CVE-2026-42832

HIGH7.7JSON export Create alert

Description

Improper access control in Microsoft Office allows an unauthorized attacker to perform spoofing locally.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

E

Unchanged

RL

O

RC

Changed

Affected products

Microsoft / Microsoft Excel for Android16.0.0.0 – 16.0.19822.20190
Microsoft / Microsoft Office LTSC for Mac 202116.0.1 – 16.109.26051019
Microsoft / Microsoft Office LTSC for Mac 202416.0.0 – 16.109.26051019
Microsoft / Microsoft Word for Android16.0.0.0 – 16.0.19822.20190

References

VENDOR_ADVISORYhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42832