PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-55139 Microsoft CVE debrief

CVE-2026-55139 is an out-of-bounds read vulnerability in Microsoft Office that allows an unauthorized attacker to disclose information locally. The vulnerability has a CVSS score of 5.5 and a severity rating of MEDIUM. It affects various versions of Microsoft Office, including 2016, 2019, 2021, and 2024, across different platforms such as Windows and macOS. The CVE record was published on 2026-07-14T18:18:20.863Z and has not been modified since then. The NVD entry is currently Analyzed. Users of Microsoft Office should prioritize patching to mitigate local information disclosure risks. The vulnerability's impact is considered medium, and it is essential for organizations to review their Office installations and apply patches immediately to prevent potential exploitation.

Vendor
Microsoft
Product
Microsoft 365 Apps for Enterprise
CVSS
MEDIUM 5.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-14
Original CVE updated
2026-07-16
Advisory published
2026-07-14
Advisory updated
2026-07-16

Who should care

Users of Microsoft Office 2016, 2019, 2021, and 2024, including enterprise and LTS versions for Windows and macOS, should prioritize patching to mitigate local information disclosure risks. This includes administrators and security teams responsible for managing and securing Office installations within their organizations. Additionally, operators and users of affected systems should be aware of the potential risks and take necessary precautions to protect sensitive information.

Technical summary

CVE-2026-55139 is an out-of-bounds read vulnerability in Microsoft Office that allows an unauthorized attacker to disclose information locally. The vulnerability has a CVSS score of 5.5 and a severity rating of MEDIUM. It affects various versions of Microsoft Office, including 2016, 2019, 2021, and 2024, across different platforms such as Windows and macOS. Microsoft has released patches for this vulnerability, and users are advised to apply them immediately to prevent local information disclosure.

Defensive priority

Apply patches immediately for Microsoft Office versions affected by CVE-2026-55139 to prevent local information disclosure. This should be prioritized by IT and security teams, especially in environments where Microsoft Office is widely used.

Recommended defensive actions

  • Apply patches for affected Microsoft Office versions
  • Inventory and verify vulnerable Office installations
  • Monitor for suspicious local activity
  • Implement compensating controls for sensitive data access
  • Review and verify official vendor guidance for CVE-2026-55139

Evidence notes

The CVE record and NVD details provide information on the vulnerability and affected products. Microsoft has released a patch for this vulnerability. Evidence from the CVE record and NVD entry suggests that the vulnerability affects various versions of Microsoft Office, including 2016, 2019, 2021, and 2024, across different platforms such as Windows and macOS. The information available indicates that an unauthorized attacker could exploit this vulnerability to disclose information locally. However, specific details about the nature of the vulnerability and the exact impact are limited in the provided sources. Further verification and review of official advisories and vendor guidance are recommended to understand the full scope and to apply necessary patches or mitigations.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-14T18:18:20.863Z and has not been modified since then.