Out-of-bounds read in Microsoft products - CVE-2026-44821
Published: June 15, 2026
Vulnerability identifier: #VU134497
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2026-44821
CWE-ID: CWE-125
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Microsoft
Affected software:
Microsoft SharePoint Server Subscription Edition
Microsoft SharePoint Enterprise Server
Microsoft SharePoint Server
Microsoft 365 Apps for Enterprise
Microsoft Office
Microsoft Office LTSC
Microsoft SharePoint Server Subscription Edition
Microsoft SharePoint Enterprise Server
Microsoft SharePoint Server
Microsoft 365 Apps for Enterprise
Microsoft Office
Microsoft Office LTSC
Detailed vulnerability description
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in Microsoft Office. A remote attacker can create a specially crafted Office file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
How to mitigate CVE-2026-44821
Install updates from vendor's website.