Skip to main content
CVE-2026-58635 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows Narrator (the built-in screen reader) arises from improper neutralization of special elements in its Braille support component, allowing an already-authenticated local attacker (PR:L) to inject and execute OS commands that run with elevated privileges. All supported Windows client and server builds from Windows 10 1809 through Windows 11 26H1 and Windows Server 2019-2025 are affected, and Microsoft has released a patch. There is no public exploit identified at time of analysis and the CVE is not in CISA KEV, so exploitation is not confirmed as active.

Microsoft Command Injection Windows 10 Version 1809 Windows 10 Version 21H2 Windows 10 Version 22H2 +8
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2026-58542 HIGH PATCH NEWS This Week

Local code execution in Windows Media on Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 lets an attacker run arbitrary code by luring a user into opening a maliciously crafted media file. The CVSS 3.1 base score is 7.8 with full confidentiality, integrity, and availability impact but requiring user interaction, and there is no public exploit identified at time of analysis. Microsoft has released a patch via MSRC.

Heap Overflow Buffer Overflow Microsoft Windows 11 Version 24H2 Windows 11 Version 25H2 +3
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2026-54124 HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Windows Terminal (shipped on Windows 10 21H2/22H2, Windows 11 24H2/25H2/26H1, and Windows Server 2022/2025) arises from an integer overflow (CWE-190) that an unauthorized attacker can trigger, but only after luring a logged-on user into interacting with malicious content. There is no public exploit identified at time of analysis and the flaw is not in CISA KEV, so this is a defense-in-depth patch rather than an emergency, though the CVSS 7.8 reflects full confidentiality, integrity, and availability impact once triggered. Microsoft has released a patch via the MSRC update guide.

Buffer Overflow Microsoft Integer Overflow Windows 10 Version 21H2 Windows 10 Version 22H2 +8
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2026-50313 HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Windows NTFS driver (heap-based buffer overflow, CWE-122) allows an attacker to run arbitrary code with the privileges of the exploited context. The flaw affects a broad range of Windows client and server releases from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 through Server 2025. CVSS 7.8 with high confidentiality, integrity, and availability impact; exploitation requires local access and user interaction, and there is no public exploit identified at time of analysis.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2026-50454 HIGH PATCH Exploit Likely This Week

Local privilege escalation in Windows User Interface Core (UI Core) affects Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025, where a relative path traversal flaw lets an already-authenticated low-privileged user escalate to higher privileges on the local machine. The CVSS 3.1 score of 7.8 reflects full confidentiality, integrity, and availability impact once triggered, though attack requires local access and existing low-level privileges. Reported by Microsoft with a patch available; no public exploit identified at time of analysis and it is not listed in CISA KEV.

Microsoft Path Traversal Windows 11 Version 24H2 Windows 11 Version 25H2 Windows 11 Version 26H1 +2
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2026-55031 HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Office Excel (spanning Excel 2016, Office 2019, Office LTSC 2021/2024, Microsoft 365 Apps for Enterprise, the macOS builds, and Office Online Server) arises from an out-of-bounds read (CWE-125) that an attacker triggers by convincing a user to open a maliciously crafted workbook. The CVSS 3.1 base score is 7.8 with high confidentiality, integrity, and availability impact, but exploitation requires user interaction (opening the file) and no active exploitation or public proof-of-concept has been reported. There is no public exploit identified at time of analysis; Microsoft has released a patch via its Security Update Guide.

Buffer Overflow Microsoft Information Disclosure Microsoft 365 Apps For Enterprise Microsoft Excel 2016 +7
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2026-55024 HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Excel (Office 2016 through LTSC 2024, Microsoft 365 Apps, and Mac editions) allows an attacker to run arbitrary code by tricking a user into opening a maliciously crafted spreadsheet that triggers a type-confusion condition in Excel's file parser. The CVSS 3.1 score is 7.8 (High) with the local vector reflecting file-open exploitation rather than remote-network access, and success requires user interaction. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Microsoft Memory Corruption Authentication Bypass Microsoft 365 Apps For Enterprise Microsoft Excel 2016 +7
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2026-47642 HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Office Excel (across Microsoft 365 Apps for Enterprise, Office 2019, Office LTSC 2021/2024, and their macOS equivalents) arises from a use-after-free (CWE-416) memory-corruption flaw triggered when a user opens a maliciously crafted spreadsheet. The CVSS vector (AV:L/AC:L/PR:N/UI:R) indicates an unauthenticated attacker can achieve full confidentiality, integrity, and availability impact but requires the victim to open a file, making it a classic phishing-delivered client-side bug. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, though Excel memory-corruption bugs are historically attractive targets.

