CVE Field Guide
About Us
CVE-2026-40419
PUBLISHED
Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
Assigner:
microsoft
Reserved:
13.04.2026
Published:
12.05.2026
Updated:
13.05.2026
Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.
Metrics
CVSS 3.1
CVSS Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
CVSS Score:
7.8
CVSS score
7.8
Attack Vector
Local
Scope
Unchanged
Attack Complexity
Low
Confidentiality Impact
High
Privileges Required
Low
Integrity Impact
High
User Interaction
None
Availability Impact
High
CVSS 3.1
Product Status
Vendor
Microsoft
Product
Microsoft 365 Apps for Enterprise
Versions
affected from 16.0.1 to https://aka.ms/OfficeSecurityReleases (excl.)
Vendor
Microsoft
Product
Microsoft Office 2019
Versions
affected from 19.0.0 to https://aka.ms/OfficeSecurityReleases (excl.)
Vendor
Microsoft
Product
Microsoft Office LTSC 2021
Versions
affected from 16.0.1 to https://aka.ms/OfficeSecurityReleases (excl.)
Vendor
Microsoft
Product
Microsoft Office LTSC 2024
Versions
affected from 16.0.0 to https://aka.ms/OfficeSecurityReleases (excl.)
References
Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
Problem Types