CVE-2026-41101

Published May 12, 2026

Last updated 4 days ago

CVSS high 7.1

Overview

Description
Improper access control in Microsoft Office Word allows an authorized attacker to perform spoofing locally.
Source
secure@microsoft.com
NVD status
Analyzed
Products
word

Risk scores

CVSS 3.1

Type
Primary
Base score
5.5
Impact score
3.6
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Severity
MEDIUM

Weaknesses

secure@microsoft.com
CWE-284
nvd@nist.gov
NVD-CWE-noinfo

Social media

Hype score
Not currently trending

Configurations

Related CVEs

  1. Improper access control in Microsoft Office allows an unauthorized attacker to perform spoofing locally.CVE-2026-42832
  2. External control of file name or path in Microsoft Office Word allows an unauthorized attacker to disclose information over a network.CVE-2026-40421
  3. Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.CVE-2026-40367
  4. Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.CVE-2026-40366
  5. Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.CVE-2026-40364

References

Sources include official advisories and independent security research.