7.8

CVE-2026-40418

Medienbericht

Microsoft Office Click-To-Run Elevation of Privilege Vulnerability

Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft365 Apps Version- SwEditionenterprise HwPlatformx64
Microsoft365 Apps Version- SwEditionenterprise HwPlatformx86
MicrosoftOffice Version2019 HwPlatformx64
MicrosoftOffice Version2019 HwPlatformx86
MicrosoftOffice Long Term Servicing Channel Version2021 SwPlatform- HwPlatformx64
MicrosoftOffice Long Term Servicing Channel Version2021 SwPlatform- HwPlatformx86
MicrosoftOffice Long Term Servicing Channel Version2024 SwPlatform- HwPlatformx64
MicrosoftOffice Long Term Servicing Channel Version2024 SwPlatform- HwPlatformx86
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.25% 0.165
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
secure@microsoft.com 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
12.05.2026 20:20
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40418
Vendor Advisory