Use After Free Memory Corruption Denial Of Service Microsoft Microsoft 365 Apps For Enterprise +7
NVD VulDB
CVSS 3.1
7.8
EPSS
0.4%
CVE-2026-49796 HIGH PATCH NEWS Exploit Unlikely This Week

Local code execution in Windows GDI+ (the Graphics Device Interface Plus rendering component) affects a broad range of Microsoft Windows client and server releases from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 through Server 2025. An attacker who convinces a user to open or preview a specially crafted image or document triggers a heap-based buffer overflow (CWE-122) during graphics parsing, yielding arbitrary code execution in the context of the current user. The CVSS 3.1 base score is 7.8 (AV:L/AC:L/PR:N/UI:R); there is no public exploit identified at time of analysis and it is not listed in CISA KEV, but GDI+ image-parsing flaws are historically attractive to attackers.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2026-57091 HIGH PATCH Exploit Likely This Week

Local privilege escalation in the Windows File History Service lets an authenticated, low-privileged attacker corrupt a stack buffer (CWE-121) to run code with elevated (SYSTEM-level) privileges on affected Windows client and server releases. The flaw spans a broad range of supported editions from Windows 10 1607 through Windows 11 26H1 and Windows Server 2016 through 2025, including Server Core installations. No public exploit was identified at time of analysis, and the CVE is not listed in CISA KEV.

Buffer Overflow Stack Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +12
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2026-50308 HIGH PATCH This Week

Local code execution in the Microsoft Windows NTFS file-system driver lets an attacker run arbitrary code by inducing a victim to interact with a specially crafted NTFS artifact (e.g., a malicious volume, VHD, or file). The flaw stems from an integer underflow (CWE-191) and spans a broad range of Windows client and server builds from Windows Server 2012 through Windows Server 2025 and Windows 10/11. Microsoft has released a patch; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Authentication Bypass Microsoft Integer Overflow Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2026-49797 HIGH PATCH Exploit Unlikely This Week

Local code execution in the Windows NTFS driver (CVE-2026-49797) allows an attacker with local access to run arbitrary code by tricking a user into interacting with a maliciously crafted NTFS artifact, exploiting a heap-based buffer overflow (CWE-122). The flaw affects a broad range of Windows client and server releases from Windows 10 1607 and Server 2012 through Windows 11 26H1 and Server 2025. Microsoft has released a patch; no public exploit identified at time of analysis and it is not listed in CISA KEV.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2026-58547 HIGH PATCH Exploit Unlikely This Week

Heap-based buffer overflow in Universal Plug and Play (upnp.dll) allows an authorized attacker to elevate privileges locally.

Heap Overflow Buffer Overflow Windows 10 Version 1809 Windows 10 Version 21H2 Windows 10 Version 22H2 +8
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2026-50327 HIGH PATCH NEWS Exploit Likely This Week

Local code execution in the Windows Media component of Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 allows an authenticated local attacker to run arbitrary code by triggering a heap-based buffer overflow. Successful exploitation yields high confidentiality, integrity, and availability impact within the current security context, and Microsoft has released a patch. No public exploit identified at time of analysis, and the flaw is not listed in CISA KEV.

