CVE-2026-40358
published 2026-05-12CVE-2026-40358: Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
high8.4CVSS 3.1
AVLACLPRNUINSUCHIHAH
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | microsoft_365_apps_for_enterprise | >= 16.0.1 < https://aka.ms/OfficeSecurityReleases | https://aka.ms/OfficeSecurityReleases |
| microsoft | microsoft_office_2016 | >= 16.0.0 < 16.0.5552.1000 | 16.0.5552.1000 |
| microsoft | microsoft_office_2019 | >= 19.0.0 < https://aka.ms/OfficeSecurityReleases | https://aka.ms/OfficeSecurityReleases |
| microsoft | microsoft_office_ltsc_2021 | >= 16.0.1 < https://aka.ms/OfficeSecurityReleases | https://aka.ms/OfficeSecurityReleases |
| microsoft | microsoft_office_ltsc_2024 | >= 16.0.0 < https://aka.ms/OfficeSecurityReleases | https://aka.ms/OfficeSecurityReleases |
| microsoft | microsoft_office_ltsc_for_mac_2021 | >= 16.0.1 < 16.109.26051019 | 16.109.26051019 |
| microsoft | microsoft_office_ltsc_for_mac_2024 | >= 16.0.0 < 16.109.26051019 | 16.109.26051019 |
| microsoft | office | — | — |
| microsoft | office | — | — |
| microsoft | office_long_term_servicing_channel | — | — |
| microsoft | office_long_term_servicing_channel | — | — |