cbcvebase.
CVE-2026-20948
published 2026-01-13

CVE-2026-20948: Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.

high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Affected

28 ranges· showing 25
VendorProductVersion rangeFixed in
microsoftmicrosoft_365_apps_for_enterprise>= 16.0.1 < https://aka.ms/OfficeSecurityReleaseshttps://aka.ms/OfficeSecurityReleases
microsoftmicrosoft_office_2019>= 19.0.0 < https://aka.ms/OfficeSecurityReleaseshttps://aka.ms/OfficeSecurityReleases
microsoftmicrosoft_office_ltsc_2021>= 16.0.1 < https://aka.ms/OfficeSecurityReleaseshttps://aka.ms/OfficeSecurityReleases
microsoftmicrosoft_office_ltsc_2024>= 16.0.0 < https://aka.ms/OfficeSecurityReleaseshttps://aka.ms/OfficeSecurityReleases
microsoftmicrosoft_office_ltsc_for_mac_2021>= 16.0.1 < 16.105.2601101816.105.26011018
microsoftmicrosoft_office_ltsc_for_mac_2024>= 16.0.0 < 16.105.2601101816.105.26011018
microsoftmicrosoft_sharepoint_enterprise_server_2016>= 16.0.0 < 16.0.5535.100116.0.5535.1001
microsoftmicrosoft_sharepoint_server_2019>= 16.0.0 < 16.0.10417.2008316.0.10417.20083
microsoftmicrosoft_word_2016>= 16.0.1 < 16.0.5535.100016.0.5535.1000
microsoftoffice
microsoftoffice_long_term_servicing_channel
microsoftoffice_long_term_servicing_channel
microsoftsharepoint_server
microsoftsharepoint_server
microsoftword
msrcmicrosoft_365_apps_for_enterprise_for_32-bit_systems
msrcmicrosoft_365_apps_for_enterprise_for_64-bit_systems
msrcmicrosoft_office_2019_for_32-bit_editions
msrcmicrosoft_office_2019_for_64-bit_editions
msrcmicrosoft_office_ltsc_2021_for_32-bit_editions
msrcmicrosoft_office_ltsc_2021_for_64-bit_editions
msrcmicrosoft_office_ltsc_2024_for_32-bit_editions
msrcmicrosoft_office_ltsc_2024_for_64-bit_editions
msrcmicrosoft_office_ltsc_for_mac_2021
msrcmicrosoft_office_ltsc_for_mac_2024