PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-55142 Microsoft CVE debrief

A numeric truncation error in Microsoft Office Word could allow an unauthorized attacker to disclose information locally. The CVE record was published on 2026-07-14T18:18:21.273Z and has not been modified since then. This vulnerability affects Microsoft Office Word users, particularly those in environments where local unauthorized access is a concern. The vulnerability has a CVSS score of 5.5, indicating a medium severity. Users should apply patches provided by Microsoft and ensure that Microsoft Office Word is updated to the latest version.

Vendor
Microsoft
Product
Microsoft 365 Apps for Enterprise
CVSS
MEDIUM 5.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-14
Original CVE updated
2026-07-16
Advisory published
2026-07-14
Advisory updated
2026-07-16

Who should care

Users of Microsoft Office Word, particularly those in environments where local unauthorized access is a concern, should be aware of this vulnerability. They should apply patches provided by Microsoft and ensure that Microsoft Office Word is updated to the latest version. Security teams and vulnerability management teams should also be aware of this vulnerability and review compensating controls for exposed systems.

Technical summary

The vulnerability is due to a numeric truncation error in Microsoft Office Word. An attacker could exploit this vulnerability to disclose information locally. The CVSS score for this vulnerability is 5.5, indicating a medium severity. This vulnerability affects Microsoft Office Word users. Microsoft has provided a patch for this vulnerability.

Defensive priority

Medium priority due to local exploitation and information disclosure. Security teams should review and prioritize patch deployment for Microsoft Office Word.

Recommended defensive actions

  • Apply patches provided by Microsoft
  • Ensure that Microsoft Office Word is updated to the latest version
  • Monitor for any suspicious local access attempts
  • Review compensating controls for exposed systems
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review

Evidence notes

The CVE record and NVD detail provide information on the vulnerability and affected products. Microsoft has provided a patch for this vulnerability. The vulnerability is a numeric truncation error in Microsoft Office Word that could allow an unauthorized attacker to disclose information locally. Evidence is limited to CVE and NVD details. Defenders should verify patch deployment and monitor for suspicious local access attempts.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-14T18:18:21.273Z and has not been modified since then.