CVE-2026-35440
published 2026-05-12CVE-2026-35440: Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
medium5.5CVSS 3.1
AVLACLPRNUIRSUCHINAN
Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | microsoft_365_apps_for_enterprise | >= 16.0.1 < https://aka.ms/OfficeSecurityReleases | https://aka.ms/OfficeSecurityReleases |
| microsoft | microsoft_office_2019 | >= 19.0.0 < https://aka.ms/OfficeSecurityReleases | https://aka.ms/OfficeSecurityReleases |
| microsoft | microsoft_office_ltsc_2021 | >= 16.0.1 < https://aka.ms/OfficeSecurityReleases | https://aka.ms/OfficeSecurityReleases |
| microsoft | microsoft_office_ltsc_2024 | >= 16.0.0 < https://aka.ms/OfficeSecurityReleases | https://aka.ms/OfficeSecurityReleases |
| microsoft | microsoft_word_2016 | >= 16.0.1 < 16.0.5552.1000 | 16.0.5552.1000 |
| microsoft | office | — | — |
| microsoft | office_long_term_servicing_channel | — | — |
| microsoft | office_long_term_servicing_channel | — | — |
| microsoft | word | — | — |