Heap Overflow Buffer Overflow Microsoft Windows 11 Version 24H2 Windows 11 Version 25H2 +3
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2026-55140 HIGH PATCH NEWS Exploit Unlikely This Week

Local code execution in Microsoft Office (2016, 2019, LTSC 2021/2024, 365 Apps for Enterprise, and Office for Mac) arises from a heap-based buffer overflow (CWE-122) that an attacker triggers by getting a victim to open a maliciously crafted Office document. Rated CVSS 7.8 with high impact to confidentiality, integrity, and availability, exploitation requires user interaction but no prior authentication or privileges. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV, but Microsoft has released a patch via the MSRC update guide.

Heap Overflow Buffer Overflow Microsoft Microsoft 365 Apps For Enterprise Microsoft Office 2016 +6
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-55056 HIGH PATCH NEWS Exploit Unlikely This Week

Local code execution in Microsoft Office (Microsoft 365 Apps, Office 2016/2019, LTSC 2021/2024, and Office for Mac) arises from a heap-based buffer overflow (CWE-122) that an attacker triggers by convincing a user to open a maliciously crafted document. The CVSS 3.1 score is 7.8 (AV:L/AC:L/PR:N/UI:R) with high impact to confidentiality, integrity, and availability, meaning code runs in the context of the current user. No public exploit identified at time of analysis, and it is not listed in CISA KEV; a vendor patch is available via MSRC.

Heap Overflow Buffer Overflow Microsoft Microsoft 365 Apps For Enterprise Microsoft Office 2016 +6
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-55129 HIGH PATCH NEWS Exploit Unlikely This Week

Local code execution in Microsoft Office (2016, 2019, LTSC 2021/2024, Microsoft 365 Apps for Enterprise, and Office for Mac) arises from a heap-based buffer overflow (CWE-122) triggered when a user opens a maliciously crafted document. Rated CVSS 7.8 (AV:L/UI:R), an attacker who convinces a victim to open a weaponized file can run arbitrary code in the context of the current user. Microsoft has released a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Heap Overflow Buffer Overflow Microsoft Microsoft 365 Apps For Enterprise Microsoft Office 2016 +6
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-55049 HIGH PATCH NEWS Exploit Unlikely This Week

Local arbitrary code execution in Microsoft Office (Microsoft 365 Apps for Enterprise, Office 2016/2019, Office LTSC 2021/2024, and their macOS equivalents) arises from a heap-based buffer overflow (CWE-122) that an attacker triggers by convincing a user to open a maliciously crafted Office document. The CVSS 3.1 vector (AV:L/AC:L/PR:N/UI:R) shows the flaw requires user interaction but no prior privileges, yielding full high-impact compromise of confidentiality, integrity, and availability in the user's context. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, so exploitation status is not currently confirmed.

Heap Overflow Buffer Overflow Microsoft Microsoft 365 Apps For Enterprise Microsoft Office 2016 +6
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-55133 HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Office OneNote (Microsoft 365 Apps for Enterprise and Office for Mac editions) arises from a heap-based buffer overflow (CWE-122) that lets an attacker run arbitrary code in the context of the current user when a victim opens a maliciously crafted OneNote file. The CVSS 3.1 score is 7.8 with a local attack vector requiring user interaction (AV:L/UI:R), and impact is total across confidentiality, integrity, and availability. There is no public exploit identified at time of analysis, and CISA SSVC lists exploitation status as none.

Heap Overflow Buffer Overflow Microsoft Microsoft 365 Apps For Enterprise Microsoft Office 365 For Mac +2
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-50675 HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Excel (including Microsoft 365 Apps, Office 2016/2019, Office LTSC 2021/2024, and Office for Mac) arises from a heap-based buffer overflow (CWE-122) triggered when a victim opens a maliciously crafted spreadsheet, letting an attacker run arbitrary code in the user's context. The CVSS 3.1 score is 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), reflecting that exploitation needs user interaction but no prior privileges once the file is opened. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV; Microsoft has released a patch.

Heap Overflow Buffer Overflow Microsoft Microsoft 365 Apps For Enterprise Microsoft Excel 2016 +7
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-58609 HIGH PATCH This Week

Local code execution in the Microsoft Graphics Component affects a broad range of supported Windows client and server releases (Windows 10 1607 through Windows 11 26H1, and Windows Server 2012 through Server 2025). An attacker who convinces a user to open a specially crafted file or content triggers an out-of-bounds read (CWE-125) that Microsoft rates as enabling code execution with high confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; exploitation requires local access plus user interaction, making it a standard patch-cycle priority rather than an emergency.

