VYPR
High severity8.4NVD Advisory· Published Mar 10, 2026· Updated May 22, 2026

CVE-2026-26110

CVE-2026-26110

Description

Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

Affected products

9
  • Microsoft/Officellm-fuzzy4 versions
    (expand)+ 3 more
    • (no CPE)
    • (no CPE)range: 16.0.1
    • (no CPE)range: 16.0.1
    • (no CPE)range: 16.0.0
  • Microsoft/Microsoft 365 Apps for Enterprisev5
    Range: 16.0.1
  • Microsoft/Office Visiocpe-rescue2 versions
    16.0.0+ 1 more
    • (no CPE)range: 16.0.0
    • (no CPE)range: 19.0.0
  • Microsoft/Office For Maccpe-rescue2 versions
    16.0.1+ 1 more
    • (no CPE)range: 16.0.1
    • (no CPE)range: 16.0.0

Patches

Vulnerability mechanics

References

1

News mentions

1