CVE-2026-45475 Microsoft CVE debrief

Who should care

Organizations using Microsoft Office, particularly those with high-risk exposure, should prioritize patching this vulnerability. This includes businesses, government agencies, and educational institutions that rely on Microsoft Office for daily operations.

Technical summary

The CVE-2026-45475 vulnerability is a heap-based buffer overflow in Microsoft Office that can be exploited through a specially crafted file. The vulnerability affects various versions of Microsoft Office, including Office 2016, Office 2019, Office 2021, and Office 2024, as well as Microsoft 365 Apps. The CVSS vector for this vulnerability is CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating a high-severity vulnerability that can be exploited locally with low attack complexity.

Defensive priority

High

Recommended defensive actions

• Apply the latest security patches for Microsoft Office and Microsoft 365 Apps.
• Implement a robust vulnerability management program to ensure timely patching of high-severity vulnerabilities.
• Use secure file handling and validation mechanisms to prevent exploitation of this vulnerability.
• Monitor system logs for suspicious activity related to Microsoft Office.
• Consider implementing a defense-in-depth strategy with multiple layers of security controls.
• Conduct regular security awareness training for employees to educate them on the risks associated with this vulnerability.
• Review and update incident response plans to ensure preparedness in case of an exploitation attempt.

Evidence notes

The information provided is based on the CVE record and NVD detail for CVE-2026-45475. The vulnerability is classified as CWE-122, which is a heap-based buffer overflow vulnerability. The CVSS score and vector are based on the NVD detail.

Official resources