PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-56192 Microsoft CVE debrief

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-14T18:18:29.447Z and has not been modified since then. The NVD entry is currently Analyzed. This vulnerability, CVE-2026-56192, is an out-of-bounds read in Microsoft Office, allowing an unauthorized attacker to disclose information locally. Users of Microsoft Office, particularly those with access to local, vulnerable installations, should prioritize patching to prevent potential information disclosure. The CVE record and NVD details provide information on the vulnerability. Microsoft has a patch available. Affected products include various versions of Microsoft Office and 365 Apps. The vulnerability has a CVSS score of 5.5 and a severity rating of MEDIUM.

Vendor
Microsoft
Product
Microsoft 365 Apps for Enterprise
CVSS
MEDIUM 5.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-14
Original CVE updated
2026-07-16
Advisory published
2026-07-14
Advisory updated
2026-07-16

Who should care

Users of Microsoft Office, particularly those with access to local, vulnerable installations, should prioritize patching to prevent potential information disclosure.

Technical summary

CVE-2026-56192 is an out-of-bounds read vulnerability in Microsoft Office. An unauthorized attacker could exploit this vulnerability locally to disclose information. The vulnerability has a CVSS score of 5.5 and a severity rating of MEDIUM. Users of Microsoft Office, particularly those with access to local, vulnerable installations, should prioritize patching to prevent potential information disclosure. The CVE record and NVD details provide information on the vulnerability. Microsoft has a patch available for affected Office versions. Affected products include various versions of Microsoft Office and 365 Apps.

Defensive priority

Medium priority due to the local exploitation requirement but potential for information disclosure. Users of Microsoft Office, particularly those with access to local, vulnerable installations, should prioritize patching to prevent potential information disclosure. The CVE record and NVD details provide information on the vulnerability. Microsoft has a patch available. Affected products include various versions of Microsoft Office and 365 Apps. The vulnerability has a CVSS score of 5.5 and a severity rating of MEDIUM. The CVE record was published on 2026-07-14T18:18:29.447Z and has not been modified since then. The NVD entry is currently Analyzed. This vulnerability could allow an unauthorized attacker to disclose information locally. An out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally. CVE-2026-56192 is an out-of-bounds read vulnerability in Microsoft Office. An unauthorized attacker could exploit this vulnerability locally to disclose information. The vulnerability has a CVSS score of 5.5 and a severity rating of MEDIUM. Users of Microsoft Office, particularly those with access to local, vulnerable installations, should prioritize patching to prevent potential information disclosure. The CVE record and NVD details provide information on the vulnerability. Microsoft has a patch available. Affected products include various versions of Microsoft Office and 365 Apps. The CVE record was published on 2026-07-14T18:18:29.447Z and has not been modified since then. The NVD entry is currently Analyzed. This vulnerability could allow an unauthorized attacker to disclose information locally. An out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally. CVE-2026-56192 is an out-of-bounds read vulnerability in Microsoft Office. An unauthorized attacker could exploit this vulnerability locally to disclose information. The vulnerability has a CVSS score of 5.5 and a severity rating of MEDIUM. Users of Microsoft Office, particularly those with access to local, vulnerable installations, should prioritize patching to prevent potential information disclosure. The CVE record and NVD

Recommended defensive actions

  • Apply patches from Microsoft for affected Office versions
  • Inventory and update vulnerable Office installations
  • Monitor for unusual activity indicating potential exploitation attempts

Evidence notes

The CVE record and NVD details provide information on the vulnerability. Microsoft has a patch available. Affected products include various versions of Microsoft Office and 365 Apps. The vulnerability has a CVSS score of 5.5 and a severity rating of MEDIUM. Users of Microsoft Office, particularly those with access to local, vulnerable installations, should prioritize patching to prevent potential information disclosure. The CVE record was published on 2026-07-14T18:18:29.447Z and has not been modified since then.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-14T18:18:29.447Z and has not been modified since then.