Skip to main content

Office Deployment Tool CVE-2026-20943

HIGH
Untrusted Search Path (CWE-426)
2026-01-13 secure@microsoft.com
7.0
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.0 HIGH
AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
ENISA EUVD
HIGH
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
CVE Published
Jan 13, 2026 - 18:16 nvd
HIGH 7.0

DescriptionCVE.org

Untrusted search path in Microsoft Office allows an unauthorized attacker to execute code locally.

AnalysisAI

Untrusted search path in Microsoft Office allows an unauthorized attacker to execute code locally. [CVSS 7.0 HIGH]

Technical ContextAI

Classified as CWE-426 (Untrusted Search Path). Affects Office. Untrusted search path in Microsoft Office allows an unauthorized attacker to execute code locally.

RemediationAI

Monitor vendor advisories for a patch.

Share

CVE-2026-20943 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy