Elevation of Privilege Vulnerability in Microsoft Office Click-To-Run
CVE-2026-47293

7HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft 365 Apps For Enterprise; Microsoft Office 2019; Microsoft Office Ltsc 2021; Microsoft Office Ltsc 2024
Vendor: CVE Published:; 9 June 2026

What is CVE-2026-47293?

A vulnerability in Microsoft Office Click-To-Run has been identified that allows an attacker with authorized access to elevate their privileges locally through a use-after-free condition. This could potentially lead to unauthorized modifications or access within the affected system. Users are advised to monitor their installations and apply recommended patches from Microsoft to mitigate any associated risks.

Affected Version(s)

Microsoft 365 Apps for Enterprise 32-bit Systems 16.0.1

Microsoft Office 2019 32-bit Systems 19.0.0

Microsoft Office LTSC 2021 32-bit Systems 16.0.1

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisorypatch

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 9, 2026
Vulnerability Reserved
May 18, 2026

CVE-2026-47293 Data

JSON