CVE-2026-45486: Microsoft Word Remote Code Execution Vulnerability

Synopsis

An untrusted pointer dereference vulnerability in Microsoft Word allows a local attacker to execute arbitrary code on the affected system. The attack requires no authentication but does require a user to open a maliciously crafted document, making this a classic file-based social engineering vector. Successful exploitation gives the attacker full code execution in the context of the logged-in user, enabling data theft, file modification, or further system compromise. A patched-image rebuild is available on HarborGuard for environments running affected versions of Microsoft Office products in containerized workloads.

HarborGuard Coverage

Exploit Conditions

• Network reachabilityNot required

  The attacker needs an existing shell or process on the host; no over-the-network access to the service is required to trigger the vulnerability.

• AuthenticationNot required

  No account or credentials are required; the attacker can trigger the vulnerability as an unauthenticated user as long as they can deliver the malicious document.

• Victim interactionRequired

  A user must open a specially crafted Word document, meaning the attacker must convince a target to interact with a malicious file.

• Attack complexityDetail

  Attack complexity is low, meaning the exploit is reliable and imposes no special environmental conditions, race conditions, or memory layout requirements on the attacker.

Blast Radius

• The attacker executes arbitrary code in the context of the user who opened the document, inheriting all file system and network permissions of that account.
• Confidential files, stored credentials, and session tokens accessible to the user account are exposed to the attacker.
• The attacker can modify or delete documents, configuration files, and other user-writable data on the host.
• The compromised user session can serve as a foothold for lateral movement or privilege escalation within the broader environment.