HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-44819Published Modified CNA microsoft

CVE-2026-44819: Microsoft Office Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

Metrics

CVSS v3.1
7.8
Severity
HIGH
Fixed in
16.0.5556.1005
Affected Products
11

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

Heap-based buffer overflow in Microsoft Office allows an attacker to execute arbitrary code on the local machine. The vulnerability is triggered locally and requires no authentication, but the attacker must convince a user to open a malicious file (for example, a crafted Office document). Successful exploitation gives the attacker full code execution in the context of the victim user, enabling complete confidentiality, integrity, and availability impact on the affected system. Patched-image rebuilds at versions 16.0.5556.1005 and the releases listed at https://aka.ms/OfficeSecurityReleases are available on HarborGuard for environments running affected versions.

HarborGuard Coverage

Detection

Detection for CVE-2026-44819 is available across every HarborGuard environment, with the CVE matched against customer images within minutes of publication from upstream feeds, including custom-built images that bundle Microsoft Office components. HarborGuard's pipeline is capable of identifying affected version ranges across all product variants listed in the advisory.

Available
Triage

HarborGuard is capable of surfacing this CVE with its CVSS v3.1 score of 7.8 (HIGH), weighted against each customer organization's per-environment compliance policy to prioritize it appropriately. Routing to the correct team inbox within each customer org is available based on workload ownership and policy configuration.

Available
Patch

A patched-image rebuild at the fixed versions is available on HarborGuard for any environment found running an affected Microsoft Office version. For customers who opt into auto-remediation, HarborGuard is capable of performing the rebuild, running a regression test, and opening a pull request against affected workloads automatically.

Available

Exploit Conditions

  • Network reachabilityNot required

    The attacker needs an existing shell or process on the host; no network-facing service is required to reach the vulnerable code path.

  • AuthenticationNot required

    No account or credentials are required prior to triggering the vulnerability.

  • Victim interactionRequired

    A user must open or interact with a malicious Office document for the overflow to be triggered, making social engineering the primary delivery vector.

  • Attack complexityDetail

    Attack complexity is low, meaning the exploit is reliable and imposes no special environmental conditions or race-condition timing on the attacker.

Blast Radius

  • Executes arbitrary code in the context of the victim user, giving the attacker full control of the user's session and accessible resources.
  • Reads files, credentials, and any data the victim user can access on the host.
  • Modifies or deletes files and persisted data within the victim user's permissions.
  • Terminates or disrupts Office processes and any dependent workflows running under that user account.

How HarborGuard Handles This

Available on HarborGuard: detection for CVE-2026-44819 ingests from Microsoft's advisory feed and matches against all customer images containing affected Microsoft Office versions within minutes of publication. Where compliance policy permits, HarborGuard can rebuild images pinned to the patched versions (16.0.5556.1005 for Office 2016; current releases at https://aka.ms/OfficeSecurityReleases for 365 Apps, Office 2019, LTSC 2021, and LTSC 2024). For customers who opt into auto-remediation, the rebuild is followed by an automated regression run and a pull request opened against affected workloads; median time from CVE publication to merged patch PR for high-severity issues is around 90 minutes for environments with auto-remediation enabled. Mac variants (Office 365 for Mac, LTSC for Mac 2021, LTSC for Mac 2024) do not carry explicit version fix strings in this record; HarborGuard re-checks the Microsoft advisory each ingest cycle and will make a patched rebuild available as soon as upstream version information is published for those products.

See how HarborGuard automates this

Fix available

16.0.5556.100516.0.10417.2015316.0.19725.20384https://aka.ms/OfficeSecurityReleases
Patch commits
Affected packages
  • Microsoft / Microsoft 365 Apps for Enterprise
    < https://aka.ms/OfficeSecurityReleases (from 16.0.1)
  • Microsoft / Microsoft Office 2016
    < 16.0.5556.1005 (from 16.0.0)
  • Microsoft / Microsoft Office 2019
    < https://aka.ms/OfficeSecurityReleases (from 19.0.0)
  • Microsoft / Microsoft Office 365 for Mac
    -
  • Microsoft / Microsoft Office LTSC 2021
    < https://aka.ms/OfficeSecurityReleases (from 16.0.1)
  • Microsoft / Microsoft Office LTSC 2024
    < https://aka.ms/OfficeSecurityReleases (from 16.0.0)
  • Microsoft / Microsoft Office LTSC for Mac 2021
    -
  • Microsoft / Microsoft Office LTSC for Mac 2024
    -
  • Microsoft / Microsoft SharePoint Enterprise Server 2016
    < 16.0.5556.1005 (from 16.0.0)
  • Microsoft / Microsoft SharePoint Server 2019
    < 16.0.10417.20153 (from 16.0.0)
  • Microsoft / Microsoft SharePoint Server Subscription Edition
    < 16.0.19725.20384 (from 16.0.0)
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
References