Buffer Overflow Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-58537 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft's NAT Helper Components (ipnathlp.dll), the driver behind Internet Connection Sharing and NAT translation on Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025. An authenticated attacker who already has low-privilege access can exploit a use-after-free memory corruption bug to run code at higher privilege (SYSTEM). No public exploit identified at time of analysis, and it is not listed in CISA KEV, but Microsoft has released a patch.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 11 Version 24H2 +4
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-58532 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows Kernel allows an authenticated attacker to elevate to SYSTEM by triggering an integer overflow (CWE-190) in a kernel code path. The flaw affects a broad range of supported Windows client and server releases (Windows 10 1607 through Windows 11 26H1, and Windows Server 2012 through Server 2025). Reported by Microsoft with a vendor patch available; no public exploit identified at time of analysis and no EPSS or KEV data supplied.

Buffer Overflow Microsoft Integer Overflow Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-56644 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows Kernel allows an authenticated attacker to elevate to SYSTEM by exploiting a use-after-free (CWE-416) memory corruption condition, spanning Windows 10 (1607 through 22H2), Windows 11 (24H2/25H2/26H1), and Windows Server 2016 through 2025. Reported by Microsoft with a CVSS 3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N), the flaw grants full confidentiality, integrity, and availability impact on the local system. No public exploit identified at time of analysis, and it is not listed in CISA KEV; a vendor patch is available.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1607 +13
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-56643 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows Kernel (CWE-416 use-after-free) lets an already-authenticated low-privilege user corrupt kernel memory and gain SYSTEM-level control across a broad range of Windows 10, Windows 11, and Windows Server 2016 through 2025 builds. Microsoft self-reported the flaw and has shipped a patch through the Update Guide; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. With CVSS 7.8 (AV:L/PR:L) it is a classic Patch-Tuesday local EoP suitable as a second-stage primitive after initial access.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1607 +13
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-50479 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows USB Hub Driver allows an authenticated low-privileged user to elevate to SYSTEM by triggering an untrusted pointer dereference (CWE-822), affecting Windows 10 (1809/21H2/22H2) and Windows Server 2019 through 2025. Successful exploitation yields full confidentiality, integrity, and availability impact on the local host. There is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV, but Microsoft has released a patch.

Microsoft Information Disclosure Windows 10 Version 1809 Windows 10 Version 21H2 Windows 10 Version 22H2 +5
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-50478 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows Kernel lets an authenticated attacker who already has low-privileged code execution on a host elevate to SYSTEM by exploiting a use-after-free (CWE-416) memory corruption. It affects a broad range of supported Windows client and server builds - Windows 10 (1809/21H2/22H2), Windows 11 (24H2/25H2/26H1), and Windows Server 2019/2022/2025 - and Microsoft has released a patch. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, so exploitation appears unproven publicly despite the reliably-exploitable nature of kernel UAF flaws.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1809 +10
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-50421 HIGH PATCH This Week

Local privilege escalation in the Windows Connected User Experiences and Telemetry service (DiagTrack) lets an already-authenticated user run arbitrary code with SYSTEM-level rights by triggering a CWE-843 type-confusion condition. The flaw affects a broad range of currently-supported Windows client and server builds, from Windows 10 1607 through Windows 11 26H1 and Windows Server 2016 through 2025. Microsoft has released a patch; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Microsoft Memory Corruption Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 +12
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-50315 HIGH PATCH This Week

Local privilege escalation in Windows Image Acquisition (WIA) affects Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025, where a NULL pointer dereference can be leveraged by an already-authenticated local user to elevate privileges. Microsoft rates it 7.8 (High) with full confidentiality, integrity, and availability impact despite the flaw class typically causing denial of service. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV.

