CVE-2026-47635

Published Jun 9, 2026

Last updated 6 days ago

CVSS high 8.4

Overview

Description
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
Source
secure@microsoft.com
NVD status
Analyzed
Products
office_2024

Risk scores

CVSS 3.1

Type
Primary
Base score
8.4
Impact score
5.9
Exploitability score
2.5
Vector string
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

secure@microsoft.com
CWE-122

Social media

Hype score
Not currently trending

  1. ⚠️ Microsoft patched 3 critical Outlook and Word RCE flaws (CVE-2026-45456, CVE-2026-45458, CVE-2026-47635). Even Outlook’s Preview Pane can trigger exploitation without opening an attachment. Organizations should patch immediately. #Microsoft https://t.co/pLRNQeCson

    @CyberEdition

    13 Jun 2026

    61 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🔐 CRITICAL: Outlook & Word RCE zero‑days Preview Pane = attack vector. No click required. Just previewing an email triggers code execution. CVE-2026-47635, CVE-2026-45458, CVE-2026-45456 — CVSS 8.4 🔗 https://t.co/aV2pJplGPN #CyberSecurity #ThreatIntel #infosec #

    @ThreatAft

    13 Jun 2026

    38 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Microsoft has patched critical RCE vulnerabilities in Outlook and Word, identified as CVE-2026-45456, CVE-2026-45458, and CVE-2026-47635. These flaws could allow attackers to execute arbitrary code via specially crafted emails. Users should update their Office installations https

    @dailytechonx

    12 Jun 2026

    27 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. Microsoft disclosed three high-severity remote code execution bugs in Outlook and Word, CVE-2026-45456, CVE-2026-45458 and CVE-2026-47635, each rated CVSS 8.4, in a 9 June security advisory, Microsoft said. https://t.co/6Prfx51rBw

    @threatcluster

    12 Jun 2026

    43 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.CVE-2026-45643
  2. Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.CVE-2026-45485
  3. Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.CVE-2026-45486
  4. Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.CVE-2026-45469
  5. Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.CVE-2026-45458

References

Sources include official advisories and independent security research.