PatchSiren cyber security CVE debrief
CVE-2026-55139 Microsoft CVE debrief
CVE-2026-55139 is an out-of-bounds read vulnerability in Microsoft Office that allows an unauthorized attacker to disclose information locally. The vulnerability has a CVSS score of 5.5 and a severity rating of MEDIUM. It affects various versions of Microsoft Office, including 2016, 2019, 2021, and 2024, across different platforms such as Windows and macOS. The CVE record was published on 2026-07-14T18:18:20.863Z and has not been modified since then. The NVD entry is currently Analyzed. Users of Microsoft Office should prioritize patching to mitigate local information disclosure risks. The vulnerability's impact is considered medium, and it is essential for organizations to review their Office installations and apply patches immediately to prevent potential exploitation.
- Vendor
- Microsoft
- Product
- Microsoft 365 Apps for Enterprise
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-14
- Original CVE updated
- 2026-07-16
- Advisory published
- 2026-07-14
- Advisory updated
- 2026-07-16
Who should care
Users of Microsoft Office 2016, 2019, 2021, and 2024, including enterprise and LTS versions for Windows and macOS, should prioritize patching to mitigate local information disclosure risks. This includes administrators and security teams responsible for managing and securing Office installations within their organizations. Additionally, operators and users of affected systems should be aware of the potential risks and take necessary precautions to protect sensitive information.
Technical summary
CVE-2026-55139 is an out-of-bounds read vulnerability in Microsoft Office that allows an unauthorized attacker to disclose information locally. The vulnerability has a CVSS score of 5.5 and a severity rating of MEDIUM. It affects various versions of Microsoft Office, including 2016, 2019, 2021, and 2024, across different platforms such as Windows and macOS. Microsoft has released patches for this vulnerability, and users are advised to apply them immediately to prevent local information disclosure.
Defensive priority
Apply patches immediately for Microsoft Office versions affected by CVE-2026-55139 to prevent local information disclosure. This should be prioritized by IT and security teams, especially in environments where Microsoft Office is widely used.
Recommended defensive actions
- Apply patches for affected Microsoft Office versions
- Inventory and verify vulnerable Office installations
- Monitor for suspicious local activity
- Implement compensating controls for sensitive data access
- Review and verify official vendor guidance for CVE-2026-55139
Evidence notes
The CVE record and NVD details provide information on the vulnerability and affected products. Microsoft has released a patch for this vulnerability. Evidence from the CVE record and NVD entry suggests that the vulnerability affects various versions of Microsoft Office, including 2016, 2019, 2021, and 2024, across different platforms such as Windows and macOS. The information available indicates that an unauthorized attacker could exploit this vulnerability to disclose information locally. However, specific details about the nature of the vulnerability and the exact impact are limited in the provided sources. Further verification and review of official advisories and vendor guidance are recommended to understand the full scope and to apply necessary patches or mitigations.
Official resources
-
CVE-2026-55139 CVE record
CVE.org
-
CVE-2026-55139 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Patch, Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-14T18:18:20.863Z and has not been modified since then.