PatchSiren cyber security CVE debrief
CVE-2026-50665 Microsoft CVE debrief
An out-of-bounds read vulnerability exists in Microsoft Office, which could allow an unauthorized attacker to disclose information locally. This CVE was published on 2026-07-14T18:18:00.080Z and was last modified on 2026-07-16T15:15:36.480Z. The vulnerability has a CVSS score of 7.8 and is classified as HIGH severity. Users of Microsoft Office should be aware of this vulnerability and take steps to mitigate it by applying patches and monitoring for suspicious activity.
- Vendor
- Microsoft
- Product
- Microsoft 365 Apps for Enterprise
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-14
- Original CVE updated
- 2026-07-16
- Advisory published
- 2026-07-14
- Advisory updated
- 2026-07-16
Who should care
Users of Microsoft Office, particularly those in environments where Office is widely used, should be aware of this vulnerability and take steps to mitigate it. This includes applying patches released by Microsoft, inventorying and updating affected Microsoft Office installations, monitoring for suspicious activity, and implementing compensating controls where necessary.
Technical summary
The vulnerability is an out-of-bounds read in Microsoft Office, which allows an unauthorized attacker to disclose information locally. The CVSS score is 7.8 and the severity is HIGH. This issue affects Microsoft Office installations and could be exploited for local information disclosure. Users should apply patches released by Microsoft and inventory and update affected Microsoft Office installations.
Defensive priority
High priority should be given to patching this vulnerability as it allows for local information disclosure and affects widely used software.
Recommended defensive actions
- Apply patches released by Microsoft
- Inventory and update affected Microsoft Office installations
- Monitor for suspicious activity
- Implement compensating controls
- Retest and verify patch effectiveness
Evidence notes
The CVE record was published on 2026-07-14T18:18:00.080Z and was last modified on 2026-07-16T15:15:36.480Z. The NVD entry is currently Analyzed. This vulnerability affects Microsoft Office, potentially allowing unauthorized attackers to disclose information locally. Users should verify their Office installations and apply patches as recommended by Microsoft. The CVE details are sourced from official records, but specific product impacts and exploit details remain limited.
Official resources
-
CVE-2026-50665 CVE record
CVE.org
-
CVE-2026-50665 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Patch, Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-14T18:18:00.080Z and has not been modified since then. The NVD entry is currently Analyzed.