Improper Access Control Vulnerability in Microsoft Office Word
CVE-2026-41101

7.1HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Word For Android
Vendor: CVE Published:; 12 May 2026

What is CVE-2026-41101?

An improper access control vulnerability in Microsoft Office Word permits unauthorized local spoofing attacks. By exploiting this flaw, an attacker with local access could manipulate documents, potentially misleading users and impacting trust in document integrity. Users of Microsoft Word on Android should be aware of the risks associated with this vulnerability and follow best practices for securing their devices.

Affected Version(s)

Microsoft Word for Android 16.0.0.0 < 16.0.19822.20190

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisorypatch

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2026
Vulnerability Reserved
Apr 16, 2026

CVE-2026-41101 Data

JSON