attacker to disclose information locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.2,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-190",
                  "description": "CWE-190: Integer Overflow or Wraparound",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T21:32:29.301Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Office Information Disclosure Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55026"
            }
          ],
          "title": "Microsoft Office Information Disclosure Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-55026",
        "datePublished": "2026-07-14T17:08:39.562Z",
        "dateReserved": "2026-06-16T14:12:44.285Z",
        "dateUpdated": "2026-07-17T21:32:29.301Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }