Skip to main content

Microsoft Word 2016

12 CVEs product

Monthly

CVE-2026-55130 HIGH PATCH This Week

Local code execution in Microsoft Word (Office 2016/2019, Microsoft 365 Apps, Office LTSC 2021/2024) arises from a heap-based buffer overflow triggered when a victim opens a maliciously crafted document. An attacker who convinces a user to open a booby-trapped file can run arbitrary code in that user's context, achieving full compromise of confidentiality, integrity, and availability on the host. No public exploit identified at time of analysis and the flaw is not listed in CISA KEV, though a vendor patch is available per Microsoft's MSRC advisory.

Heap Overflow Buffer Overflow Microsoft Microsoft 365 Apps For Enterprise Microsoft Office 2019 +6
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-55128 HIGH PATCH This Week

Local code execution in Microsoft Office Word (CWE-416 use-after-free) allows an unauthorized attacker to run arbitrary code in the context of the current user when a victim opens a maliciously crafted document. The flaw affects a broad Office footprint including Microsoft 365 Apps for Enterprise, Office 2019, Office LTSC 2021/2024 (Windows and Mac), and related SharePoint Server products that process Word documents. Microsoft has released a patch; no public exploit has been identified at time of analysis, and neither KEV nor EPSS/POC signals were provided in the input.

Use After Free Memory Corruption Denial Of Service Microsoft Microsoft 365 Apps For Enterprise +10
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-55142 MEDIUM PATCH Exploit Unlikely This Month

Numeric truncation error in Microsoft Office Word allows an unauthorized attacker to disclose information locally.

Microsoft Information Disclosure Microsoft 365 Apps For Enterprise Microsoft Office 2019 Microsoft Office 365 For Mac +6
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2026-55134 HIGH PATCH This Week

Local code execution in Microsoft Office Word (Microsoft 365 Apps, Office 2019/LTSC 2021/2024, Word 2016, and the macOS builds) arises from a stack-based buffer overflow triggered when a victim opens a maliciously crafted document. The CVSS 3.1 vector (AV:L/AC:L/PR:N/UI:R) shows an unauthenticated attacker needs no privileges but does require user interaction, and successful exploitation yields full confidentiality, integrity, and availability impact in the user's security context. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but Microsoft has released a patch.

Buffer Overflow Stack Overflow Microsoft Microsoft 365 Apps For Enterprise Microsoft Office 2019 +9
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-55132 HIGH PATCH NEWS Exploit Unlikely This Week

Local code execution in Microsoft Word (part of Microsoft 365 Apps, Office 2019, Office LTSC 2021/2024, and Office for Mac) stems from a double free of heap memory (CWE-415) that lets an unauthorized attacker run arbitrary code when a victim opens a malicious document. The flaw was reported by Microsoft, carries CVSS 7.8, and a vendor patch is available; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. Because exploitation requires the target to open a crafted file (UI:R), it is a user-interaction-gated client-side RCE rather than a remotely-triggerable service bug.

Authentication Bypass Microsoft Microsoft 365 Apps For Enterprise Microsoft Office 2019 Microsoft Office 365 For Mac +8
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2026-55038 HIGH PATCH This Week

Arbitrary code execution in Microsoft Office Word (and the broader Office/365/SharePoint family) arises from a stack-based buffer overflow (CWE-121) that an attacker triggers when a victim opens a maliciously crafted document. The CVSS 3.1 vector (AV:L/UI:R) confirms this is a file-borne, local-context flaw requiring the user to open attacker-supplied content, yielding full confidentiality, integrity, and availability impact in the user's session. No public exploit identified at time of analysis, and it is not listed in CISA KEV; Microsoft has released a patch via MSRC.

Buffer Overflow Stack Overflow Microsoft Microsoft 365 Apps For Enterprise Microsoft Office 2019 +9
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2026-55055 HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Office Word (via a stack-based buffer overflow, CWE-121) lets an attacker run arbitrary code in the context of the user who opens a maliciously crafted document. The flaw affects Microsoft 365 Apps for Enterprise, Office 2019, Office LTSC 2021/2024 (including Mac editions), and the Word component shared with SharePoint Server 2016/2019/Subscription Edition. No public exploit identified at time of analysis, and it is not listed in CISA KEV; exploitation requires the victim to open the attacker's file (UI:R).

