CVE-2026-45458

Published Jun 9, 2026

Last updated 6 days ago

CVSS high 8.4

Overview

Description: Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
Source: secure@microsoft.com
NVD status: Analyzed
Products: 365_apps, microsoft_365, office_2019, office_2021, office_2024, sharepoint_server, word

Risk scores

CVSS 3.1

Type: Primary
Base score: 8.4
Impact score: 5.9
Exploitability score: 2.5
Vector string: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

secure@microsoft.com: CWE-416

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*",
            "matchCriteriaId": "3259EBFE-AE2D-48B8-BE9A-E22BBDB31378",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*",
            "matchCriteriaId": "CD25F492-9272-4836-832C-8439EBE64CCF",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:microsoft:microsoft_365:-:*:*:*:*:macos:*:*",
            "matchCriteriaId": "12418BDE-FA2E-4BBF-8E47-45C505399898",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:microsoft:office_2019:-:*:*:*:*:*:x64:*",
            "matchCriteriaId": "241CDE2B-ABD0-4EFF-8D73-1766E32FA20F",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:microsoft:office_2019:-:*:*:*:*:*:x86:*",
            "matchCriteriaId": "14D63E3F-A431-4DD8-979F-811E8DAC423D",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:microsoft:office_2021:-:*:*:*:ltsc:-:x64:*",
            "matchCriteriaId": "1D518075-3362-4D15-93B1-0E6C61518D16",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:microsoft:office_2021:-:*:*:*:ltsc:-:x86:*",
            "matchCriteriaId": "1059BEC6-C30B-4F0F-A878-5267A21CBD85",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:microsoft:office_2021:-:*:*:*:ltsc:macos:-:*",
            "matchCriteriaId": "0DB3EBBF-E0C4-4D5A-8D22-107463AD1DE4",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:microsoft:office_2024:-:*:*:*:ltsc:-:x64:*",
            "matchCriteriaId": "55A9AFDA-D77B-4CC7-ACE5-3A2ABDA257D8",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:microsoft:office_2024:-:*:*:*:ltsc:-:x86:*",
            "matchCriteriaId": "8887D177-26A3-4008-89B6-50A9E9830F13",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:microsoft:office_2024:-:*:*:*:ltsc:macos:-:*",
            "matchCriteriaId": "589B470B-9C2E-41E2-A44D-D8CCB4D2F933",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*",
            "matchCriteriaId": "78BDED5A-CE5F-4029-9A3E-B81B347388BC",
            "versionEndExcluding": "16.0.19725.20384",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*",
            "matchCriteriaId": "F815EF1D-7B60-47BE-9AC2-2548F99F10E4",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*",
            "matchCriteriaId": "6122D014-5BF1-4AF4-8B4D-80205ED7785E",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:x64:*",
            "matchCriteriaId": "E1FE9E95-4874-46EF-AC93-9E485F7A2AC0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:x86:*",
            "matchCriteriaId": "38479B5D-66F9-4260-A18A-F6E3D9B6991E",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

Related CVEs

References