CVE-2026-40421
published 2026-05-12CVE-2026-40421: Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
medium4.3CVSS 3.1
AVNACLPRNUIRSUCLINAN
Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | microsoft_365_apps_for_enterprise | >= 16.0.1 < https://aka.ms/OfficeSecurityReleases | https://aka.ms/OfficeSecurityReleases |
| microsoft | microsoft_office_2019 | >= 19.0.0 < https://aka.ms/OfficeSecurityReleases | https://aka.ms/OfficeSecurityReleases |
| microsoft | microsoft_office_ltsc_2021 | >= 16.0.1 < https://aka.ms/OfficeSecurityReleases | https://aka.ms/OfficeSecurityReleases |
| microsoft | microsoft_office_ltsc_2024 | >= 16.0.0 < https://aka.ms/OfficeSecurityReleases | https://aka.ms/OfficeSecurityReleases |
| microsoft | microsoft_word_2016 | >= 16.0.1 < 16.0.5552.1000 | 16.0.5552.1000 |
| microsoft | office | — | — |
| microsoft | office | — | — |
| microsoft | office_long_term_servicing_channel | — | — |
| microsoft | word | — | — |