CVE-2026-26134

Published Mar 10, 2026

Last updated a day ago

CVSS high 7.8

Overview

Description
Integer overflow or wraparound in Microsoft Office allows an authorized attacker to elevate privileges locally.
Source
secure@microsoft.com
NVD status
Analyzed
Products
office

Risk scores

CVSS 3.1

Type
Primary
Base score
7.8
Impact score
5.9
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

secure@microsoft.com
CWE-190
nvd@nist.gov
CWE-190

Social media

Hype score
Not currently trending

Configurations

Related CVEs

  1. Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally.CVE-2026-26113
  2. Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.CVE-2026-26112
  3. Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.CVE-2026-26110
  4. Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.CVE-2026-26109
  5. Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.CVE-2026-26108

References

Sources include official advisories and independent security research.