Description
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Published: 2026-01-13
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Local code execution
Action: Apply patch
AI Analysis

Impact

This vulnerability is an untrusted pointer dereference in Microsoft Office Word that permits an unauthorized attacker to execute code locally on a target machine. The flaw enables the attacker to run arbitrary code with the privileges of the user who opens the affected document, potentially compromising confidentiality, integrity, and availability of the affected system.

Affected Systems

Affected Microsoft products include Microsoft 365 Apps for Enterprise, Microsoft Office 2019, Microsoft Office LTSC 2021, Microsoft Office LTSC 2024, Microsoft Office LTSC for Mac 2021, Microsoft Office LTSC for Mac 2024, Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2019, and Microsoft Word 2016 across the listed platforms and architectures.

Risk and Exploitability

The CVSS score of 7.8 indicates a high severity vulnerability. However, the EPSS score of <1% suggests that the likelihood of exploitation in the wild is currently low. The vulnerability is not listed in the CISA KEV catalog. Attackers likely need to trick the user into opening a malicious Word document or otherwise executing the code locally; the attack vector is therefore inferred to be local file-based exploitation. If exploited, the attacker can gain code execution at the permission level of the user.

Generated by OpenCVE AI on April 18, 2026 at 06:38 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Microsoft Office cumulative update that resolves CVE-2026-20948.
  • Restrict or disable macros and review document security settings to prevent execution of untrusted content.
  • Follow Microsoft’s security advisory on the update guide for detailed deployment instructions and additional mitigations.

Generated by OpenCVE AI on April 18, 2026 at 06:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 16 Jan 2026 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft office
Microsoft office Long Term Servicing Channel
Microsoft sharepoint Server
Microsoft word
CPEs cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*
cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*
cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x64:*
cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x86:*
cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:-:x64:*
cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:-:x86:*
cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:macos:*:*
cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:-:x64:*
cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:-:x86:*
cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:macos:*:*
cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*
cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:x64:*
cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:x86:*
Vendors & Products Microsoft office
Microsoft office Long Term Servicing Channel
Microsoft sharepoint Server
Microsoft word

Tue, 13 Jan 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 13 Jan 2026 18:15:00 +0000

Type Values Removed Values Added
Description Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Title Microsoft Word Remote Code Execution Vulnerability
First Time appeared Microsoft
Microsoft 365 Apps
Microsoft office 2019
Microsoft office 2021
Microsoft office 2024
Microsoft office Macos 2021
Microsoft office Macos 2024
Microsoft sharepoint Server 2016
Microsoft sharepoint Server 2019
Microsoft word 2016
Weaknesses CWE-822
CPEs cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*
cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*
cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*
cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*
cpe:2.3:a:microsoft:sharepoint_server_2016:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:microsoft:sharepoint_server_2019:*:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:word_2016:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft 365 Apps
Microsoft office 2019
Microsoft office 2021
Microsoft office 2024
Microsoft office Macos 2021
Microsoft office Macos 2024
Microsoft sharepoint Server 2016
Microsoft sharepoint Server 2019
Microsoft word 2016
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C'}

Subscriptions

Microsoft 365 Apps Office Office 2019 Office 2021 Office 2024 Office Long Term Servicing Channel Office Macos 2021 Office Macos 2024 Sharepoint Server Sharepoint Server 2016 Sharepoint Server 2019 Word Word 2016
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-04-01T13:49:17.002Z

Reserved: 2025-12-04T20:04:16.339Z

Link: CVE-2026-20948

cve-icon Vulnrichment

Updated: 2026-01-13T18:50:36.314Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-13T18:16:22.327

Modified: 2026-01-16T16:19:15.393

Link: CVE-2026-20948

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T06:45:23Z

Weaknesses