CVE-2026-33822
Out-of-Bounds Read in Microsoft Word Causes Local Information Disclosure
Publication date: 2026-04-14
Last updated on: 2026-04-29
Assigner: Microsoft Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| microsoft | 365_apps | * |
| microsoft | 365_apps | * |
| microsoft | office_long_term_servicing_channel | 2021 |
| microsoft | office_long_term_servicing_channel | 2024 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an out-of-bounds read issue in Microsoft Office Word. It allows an unauthorized attacker to read information from memory locations outside the intended boundaries, which can lead to local information disclosure.
How can this vulnerability impact me? :
The impact of this vulnerability is that an attacker can locally disclose sensitive information from the affected system. Although it requires local access and user interaction, it can lead to information leakage and potentially compromise confidentiality.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows an unauthorized attacker to disclose information locally due to an out-of-bounds read in Microsoft Office Word.
Such information disclosure could potentially impact compliance with data protection standards and regulations like GDPR and HIPAA, which require safeguarding sensitive information against unauthorized access.
However, specific details on how this vulnerability affects compliance with these standards are not provided in the available resources.