Home

Description

Improper validation of specified type of input in Microsoft Office Word allows an unauthorized attacker to disclose information locally.

PUBLISHED Reserved 2026-06-16 | Published 2026-07-14 | Updated 2026-07-14 | Assigner microsoft




MEDIUM: 5.5CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

Problem types

CWE-1287: Improper Validation of Specified Type of Input

CWE-20: Improper Input Validation

Product status

16.0.1 (custom) before https://aka.ms/OfficeSecurityReleases
affected

19.0.0 (custom) before https://aka.ms/OfficeSecurityReleases
affected

1.0.0 (custom) before 16.111.26071215
affected

16.0.1 (custom) before https://aka.ms/OfficeSecurityReleases
affected

16.0.0 (custom) before https://aka.ms/OfficeSecurityReleases
affected

16.0.1 (custom) before 16.111.26071215
affected

16.0.0 (custom) before 16.111.26071215
affected

16.0.0 (custom) before 16.0.5561.1001
affected

16.0.0 (custom) before 16.0.10417.20175
affected

16.0.0 (custom) before 16.0.19725.20434
affected

16.0.1 (custom) before 16.0.5561.1000
affected

References

msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55124 (Microsoft Word Information Disclosure Vulnerability) vendor-advisory patch

cve.org (CVE-2026-55124)

nvd.nist.gov (CVE-2026-55124)

Download JSON