Microsoft Denial Of Service Null Pointer Dereference Windows 11 Version 24H2 Windows 11 Version 25H2 +3
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-50326 HIGH PATCH This Week

Local privilege escalation in the Windows Unified Consent System (UCS) lets an already-authenticated attacker exploit a use-after-free memory-corruption flaw (CWE-416) to gain higher privileges, potentially up to SYSTEM. It affects a broad range of current Windows client and server builds including Windows 10 21H2/22H2, Windows 11 24H2/25H2/26H1, and Windows Server 2025. Reported by Microsoft with a CVSS 3.1 base score of 7.8; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 21H2 +6
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-54131 HIGH PATCH Exploit Unlikely This Week

Arbitrary code execution in Microsoft Office Excel arises from a use-after-free (CWE-416) memory-corruption flaw affecting Microsoft 365 Apps for Enterprise, Office 2019, Office LTSC 2021/2024, Office for Mac, and Office Online Server. The CVSS 3.1 vector (AV:L/UI:R) makes this a user-interaction-dependent, locally-scoped issue: a victim must open a maliciously crafted Excel workbook, after which the attacker gains code execution in the user's security context. No public exploit is identified at time of analysis and it is not listed in CISA KEV, but a vendor patch is available.

Use After Free Memory Corruption Denial Of Service Microsoft Microsoft 365 Apps For Enterprise +7
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-55131 HIGH PATCH Exploit Unlikely This Week

Arbitrary code execution in Microsoft Office Excel arises from a heap-based buffer overflow (CWE-122) that an attacker triggers when a victim opens a maliciously crafted spreadsheet, running code in the security context of the current user. The flaw spans a broad Office footprint including Microsoft 365 Apps for Enterprise, Excel 2016, Office 2019, Office LTSC 2021/2024, the macOS Office editions, and Office Online Server. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV; the CVSS 7.8 rating reflects high impact gated by required user interaction.

Heap Overflow Buffer Overflow Microsoft Microsoft 365 Apps For Enterprise Microsoft Excel 2016 +7
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-55053 HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Excel arises from a heap-based buffer overflow (CWE-122) that an attacker triggers by luring a victim into opening a maliciously crafted spreadsheet, yielding attacker code in the user's security context. It affects a broad Office family including Microsoft 365 Apps for Enterprise, Excel 2016, Office 2019, Office LTSC 2021/2024, the macOS editions, and Office Online Server. The CVSS 3.1 base score is 7.8 and the vector requires user interaction (UI:R); there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Heap Overflow Buffer Overflow Microsoft Microsoft 365 Apps For Enterprise Microsoft Excel 2016 +7
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-55058 HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Office Excel (Microsoft 365 Apps, Office 2019, Office LTSC 2021/2024, Office for Mac, Office Online Server) arises from an out-of-bounds read (CWE-125) that an attacker weaponizes by luring a victim into opening a crafted spreadsheet, yielding code execution in the user's security context. The flaw carries a CVSS 7.8 (AV:L/AC:L/PR:N/UI:R) and requires no privileges but does require user interaction. Microsoft has released a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Buffer Overflow Microsoft Information Disclosure Microsoft 365 Apps For Enterprise Microsoft Excel 2016 +7
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-55037 HIGH PATCH Exploit Unlikely This Week

Arbitrary code execution in Microsoft Excel (spanning Microsoft 365 Apps, Office 2016/2019, Office LTSC 2021/2024, Office for Mac, and Office Online Server) allows an unauthorized attacker to run code in the victim's context by tricking them into opening a maliciously crafted spreadsheet. The flaw is a heap-based buffer overflow (CWE-122) that executes with the local user's privileges once the file is opened. Microsoft has released a patch; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Heap Overflow Buffer Overflow Microsoft Microsoft 365 Apps For Enterprise Microsoft Excel 2016 +7
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-55044 HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Excel (Microsoft 365 Apps, Office 2019, Office LTSC 2021/2024, Office for Mac, and Office Online Server) arises from an out-of-bounds read (CWE-125) triggered when a victim opens a maliciously crafted spreadsheet. CVSS 7.8 with high impact to confidentiality, integrity, and availability; no public exploit identified at time of analysis. Exploitation requires user interaction (opening the file) but no prior authentication or privileges on the target beyond the ability to induce the user to open the document.

