CVE-2026-20944
published 2026-01-13CVE-2026-20944: Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to execute code locally.
high8.4CVSS 3.1
AVLACLPRNUINSUCHIHAH
Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | microsoft_365_apps_for_enterprise | >= 16.0.1 < https://aka.ms/OfficeSecurityReleases | https://aka.ms/OfficeSecurityReleases |
| microsoft | microsoft_office_ltsc_for_mac_2021 | >= 16.0.1 < 16.105.26011018 | 16.105.26011018 |
| microsoft | microsoft_office_ltsc_for_mac_2024 | >= 16.0.0 < 16.105.26011018 | 16.105.26011018 |
| microsoft | office_long_term_servicing_channel | — | — |
| microsoft | office_long_term_servicing_channel | — | — |
| msrc | microsoft_365_apps_for_enterprise_for_32-bit_systems | — | — |
| msrc | microsoft_365_apps_for_enterprise_for_64-bit_systems | — | — |
| msrc | microsoft_office_ltsc_for_mac_2021 | — | — |
| msrc | microsoft_office_ltsc_for_mac_2024 | — | — |