Description
Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.
Published: 2026-05-12
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a use‑after‑free in Microsoft Office that allows an authorized local attacker to elevate privileges. An attacker with local access can abuse the flaw to increase their privileges, potentially gaining administrative rights on the affected machine. The issue maps to CWE‑1220, which addresses improper verification of privileges.

Affected Systems

Microsoft 365 Apps for Enterprise, Microsoft Office 2019, Microsoft Office LTSC 2021, and Microsoft Office LTSC 2024 are affected. The CVE does not list specific version numbers beyond the product families.

Risk and Exploitability

The CVSS score of 8.8 indicates a high severity rating. The EPSS score of < 1% suggests a very low probability of exploitation, but the vulnerability is listed as local privilege escalation, implying that the attacker must be physically or remotely logged on with authorized access. Because it is not in the CISA KEV catalog, there is no current evidence of widespread exploitation, yet the importance of patching remains high.

Generated by OpenCVE AI on June 1, 2026 at 21:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Microsoft Office update through Windows Update or the Microsoft Update Catalog to address the Click‑To‑Run privilege escalation flaw.
  • If an update is not immediately available, enforce strict least‑privilege policies for users who can launch Office, limiting their rights to run only required applications.
  • Consider enabling application control or Windows Defender Exploit Guard to block the execution of unverified Office binaries until a patch is applied.

Generated by OpenCVE AI on June 1, 2026 at 21:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 01 Jun 2026 19:00:00 +0000

Type Values Removed Values Added
Description Insufficient granularity of access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally. Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.

Tue, 19 May 2026 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft office
Microsoft office Long Term Servicing Channel
CPEs cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*
cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*
cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x64:*
cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x86:*
cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:-:x64:*
cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:-:x86:*
cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:-:x64:*
cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:-:x86:*
Vendors & Products Microsoft office
Microsoft office Long Term Servicing Channel

Tue, 12 May 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 12 May 2026 17:30:00 +0000

Type Values Removed Values Added
Description Insufficient granularity of access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.
Title Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
First Time appeared Microsoft
Microsoft 365 Apps
Microsoft office 2019
Microsoft office 2021
Microsoft office 2024
Weaknesses CWE-1220
CPEs cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*
cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*
Vendors & Products Microsoft
Microsoft 365 Apps
Microsoft office 2019
Microsoft office 2021
Microsoft office 2024
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C'}

Subscriptions

Microsoft 365 Apps Office Office 2019 Office 2021 Office 2024 Office Long Term Servicing Channel
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-06-02T23:17:18.213Z

Reserved: 2026-04-02T19:21:11.805Z

Link: CVE-2026-35436

cve-icon Vulnrichment

Updated: 2026-05-12T19:08:01.984Z

cve-icon NVD

Status : Modified

Published: 2026-05-12T18:17:13.903

Modified: 2026-06-01T19:16:32.593

Link: CVE-2026-35436

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-01T21:30:26Z

Weaknesses