CVE-2026-35440

Description

Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally.

CVSS breakdown

Affected products

• Microsoft / Microsoft 365 Apps for Enterprise16.0.1 – https://aka.ms/OfficeSecurityReleases
• Microsoft / Microsoft Office 201919.0.0 – https://aka.ms/OfficeSecurityReleases
• Microsoft / Microsoft Office LTSC 202116.0.1 – https://aka.ms/OfficeSecurityReleases
• Microsoft / Microsoft Office LTSC 202416.0.0 – https://aka.ms/OfficeSecurityReleases
• Microsoft / Microsoft Word 201616.0.1 – 16.0.5552.1000

References

• VENDOR_ADVISORYhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35440