CVE-2026-20943
published 2026-01-13CVE-2026-20943: Untrusted search path in Microsoft Office allows an unauthorized attacker to execute code locally.
high7CVSS 3.1
AVLACHPRNUIRSUCHIHAH
Untrusted search path in Microsoft Office allows an unauthorized attacker to execute code locally.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | microsoft_office_2016 | >= 16.0.0 < 16.0.5535.1000 | 16.0.5535.1000 |
| microsoft | microsoft_office_deployment_tool | >= 1.0 < 16.0.19426.20170 | 16.0.19426.20170 |
| microsoft | microsoft_sharepoint_enterprise_server_2016 | >= 16.0.0 < 16.0.5535.1001 | 16.0.5535.1001 |
| microsoft | microsoft_sharepoint_server_2019 | >= 16.0.0 < 16.0.10417.20083 | 16.0.10417.20083 |
| microsoft | microsoft_sharepoint_server_subscription_edition | >= 16.0.0 < 16.0.19127.20442 | 16.0.19127.20442 |
| microsoft | office | — | — |
| microsoft | office_deployment_tool | < 16.0.19426.20170 | 16.0.19426.20170 |
| microsoft | sharepoint_server | < 16.0.19127.20442 | 16.0.19127.20442 |
| microsoft | sharepoint_server | — | — |
| microsoft | sharepoint_server | — | — |
| msrc | microsoft_office_2016 | — | — |
| msrc | microsoft_office_deployment_tool | — | — |
| msrc | microsoft_sharepoint_enterprise_server_2016 | — | — |
| msrc | microsoft_sharepoint_server_2019 | — | — |
| msrc | microsoft_sharepoint_server_subscription_edition | — | — |