Microsoft
CVE-2026-26134
HIGH
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Integer overflow or wraparound in Microsoft Office allows an authorized attacker to elevate privileges locally.
AnalysisAI
Microsoft Office is vulnerable to an integer overflow that allows authenticated local users to escalate their privileges and gain full system control. An attacker with valid credentials can exploit this numeric calculation flaw to execute arbitrary code with elevated permissions. No patch is currently available for this vulnerability.
Technical ContextAI
Classified as CWE-190 (Integer Overflow or Wraparound). Integer overflow or wraparound in Microsoft Office allows an authorized attacker to elevate privileges locally.
RemediationAI
Monitor vendor advisories for a patch.
Same weakness CWE-190 – Integer Overflow or Wraparound
View allSame technique Integer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today