Description
Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
Published: 2026-05-12
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Microsoft Word allows an attacker to provide an external file name or path that bypasses normal access control, enabling the disclosure of sensitive information on a network. The official description has been updated; see the Microsoft advisories for the latest details. The weakness is a classic external control of file or directory path scenario (CWE‑73). An exploit could allow an unauthenticated user to read arbitrary files accessible to the host, potentially leaking confidential data.

Affected Systems

The vulnerability affects Microsoft 365 Apps for Enterprise, Microsoft Office 2019, Microsoft Office LTSC 2021, Microsoft Office LTSC 2024, and Microsoft Word 2016. No specific version ranges are listed, so all currently installed instances of the above products are considered vulnerable until upgraded.

Risk and Exploitability

The CVSS score of 4.3 indicates a moderate severity with limited impact on confidentiality and availability. The EPSS score is 0.00053, representing a very low but nonzero probability of exploitation, and the vulnerability is not listed in CISA KEV. The likely attack vector is remote access; an attacker who can influence the file name or path seen by Word can exploit the flaw over the network. Because the vulnerability requires only external file path manipulation, the conditions for exploitation are relatively low, but the potential for sensitive data exposure remains. Overall risk is moderate, warranting monitoring and prompt remediation as part of a broader vulnerability management strategy.

Generated by OpenCVE AI on June 1, 2026 at 21:33 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Microsoft Office and Word security updates that address the external file path control issue (recommended via Windows Update or the Office update mechanism).
  • If an immediate patch is not available, configure Office group policies to disable processing of external file links or restrict network access to directories that can be referenced by Word.
  • Monitor file access logs and network traffic for anomalous attempts to read privileged files through Word, and respond to detected incidents promptly.

Generated by OpenCVE AI on June 1, 2026 at 21:33 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 01 Jun 2026 19:00:00 +0000

Type Values Removed Values Added
Description External control of file name or path in Microsoft Office Word allows an unauthorized attacker to disclose information over a network. Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally.

Tue, 19 May 2026 18:45:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft office Long Term Servicing Channel
CPEs cpe:2.3:a:microsoft:office:2021:*:*:*:ltsc:*:x64:*
cpe:2.3:a:microsoft:office:2021:*:*:*:ltsc:*:x86:*		 cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x64:*
cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x86:*
Vendors & Products Microsoft office Long Term Servicing Channel

Sat, 16 May 2026 01:45:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft office
Microsoft word
CPEs cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*
cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*
cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x64:*
cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x86:*
cpe:2.3:a:microsoft:office:2021:*:*:*:ltsc:*:x64:*
cpe:2.3:a:microsoft:office:2021:*:*:*:ltsc:*:x86:*
cpe:2.3:a:microsoft:office:2024:*:*:*:ltsc:*:x64:*
cpe:2.3:a:microsoft:office:2024:*:*:*:ltsc:*:x86:*
cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:x64:*
cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:x86:*
Vendors & Products Microsoft office
Microsoft word

Wed, 13 May 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 12 May 2026 17:30:00 +0000

Type Values Removed Values Added
Description External control of file name or path in Microsoft Office Word allows an unauthorized attacker to disclose information over a network.
Title Microsoft Word Information Disclosure Vulnerability
First Time appeared Microsoft
Microsoft 365 Apps
Microsoft office 2019
Microsoft office 2021
Microsoft office 2024
Microsoft word 2016
Weaknesses CWE-73
CPEs cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*
cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*
cpe:2.3:a:microsoft:word_2016:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft 365 Apps
Microsoft office 2019
Microsoft office 2021
Microsoft office 2024
Microsoft word 2016
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C'}

Subscriptions

Microsoft 365 Apps Office Office 2019 Office 2021 Office 2024 Office Long Term Servicing Channel Word Word 2016
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-06-01T23:44:07.414Z

Reserved: 2026-04-13T00:27:50.799Z

Link: CVE-2026-40421

cve-icon Vulnrichment

Updated: 2026-05-13T19:32:37.853Z

cve-icon NVD

Status : Modified

Published: 2026-05-12T18:17:20.320

Modified: 2026-06-01T19:16:39.447

Link: CVE-2026-40421

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-01T21:45:22Z

Weaknesses