← Back

CVE-2026-20943

nvd nist
Published: Jan 13, 2026Modified: Jan 16, 2026

JSON object

Loading...
7.0
Vector
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 1.0 / Impact: 5.9
Source: secure@microsoft.com

Description

Untrusted search path in Microsoft Office allows an unauthorized attacker to execute code locally.

Affected (6)

Microsoft
3 products
Office
Office Deployment Tool
Sharepoint Server
Configuration A
6 vulnerable
Vulnerable SoftwareAffected Versions
Microsoft
Office
Version 2016
Office
Version 2016
Office Deployment Tool
Before 16.0.19426.20170
Microsoft
Sharepoint Server
Before 16.0.19127.20442
Sharepoint Server
Version 2016
Sharepoint Server
Version 2019

Related CWEs

CWE-426
Untrusted Search Path
The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

References (1)

Source: secure@microsoft.com
Vendor Advisory

Timeline

No history available yet.