Buffer Overflow Stack Overflow Microsoft Microsoft 365 Apps For Enterprise Microsoft Office 2019 +9
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-55127 HIGH PATCH NEWS Exploit Unlikely This Week

Local code execution in Microsoft Word (and the wider Microsoft Office / Microsoft 365 Apps family) lets an unauthorized attacker run arbitrary code when a victim opens a maliciously crafted Word document that triggers a heap-based buffer overflow. All impacted SKUs - Microsoft 365 Apps for Enterprise, Office 2019, Office LTSC 2021/2024, the macOS Office builds, and SharePoint Server (which renders Office documents server-side) - are affected, and Microsoft has released a patch. There is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV.

Heap Overflow Buffer Overflow Microsoft Microsoft 365 Apps For Enterprise Microsoft Office 2019 +9
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-55124 MEDIUM PATCH Exploit Unlikely This Month

Improper validation of specified type of input in Microsoft Office Word allows an unauthorized attacker to disclose information locally.

Microsoft Information Disclosure Microsoft 365 Apps For Enterprise Microsoft Office 2019 Microsoft Office 365 For Mac +8
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2026-55033 HIGH PATCH NEWS Exploit Unlikely This Week

Local code execution in Microsoft Word (and Office/SharePoint components that render Word content) stems from an integer overflow in the file-parsing path, letting an attacker who convinces a victim to open a crafted document run arbitrary code with the victim's privileges. It affects a broad Office footprint including Microsoft 365 Apps, Office 2019, Office LTSC 2021/2024, the macOS editions, and SharePoint Server 2016/2019/Subscription Edition. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the 7.8 CVSS and Word's ubiquity make it a routine priority patch.

Buffer Overflow Microsoft Integer Overflow Microsoft 365 Apps For Enterprise Microsoft Office 2019 +9
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2026-55032 HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Office Word (across Microsoft 365 Apps, Office 2019/LTSC 2021/2024, Office for Mac, and Word 2016) allows an attacker to run arbitrary code by exploiting a use-after-free memory corruption flaw when a victim opens a maliciously crafted document. The CVSS 3.1 base score is 7.8 with a local attack vector requiring user interaction; there is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV. Microsoft, which reported the issue itself, has released a patch.

Use After Free Memory Corruption Denial Of Service Microsoft Microsoft 365 Apps For Enterprise +10
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-55050 MEDIUM PATCH This Month

Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to disclose information locally.

Buffer Overflow Microsoft Information Disclosure Microsoft 365 Apps For Enterprise Microsoft Office 2019 +9
NVD
CVSS 3.1
5.5
EPSS
0.4%
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local code execution in Microsoft Word (Office 2016/2019, Microsoft 365 Apps, Office LTSC 2021/2024) arises from a heap-based buffer overflow triggered when a victim opens a maliciously crafted document. An attacker who convinces a user to open a booby-trapped file can run arbitrary code in that user's context, achieving full compromise of confidentiality, integrity, and availability on the host. No public exploit identified at time of analysis and the flaw is not listed in CISA KEV, though a vendor patch is available per Microsoft's MSRC advisory.

Heap Overflow Buffer Overflow Microsoft +8
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local code execution in Microsoft Office Word (CWE-416 use-after-free) allows an unauthorized attacker to run arbitrary code in the context of the current user when a victim opens a maliciously crafted document. The flaw affects a broad Office footprint including Microsoft 365 Apps for Enterprise, Office 2019, Office LTSC 2021/2024 (Windows and Mac), and related SharePoint Server products that process Word documents. Microsoft has released a patch; no public exploit has been identified at time of analysis, and neither KEV nor EPSS/POC signals were provided in the input.

Use After Free Memory Corruption Denial Of Service +12
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Numeric truncation error in Microsoft Office Word allows an unauthorized attacker to disclose information locally.

