PatchSiren cyber security CVE debrief
CVE-2026-55134 Microsoft CVE debrief
A stack-based buffer overflow vulnerability exists in Microsoft Office Word, which could allow an unauthorized attacker to execute code locally. The CVE record was published on 2026-07-14T18:18:20.163Z and has not been modified since then. This vulnerability affects various versions of Microsoft Office, including Word 2016, 2019, 2021, and 2024, as well as SharePoint Server 2016, 2019, and Subscription Edition. Users should review their deployments and apply necessary patches or updates.
- Vendor
- Microsoft
- Product
- Microsoft 365 Apps for Enterprise
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-14
- Original CVE updated
- 2026-07-16
- Advisory published
- 2026-07-14
- Advisory updated
- 2026-07-16
Who should care
Users of Microsoft Office Word, particularly those using versions 2016, 2019, 2021, and 2024, as well as SharePoint Server 2016, 2019, and Subscription Edition, should be aware of this vulnerability and take necessary precautions. This includes reviewing their deployments, applying patches or updates, and monitoring systems for suspicious activity.
Technical summary
The vulnerability is a stack-based buffer overflow in Microsoft Office Word, which could allow an attacker to execute code locally. The CVSS score is 7.8 with a severity of HIGH. The vulnerability affects various versions of Microsoft Office, including Word 2016, 2019, 2021, and 2024, as well as SharePoint Server 2016, 2019, and Subscription Edition. A patch is available from Microsoft.
Defensive priority
High
Recommended defensive actions
- Apply patches or updates provided by Microsoft to vulnerable systems
- Use compensating controls such as firewalls and intrusion detection systems
- Monitor systems for suspicious activity
- Use secure coding practices when developing applications
- Limit user privileges to minimize the impact of a successful attack
Evidence notes
The CVE record and NVD detail provide information on the vulnerability, its severity, and affected products. Microsoft has provided a patch and vendor advisory for this vulnerability. The vulnerability has a CVSS score of 7.8 with a severity of HIGH. Evidence is limited to CVE and NVD details. Defenders should verify patch deployment and monitor for suspicious activity.
Official resources
-
CVE-2026-55134 CVE record
CVE.org
-
CVE-2026-55134 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Patch, Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-14T18:18:20.163Z and has not been modified since then.