Home

Description

Untrusted search path in Microsoft Office allows an unauthorized attacker to execute code locally.

PUBLISHED Reserved 2025-12-04 | Published 2026-01-13 | Updated 2026-02-22 | Assigner microsoft




HIGH: 7.0CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Problem types

CWE-426: Untrusted Search Path

Product status

16.0.0 (custom) before 16.0.5535.1000
affected

1.0 (custom) before 16.0.19426.20170
affected

16.0.0 (custom) before 16.0.5535.1001
affected

16.0.0 (custom) before 16.0.10417.20083
affected

16.0.0 (custom) before 16.0.19127.20442
affected

References

msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20943 (Microsoft Office Click-To-Run Remote Code Execution Vulnerability) vendor-advisory patch

cve.org (CVE-2026-20943)

nvd.nist.gov (CVE-2026-20943)

Download JSON