Heap-based Buffer Overflow in Microsoft Office by Microsoft
CVE-2026-40363

8.4HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft 365 Apps For Enterprise; Microsoft Office 2016; Microsoft Office 2019; Microsoft Office For Android
Vendor: CVE Published:; 12 May 2026

What is CVE-2026-40363?

This vulnerability in Microsoft Office is characterized by a heap-based buffer overflow, which can be exploited by an unauthorized attacker to execute arbitrary code on the affected system. This can allow the attacker to gain local access, potentially leading to unauthorized data manipulation or disclosure. Users are strongly advised to apply the available patches and updates to safeguard their systems from this vulnerability.

Affected Version(s)

Microsoft 365 Apps for Enterprise 32-bit Systems 16.0.1

Microsoft Office 2016 32-bit Systems 16.0.0 < 16.0.5552.1000

Microsoft Office 2019 32-bit Systems 19.0.0

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisorypatch

CVSS V3.1

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2026
Vulnerability Reserved
Apr 11, 2026

CVE-2026-40363 Data

JSON