Buffer Overflow Microsoft Information Disclosure Microsoft 365 Apps For Enterprise Microsoft Excel 2016 +7
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-55036 HIGH PATCH Exploit Unlikely This Week

Local arbitrary code execution in Microsoft Excel arises from a buffer over-read (CWE-126) triggered when a victim opens a maliciously crafted spreadsheet, letting an attacker run code in the context of the current user. The flaw spans Office 2016/2019, Microsoft 365 Apps, Office LTSC 2021/2024 (Windows and Mac) and Office Online Server; a vendor patch is available via MSRC. No public exploit has been identified at time of analysis, and the CVSS 7.8 (AV:L/UI:R) rating reflects that user interaction is required.

Buffer Overflow Microsoft Microsoft 365 Apps For Enterprise Microsoft Excel 2016 Microsoft Office 2019 +6
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-55041 HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Excel (and the broader Office family including Microsoft 365 Apps for Enterprise, Office 2019/2021/2024 LTSC, Office for Mac, and Office Online Server) stems from a heap-based buffer overflow that triggers when a user opens a maliciously crafted spreadsheet. The CVSS vector (AV:L/AC:L/PR:N/UI:R) indicates an unauthenticated attacker gains full code execution in the victim's context but only after the target opens the file. No public exploit identified at time of analysis, and it is not listed in CISA KEV; a vendor patch is available from Microsoft (MSRC CVE-2026-55041).

Heap Overflow Buffer Overflow Microsoft Microsoft 365 Apps For Enterprise Microsoft Excel 2016 +7
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-55039 HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Excel (and the broader Office suite through Microsoft 365 Apps, Office 2019/2021/2024 LTSC, Office for Mac, and Office Online Server) arises from an integer underflow (CWE-191) in Excel's file parsing, letting an attacker run arbitrary code in the context of the user who opens a maliciously crafted spreadsheet. The CVSS 3.1 vector (AV:L/AC:L/PR:N/UI:R) shows no attacker privileges are needed but the victim must open the file, giving full confidentiality, integrity, and availability impact. No public exploit identified at time of analysis, and it is not listed in CISA KEV; a vendor patch is available.

Authentication Bypass Microsoft Integer Overflow Microsoft 365 Apps For Enterprise Microsoft Excel 2016 +7
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-55029 HIGH PATCH Exploit Unlikely This Week

Arbitrary code execution in Microsoft Excel (across Microsoft 365 Apps, Office 2019, Office LTSC 2021/2024, Office for Mac, and Office Online Server) arises from a heap-based buffer overflow (CWE-122) that triggers when a victim opens a maliciously crafted spreadsheet. The CVSS 3.1 vector (AV:L/AC:L/PR:N/UI:R) confirms this is a local, user-interaction-dependent file-format attack rather than a remote network exploit, yielding code execution in the context of the current user. No public exploit has been identified at time of analysis, and the CVE is not listed in CISA KEV; a Microsoft patch is available.

Heap Overflow Buffer Overflow Microsoft Microsoft 365 Apps For Enterprise Microsoft Excel 2016 +7
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-55048 HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Excel (spanning Microsoft 365 Apps for Enterprise, Excel 2016, Office 2019, Office LTSC 2021/2024, the macOS Office builds, and Office Online Server) arises from an integer overflow (CWE-190) triggered when the application parses a maliciously crafted spreadsheet. An unauthorized attacker who convinces a victim to open a booby-trapped file can run arbitrary code in the context of the current user, with full confidentiality, integrity, and availability impact per the 7.8 CVSS vector. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV.

