Microsoft
CVE-2026-26110
HIGH
Severity by source
AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
AnalysisAI
Local code execution in Microsoft Office and 365 Apps stems from a type confusion vulnerability in memory handling that allows unauthenticated attackers to execute arbitrary code with system privileges. The vulnerability affects Office Long Term Servicing Channel deployments and requires only local access with no user interaction to trigger. No patch is currently available, making this a critical risk for organizations running affected Office versions.
Technical ContextAI
This vulnerability (CWE-843: Access of Resource Using Incompatible Type (Type Confusion)) Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
RemediationAI
Monitor vendor advisories for a patch.
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today