HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-45461Published Modified CNA microsoft

CVE-2026-45461: Microsoft Office Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

Metrics

CVSS v3.1
8.4
Severity
HIGH
Fixed in
16.0.5556.1005
Affected Products
9

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

Heap-based buffer overflow in Microsoft Office allows an attacker with local access to execute arbitrary code on the affected system. The vulnerability is reached locally without any authentication or user interaction, and exploitation is reliable with no special conditions required. Successful exploitation gives the attacker full control over confidentiality, integrity, and availability of the affected host. A patched-image rebuild at version 16.0.5556.1005 (and equivalent channel releases) is available on HarborGuard for environments running an affected version.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against customer images, including internally built and customized images that bundle Microsoft Office components. Any image containing an affected Office version is flagged automatically in the customer's registry and CI pipeline scans.

Available
Triage

HarborGuard scores this CVE at 8.4 HIGH using the published CVSS v3.1 vector, and that score is weighted against each customer's per-environment compliance policy to prioritize routing. Triage findings are delivered to the correct team inbox within each customer org based on image ownership and policy configuration.

Available
Patch

A patched-image rebuild at the fix version (16.0.5556.1005 or the equivalent Click-to-Run channel release) becomes available on HarborGuard once the upstream package is resolvable. For customers who opt into auto-remediation, HarborGuard performs the rebuild, runs regression tests against the updated image, and opens a pull request against affected workloads automatically.

Available

Exploit Conditions

  • Network reachabilityNot required

    The attacker needs an existing shell or process on the host; no network path to the service is required.

  • AuthenticationNot required

    No credentials or account are required to trigger the overflow; the attacker only needs the ability to run code or open a file locally.

  • Victim interactionNot required

    The vulnerability can be triggered without any action from another user on the system.

  • Attack complexityDetail

    Exploitation is reliable and condition-free; no race conditions, special memory layouts, or environmental dependencies are required.

Blast Radius

  • Attacker executes arbitrary code in the context of the Office process, gaining the same privileges as the logged-in user.
  • All files and data accessible to that user account can be read, including documents, credentials cached on disk, and browser profile data.
  • The attacker can write or modify any files the user can access, including persisted Office documents and configuration files.
  • The Office process and any dependent services can be crashed or made unavailable, disrupting productivity workflows on the host.

How HarborGuard Handles This

Available on HarborGuard: detection for CVE-2026-45461 is active across all scanning environments, matching any image that bundles an affected Microsoft Office build against the published fix boundary at 16.0.5556.1005. Where compliance policy permits, auto-remediation customers receive a rebuilt image at the patched version, a regression-test run against that image, and a pull request opened against affected workloads. The median time from CVE publication to merged patch PR for high-severity issues is around 90 minutes for environments with auto-remediation enabled. For environments where auto-remediation is not enabled, HarborGuard surfaces the finding in the triage queue with the fix version and upstream advisory link (https://aka.ms/OfficeSecurityReleases) so engineers can act directly. Note that several affected product lines (Microsoft Office for Android, Office 365 for Mac, LTSC for Mac 2021) do not have a discrete fix version listed in this record; HarborGuard re-checks the advisory each ingest cycle and will make the patched rebuild available the moment upstream publishes specific version bounds for those variants.

See how HarborGuard automates this

Fix available

16.0.5556.1005https://aka.ms/OfficeSecurityReleases
Patch commits
Affected packages
  • Microsoft / Microsoft 365 Apps for Enterprise
    < https://aka.ms/OfficeSecurityReleases (from 16.0.1)
  • Microsoft / Microsoft Office 2016
    < 16.0.5556.1005 (from 16.0.0)
  • Microsoft / Microsoft Office 2019
    < https://aka.ms/OfficeSecurityReleases (from 19.0.0)
  • Microsoft / Microsoft Office 365 for Mac
    -
  • Microsoft / Microsoft Office for Android
    -
  • Microsoft / Microsoft Office LTSC 2021
    < https://aka.ms/OfficeSecurityReleases (from 16.0.1)
  • Microsoft / Microsoft Office LTSC 2024
    < https://aka.ms/OfficeSecurityReleases (from 16.0.0)
  • Microsoft / Microsoft Office LTSC for Mac 2021
    -
  • Microsoft / Microsoft Office LTSC for Mac 2024
    -
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
References