CVE-2026-26113 - K7 Labs

<< Back

CVE Number	Vulnerability	Product	Severity	Date
CVE-2026-26113	Microsoft Office Remote Code Execution Vulnerability	Microsoft Office, Microsoft 365 Apps, Microsoft SharePoint	Critical	07-04-2026

Technical Information

An unauthenticated attacker could exploit an untrusted pointer dereference vulnerability in Microsoft Office via local access to execute arbitrary code by manipulating invalid or attacker-controlled memory references.

Patch release date: Mar 10, 2026
Further information on this vulnerability is available at : CVE-2026-26113

Affected Software

Microsoft SharePoint Enterprise Server 2016,
Microsoft SharePoint Server Subscription Edition,
Microsoft SharePoint Server 2019,
Microsoft Office 2019 for 32-bit editions,
Microsoft Office 2019 for 64-bit editions,
Microsoft 365 Apps for Enterprise for 32-bit Systems,
Microsoft 365 Apps for Enterprise for 64-bit Systems,
Microsoft Office LTSC for Mac 2021,
Microsoft Office LTSC 2021 for 64-bit editions,
Microsoft Office LTSC 2024 for 32-bit editions,
Microsoft Office LTSC 2024 for 64-bit editions,
Microsoft Office LTSC for Mac 2024,
Microsoft Office 2016 (32-bit edition),
Microsoft Office 2016 (64-bit edition)