Buffer Overflow Microsoft Integer Overflow Microsoft 365 Apps For Enterprise Microsoft Excel 2016 +7
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-55025 HIGH PATCH This Week

Local code execution in Microsoft Excel (Microsoft 365 Apps, Office 2019/LTSC 2021/2024, Office for Mac, and Office Online Server) arises from a type-confusion flaw (CWE-843) in how Excel parses spreadsheet content. An attacker who convinces a victim to open a malicious workbook can run arbitrary code in the context of the current user, gaining high confidentiality, integrity, and availability impact. Reported by Microsoft with a patch available; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Microsoft Memory Corruption Authentication Bypass Microsoft 365 Apps For Enterprise Microsoft Excel 2016 +7
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-50312 HIGH PATCH Exploit Unlikely This Week

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1607 +17
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-55948 HIGH PATCH This Week

Local code execution in Microsoft Excel (2016, Office 2019, Office LTSC 2021/2024, Microsoft 365 Apps, Office for Mac, and Office Online Server) arises from a use-after-free memory corruption (CWE-416) that an attacker triggers when a victim opens a maliciously crafted spreadsheet. Exploitation runs code in the context of the current user and requires user interaction (opening the file), with no public exploit identified at time of analysis. This is a locally-exploited, phishing-delivered class of bug typical of Office file-format handlers, patched by Microsoft via MSRC.

Use After Free Memory Corruption Denial Of Service Microsoft Microsoft 365 Apps For Enterprise +8
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-55899 HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Excel (and the broader Office family through Microsoft 365 Apps, Office 2019/2021/2024 LTSC, Office for Mac, and Office Online Server) arises from a stack-based buffer overflow (CWE-121) triggered when a user opens a maliciously crafted spreadsheet. An attacker who convinces a victim to open the file runs arbitrary code in the security context of the current user, with high impact to confidentiality, integrity, and availability. There is no public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV; Microsoft has released a patch.

Buffer Overflow Stack Overflow Microsoft Microsoft 365 Apps For Enterprise Microsoft Excel 2016 +7
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-48269 HIGH This Week

Arbitrary code execution in Adobe Premiere Pro is possible via a heap-based buffer overflow (CWE-122) triggered when a victim opens a maliciously crafted project or media file, running attacker code in the context of the current user. The flaw is local and requires user interaction, with no public exploit identified at time of analysis; Adobe self-reported it in advisory APSB26-76. CVSS 7.8 reflects high confidentiality, integrity, and availability impact but a local attack vector gated by the user opening a malicious file.

Heap Overflow Buffer Overflow RCE Premiere
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-47971 HIGH This Week

Arbitrary code execution in Adobe Media Encoder arises from a stack-based buffer overflow (CWE-121) triggered when a victim opens a maliciously crafted media file, allowing an attacker to run code in the context of the current user. The CVSS 3.1 base score is 7.8 (local vector, user interaction required, no privileges needed). There is no public exploit identified at time of analysis and it is not listed in CISA KEV, so risk is file-delivery-driven rather than remotely wormable.

Buffer Overflow Stack Overflow RCE Adobe Media Encoder
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-58634 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows 11 (version 26H1) Desktop Window Manager (DWM) allows an authenticated low-privileged user to gain SYSTEM-level control by exploiting a use-after-free (CWE-416) memory-corruption flaw. Reported by Microsoft and carrying a CVSS 3.1 score of 7.8, the flaw grants full confidentiality, integrity, and availability impact once triggered locally. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV, but DWM EoP bugs are a historically favored post-compromise primitive.

Use After Free Memory Corruption Denial Of Service Windows 11 Version 26H1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-58632 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Win32K kernel-mode subsystem allows an authenticated attacker to elevate to SYSTEM by exploiting a use-after-free (CWE-416) memory-corruption condition. The flaw affects a broad range of supported Windows client and server releases (Windows 10 1607 through Windows 11 26H1, and Windows Server 2016 through 2025). Reported by Microsoft with a patch available; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1607 +13
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-58613 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Cloud Files Mini Filter Driver (cldflt.sys) lets an authenticated low-privileged user corrupt kernel memory to gain SYSTEM-level control. The flaw is a use-after-free (CWE-416) affecting a broad range of Windows client and server builds from Windows 10 1809 through Windows 11 26H1 and Windows Server 2019-2025. Microsoft has released a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1809 +10
NVD
CVSS 3.1
7.8
EPSS
0.3%
Prev Page 7 of 20 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy