Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
File-borne local vector needing victim to open a document (AV:L/UI:R, PR:N); OOB read yields high confidentiality but at most a crash, so A:L and I:N.
Primary rating from Vendor (microsoft).
CVSS VectorVendor: microsoft
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Lifecycle Timeline
2DescriptionCVE.org
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
AnalysisAI
Information disclosure in Microsoft Office (Microsoft 365 Apps, Office 2016/2019, Office LTSC 2021/2024, and Office for Mac) via an out-of-bounds read (CWE-125) lets an attacker leak sensitive memory contents when a victim opens a maliciously crafted document. The CVSS 3.1 base score is 7.1 (AV:L/AC:L/PR:N/UI:R), reflecting local exploitation that requires user interaction but no prior authentication. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires a victim to open an attacker-crafted document in an affected Office application (UI:R user interaction is mandatory) - there is no remote unauthenticated network path and no prior authentication is needed (PR:N). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS vector (AV:L/AC:L/PR:N/UI:R/S:U) describes a local, low-complexity vulnerability that needs no privileges but does require user interaction - the realistic delivery being a victim opening a malicious document, so the 'local' vector is effectively file-borne rather than requiring shell access. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker emails a victim a specially crafted Office document that triggers the out-of-bounds read when opened in a vulnerable Office build. Because the CVSS vector requires user interaction (UI:R) and no privileges (PR:N), the attacker relies on social engineering to get the file opened, after which sensitive process memory may be leaked back to the attacker or cause the application to crash. … |
| Remediation | Patch available per vendor advisory: apply the Microsoft security update for CVE-2026-56193 as documented at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-56193, which covers Microsoft 365 Apps, Office 2016/2019, Office LTSC 2021/2024, and the corresponding Office for Mac builds; the exact fixed build numbers are enumerated in that advisory and should be applied via your normal Windows/Microsoft AutoUpdate channel. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours, audit your Office deployment inventory to identify affected versions (Microsoft 365 Apps, Office 2016/2019, Office LTSC 2021/2024, Office for Mac) and prioritize high-risk departments (Finance, Legal, Executive roles). …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Local code execution in Microsoft Word (and Office/SharePoint components that render Word content) stems from an integer
Local code execution in Microsoft Office (2016, 2019, LTSC 2021/2024, Microsoft 365 Apps, and the macOS editions) arises
Arbitrary code execution in Microsoft Office Word (and the broader Office/365/SharePoint family) arises from a stack-bas
Local code execution in Microsoft Office (including Microsoft 365 Apps for Enterprise, Office 2016/2019, and Office LTSC
Local code execution in Microsoft Word (part of Microsoft 365 Apps, Office 2019, Office LTSC 2021/2024, and Office for M
Local arbitrary code execution in Microsoft Office (2016, 2019, LTSC 2021/2024, Microsoft 365 Apps for Enterprise, and O
Arbitrary code execution in Microsoft PowerPoint (and the broader Microsoft Office/365 suite on Windows and macOS) arise
Local code execution in Microsoft Office PowerPoint (including Microsoft 365 Apps, Office 2019, Office LTSC 2021/2024, a
Local code execution in Microsoft Office PowerPoint (CWE-122 heap-based buffer overflow) lets an unauthorized attacker r
Local code execution in Microsoft Word (and the wider Microsoft Office / Microsoft 365 Apps family) lets an unauthorized
Local code execution in Microsoft Office (2016, 2019, LTSC 2021/2024, Microsoft 365 Apps for Enterprise, and Office for
Local code execution in Microsoft Office (2016, 2019, LTSC 2021/2024, Microsoft 365 Apps, and Office for Mac 2021/2024)
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-43756
GHSA-ch74-4vwm-9897