Microsoft Information Disclosure Microsoft 365 Apps For Enterprise +8
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local code execution in Microsoft Office Word (Microsoft 365 Apps, Office 2019/LTSC 2021/2024, Word 2016, and the macOS builds) arises from a stack-based buffer overflow triggered when a victim opens a maliciously crafted document. The CVSS 3.1 vector (AV:L/AC:L/PR:N/UI:R) shows an unauthenticated attacker needs no privileges but does require user interaction, and successful exploitation yields full confidentiality, integrity, and availability impact in the user's security context. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but Microsoft has released a patch.

Buffer Overflow Stack Overflow Microsoft +11
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Word (part of Microsoft 365 Apps, Office 2019, Office LTSC 2021/2024, and Office for Mac) stems from a double free of heap memory (CWE-415) that lets an unauthorized attacker run arbitrary code when a victim opens a malicious document. The flaw was reported by Microsoft, carries CVSS 7.8, and a vendor patch is available; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. Because exploitation requires the target to open a crafted file (UI:R), it is a user-interaction-gated client-side RCE rather than a remotely-triggerable service bug.

Authentication Bypass Microsoft Microsoft 365 Apps For Enterprise +10
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Arbitrary code execution in Microsoft Office Word (and the broader Office/365/SharePoint family) arises from a stack-based buffer overflow (CWE-121) that an attacker triggers when a victim opens a maliciously crafted document. The CVSS 3.1 vector (AV:L/UI:R) confirms this is a file-borne, local-context flaw requiring the user to open attacker-supplied content, yielding full confidentiality, integrity, and availability impact in the user's session. No public exploit identified at time of analysis, and it is not listed in CISA KEV; Microsoft has released a patch via MSRC.

Buffer Overflow Stack Overflow Microsoft +11
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Office Word (via a stack-based buffer overflow, CWE-121) lets an attacker run arbitrary code in the context of the user who opens a maliciously crafted document. The flaw affects Microsoft 365 Apps for Enterprise, Office 2019, Office LTSC 2021/2024 (including Mac editions), and the Word component shared with SharePoint Server 2016/2019/Subscription Edition. No public exploit identified at time of analysis, and it is not listed in CISA KEV; exploitation requires the victim to open the attacker's file (UI:R).

Buffer Overflow Stack Overflow Microsoft +11
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Word (and the wider Microsoft Office / Microsoft 365 Apps family) lets an unauthorized attacker run arbitrary code when a victim opens a maliciously crafted Word document that triggers a heap-based buffer overflow. All impacted SKUs - Microsoft 365 Apps for Enterprise, Office 2019, Office LTSC 2021/2024, the macOS Office builds, and SharePoint Server (which renders Office documents server-side) - are affected, and Microsoft has released a patch. There is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV.

Heap Overflow Buffer Overflow Microsoft +11
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Improper validation of specified type of input in Microsoft Office Word allows an unauthorized attacker to disclose information locally.

Microsoft Information Disclosure Microsoft 365 Apps For Enterprise +10
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Word (and Office/SharePoint components that render Word content) stems from an integer overflow in the file-parsing path, letting an attacker who convinces a victim to open a crafted document run arbitrary code with the victim's privileges. It affects a broad Office footprint including Microsoft 365 Apps, Office 2019, Office LTSC 2021/2024, the macOS editions, and SharePoint Server 2016/2019/Subscription Edition. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the 7.8 CVSS and Word's ubiquity make it a routine priority patch.

Buffer Overflow Microsoft Integer Overflow +11
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Office Word (across Microsoft 365 Apps, Office 2019/LTSC 2021/2024, Office for Mac, and Word 2016) allows an attacker to run arbitrary code by exploiting a use-after-free memory corruption flaw when a victim opens a maliciously crafted document. The CVSS 3.1 base score is 7.8 with a local attack vector requiring user interaction; there is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV. Microsoft, which reported the issue itself, has released a patch.

Use After Free Memory Corruption Denial Of Service +12
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to disclose information locally.

Buffer Overflow Microsoft Information Disclosure +11
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy