CVE-2026-45460

Analyzed Analyzed - Analysis Complete

Microsoft Office Out-of-Bounds Read Vulnerability

Publication date: 2026-06-09

Last updated on: 2026-06-19

Assigner: Microsoft Corporation

Description

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-06-09

Last Modified

2026-06-19

Generated

2026-06-30

AI Q&A

2026-06-09

EPSS Evaluated

2026-06-28

NVD

CVE-2026-45460

EUVD

EUVD-2026-35670

Affected Vendors & Products

Vendor	Product	Version / Range
microsoft	office	*

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-126	The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.

Attack-Flow Graph

Executive Summary

This vulnerability is an out-of-bounds read issue in Microsoft Office. It allows an unauthorized attacker to read memory outside the intended boundaries, which can lead to the disclosure of sensitive information on the local system.

Impact Analysis

The impact of this vulnerability is information disclosure. An attacker who exploits this flaw can gain access to sensitive information stored in memory on the affected system without proper authorization.

Compliance Impact

This vulnerability involves an out-of-bounds read in Microsoft Office that allows an unauthorized attacker to disclose information locally.

Such unauthorized information disclosure could potentially impact compliance with data protection regulations like GDPR and HIPAA, which require safeguarding sensitive information against unauthorized access.

However, the provided information does not specify the exact nature or sensitivity of the disclosed information or the compliance implications.

Hi! I’m here to help you understand CVE-2026-45460. Ask me anything about the vulnerability, its impact, or mitigation strategies.

0/70