PatchSiren cyber security CVE debrief
CVE-2026-55142 Microsoft CVE debrief
A numeric truncation error in Microsoft Office Word could allow an unauthorized attacker to disclose information locally. The CVE record was published on 2026-07-14T18:18:21.273Z and has not been modified since then. This vulnerability affects Microsoft Office Word users, particularly those in environments where local unauthorized access is a concern. The vulnerability has a CVSS score of 5.5, indicating a medium severity. Users should apply patches provided by Microsoft and ensure that Microsoft Office Word is updated to the latest version.
- Vendor
- Microsoft
- Product
- Microsoft 365 Apps for Enterprise
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-14
- Original CVE updated
- 2026-07-16
- Advisory published
- 2026-07-14
- Advisory updated
- 2026-07-16
Who should care
Users of Microsoft Office Word, particularly those in environments where local unauthorized access is a concern, should be aware of this vulnerability. They should apply patches provided by Microsoft and ensure that Microsoft Office Word is updated to the latest version. Security teams and vulnerability management teams should also be aware of this vulnerability and review compensating controls for exposed systems.
Technical summary
The vulnerability is due to a numeric truncation error in Microsoft Office Word. An attacker could exploit this vulnerability to disclose information locally. The CVSS score for this vulnerability is 5.5, indicating a medium severity. This vulnerability affects Microsoft Office Word users. Microsoft has provided a patch for this vulnerability.
Defensive priority
Medium priority due to local exploitation and information disclosure. Security teams should review and prioritize patch deployment for Microsoft Office Word.
Recommended defensive actions
- Apply patches provided by Microsoft
- Ensure that Microsoft Office Word is updated to the latest version
- Monitor for any suspicious local access attempts
- Review compensating controls for exposed systems
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
Evidence notes
The CVE record and NVD detail provide information on the vulnerability and affected products. Microsoft has provided a patch for this vulnerability. The vulnerability is a numeric truncation error in Microsoft Office Word that could allow an unauthorized attacker to disclose information locally. Evidence is limited to CVE and NVD details. Defenders should verify patch deployment and monitor for suspicious local access attempts.
Official resources
-
CVE-2026-55142 CVE record
CVE.org
-
CVE-2026-55142 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Patch, Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-14T18:18:21.273Z and has not been modified since then.