CVE-2026-45645

Published Jun 9, 2026

Last updated 17 hours ago

CVSS high 7.8

Overview

Description: Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
Source: secure@microsoft.com
NVD status: Analyzed
Products: 365_apps, microsoft_365, office_2016, office_2019, office_2021, office_2024

Risk scores

CVSS 3.1

Type: Secondary
Base score: 7.8
Impact score: 5.9
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

secure@microsoft.com: CWE-822
nvd@nist.gov: CWE-787

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*",
            "matchCriteriaId": "3259EBFE-AE2D-48B8-BE9A-E22BBDB31378",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*",
            "matchCriteriaId": "CD25F492-9272-4836-832C-8439EBE64CCF",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:microsoft:microsoft_365:-:*:*:*:*:macos:*:*",
            "matchCriteriaId": "12418BDE-FA2E-4BBF-8E47-45C505399898",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:microsoft:office_2016:-:*:*:*:-:*:x64:*",
            "matchCriteriaId": "45A9ECE7-F173-47AB-A420-0B6F64A04D21",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:microsoft:office_2016:-:*:*:*:-:*:x86:*",
            "matchCriteriaId": "BF3B9F15-3077-4BC5-9EC5-7416A9FBDC70",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:microsoft:office_2019:-:*:*:*:*:*:x64:*",
            "matchCriteriaId": "241CDE2B-ABD0-4EFF-8D73-1766E32FA20F",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:microsoft:office_2019:-:*:*:*:*:*:x86:*",
            "matchCriteriaId": "14D63E3F-A431-4DD8-979F-811E8DAC423D",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:microsoft:office_2021:-:*:*:*:ltsc:-:x64:*",
            "matchCriteriaId": "1D518075-3362-4D15-93B1-0E6C61518D16",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:microsoft:office_2021:-:*:*:*:ltsc:-:x86:*",
            "matchCriteriaId": "1059BEC6-C30B-4F0F-A878-5267A21CBD85",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:microsoft:office_2021:-:*:*:*:ltsc:macos:-:*",
            "matchCriteriaId": "0DB3EBBF-E0C4-4D5A-8D22-107463AD1DE4",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:microsoft:office_2024:-:*:*:*:ltsc:-:x64:*",
            "matchCriteriaId": "55A9AFDA-D77B-4CC7-ACE5-3A2ABDA257D8",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:microsoft:office_2024:-:*:*:*:ltsc:-:x86:*",
            "matchCriteriaId": "8887D177-26A3-4008-89B6-50A9E9830F13",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:microsoft:office_2024:-:*:*:*:ltsc:macos:-:*",
            "matchCriteriaId": "589B470B-9C2E-41E2-A44D-D8CCB4D2F933",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

Related CVEs

References