CVE-2026-60140
Received Received - Intake

Out-of-Bounds Read in Productivity Suite

Vulnerability report for CVE-2026-60140, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-16

Last updated on: 2026-07-16

Assigner: ICS-CERT

Description

An out-of-bounds read vulnerability in the Productivity Suite allows a local attacker to trigger kernel memory corruption by sending a crafted IOCTL request. This can lead to exposing sensitive information or causing the affected product to become unstable or unavailable.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-16
Last Modified
2026-07-16
Generated
2026-07-17
AI Q&A
2026-07-16
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Currently, no data is known.

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This is an out-of-bounds read vulnerability in the Productivity Suite that allows a local attacker to send a specially crafted IOCTL request. This request can trigger kernel memory corruption, potentially exposing sensitive information or causing the system to become unstable or crash.

Detection Guidance

Detection of this vulnerability requires analyzing system logs for abnormal IOCTL requests or kernel memory corruption events. Monitor for crashes, instability, or unexpected behavior in the Productivity Suite. Check for unauthorized access attempts or privilege escalation patterns in system logs.

Impact Analysis

An attacker could exploit this to read sensitive kernel memory, leading to information disclosure. The system may also become unstable or crash, disrupting normal operations.

Compliance Impact

This vulnerability could potentially expose sensitive information due to kernel memory corruption, which may violate data protection requirements under GDPR and HIPAA. Unauthorized access to sensitive data could lead to compliance violations if proper safeguards are not in place.

Mitigation Strategies

Apply vendor-provided patches or updates for the Productivity Suite to address the out-of-bounds read vulnerability. If patches are unavailable, consider disabling or restricting access to the affected IOCTL interface to prevent local attackers from exploiting it.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-60140. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart