PatchSiren cyber security CVE debrief
CVE-2026-45485 Microsoft CVE debrief
CVE-2026-45485 is a low-severity vulnerability (CVSS score of 3.3) that was published on 2026-06-09T17:17:23.010Z and modified on 2026-06-09T19:32:51.440Z. The vulnerability is an out-of-bounds read issue in Microsoft Office, which could allow an unauthorized attacker to disclose information locally. The vendor is currently listed as Unknown Vendor, but there is evidence suggesting that the vendor may be Microsoft [reference_domain_candidate].
- Vendor
- Microsoft
- Product
- Microsoft 365 Apps for Enterprise
- CVSS
- LOW 3.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-09
- Original CVE updated
- 2026-06-09
- Advisory published
- 2026-06-09
- Advisory updated
- 2026-06-09
Who should care
Users of Microsoft Office should be aware of this vulnerability and take steps to ensure their systems are up to date.
Technical summary
The vulnerability is an out-of-bounds read issue in Microsoft Office, which could allow an unauthorized attacker to disclose information locally. The CVSS vector for this vulnerability is CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N. The weakness associated with this vulnerability is CWE-125.
Defensive priority
Low
Recommended defensive actions
- Apply patches or updates from the vendor as they become available [ref-4].
Evidence notes
The CVE record [cve-org] and NVD detail [nvd] provide additional information about this vulnerability.
Official resources
-
CVE-2026-45485 CVE record
CVE.org
-
CVE-2026-45485 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-45485 was published on 2026-06-09T17:17:23.010Z and modified on 2026-06-09T19:32:51.440Z.