CVE-2026-45456

Published: Jun 9, 2026Modified: Jun 11, 2026

8.4

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.5 / Impact: 5.9

Source: secure@microsoft.com

Description

Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

Affected (16)

Products: Microsoft: 365 Apps, Microsoft 365, Office 2016, Office 2019, Office 2021, Office 2024, Sharepoint Server

7 products

Sharepoint Server

Configuration A

16 vulnerable

Vulnerable Software	Affected Versions
Microsoft 365 Apps	All versions
Microsoft 365 Apps	All versions
Microsoft Microsoft 365	All versions
Microsoft Office 2016	All versions
Microsoft Office 2016	All versions
Microsoft Office 2019	All versions
Microsoft Office 2019	All versions
Microsoft Office 2021	All versions
Microsoft Office 2021	All versions
Microsoft Office 2021	All versions
Microsoft Office 2024	All versions
Microsoft Office 2024	All versions
Microsoft Office 2024	All versions
Microsoft Sharepoint Server	Before 16.0.19725.20384
Microsoft Sharepoint Server	Version 2016
Microsoft Sharepoint Server	Version 2019

Related CWEs

Access of Resource Using Incompatible Type ('Type Confusion')

The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

References (1)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45456

Source: secure@microsoft.com

Vendor Advisory

Timeline

No history available yet.