PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-55134 Microsoft CVE debrief

A stack-based buffer overflow vulnerability exists in Microsoft Office Word, which could allow an unauthorized attacker to execute code locally. The CVE record was published on 2026-07-14T18:18:20.163Z and has not been modified since then. This vulnerability affects various versions of Microsoft Office, including Word 2016, 2019, 2021, and 2024, as well as SharePoint Server 2016, 2019, and Subscription Edition. Users should review their deployments and apply necessary patches or updates.

Vendor
Microsoft
Product
Microsoft 365 Apps for Enterprise
CVSS
HIGH 7.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-14
Original CVE updated
2026-07-16
Advisory published
2026-07-14
Advisory updated
2026-07-16

Who should care

Users of Microsoft Office Word, particularly those using versions 2016, 2019, 2021, and 2024, as well as SharePoint Server 2016, 2019, and Subscription Edition, should be aware of this vulnerability and take necessary precautions. This includes reviewing their deployments, applying patches or updates, and monitoring systems for suspicious activity.

Technical summary

The vulnerability is a stack-based buffer overflow in Microsoft Office Word, which could allow an attacker to execute code locally. The CVSS score is 7.8 with a severity of HIGH. The vulnerability affects various versions of Microsoft Office, including Word 2016, 2019, 2021, and 2024, as well as SharePoint Server 2016, 2019, and Subscription Edition. A patch is available from Microsoft.

Defensive priority

High

Recommended defensive actions

  • Apply patches or updates provided by Microsoft to vulnerable systems
  • Use compensating controls such as firewalls and intrusion detection systems
  • Monitor systems for suspicious activity
  • Use secure coding practices when developing applications
  • Limit user privileges to minimize the impact of a successful attack

Evidence notes

The CVE record and NVD detail provide information on the vulnerability, its severity, and affected products. Microsoft has provided a patch and vendor advisory for this vulnerability. The vulnerability has a CVSS score of 7.8 with a severity of HIGH. Evidence is limited to CVE and NVD details. Defenders should verify patch deployment and monitor for suspicious activity.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-14T18:18:20.163Z and has not been modified since then.