High severity7.1NVD Advisory· Published May 12, 2026· Updated May 16, 2026
CVE-2026-41101
CVE-2026-41101
Description
Improper access control in Microsoft Office Word allows an authorized attacker to perform spoofing locally.
Affected products
2Patches
Vulnerability mechanics
References
1- msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41101nvdVendor Advisory
News mentions
5- Coding Gaffe Exposes Microsoft 365 Accounts to Widespread TakeoverDark Reading · Jun 3, 2026
- Microsoft 365 Android Apps Let Any App Steal Account Tokens via Leftover Debug FlagThe Hacker News · Jun 3, 2026
- Microsoft 365 Android Apps Account Takeover Vulnerability Impacted Billions of Android UsersCyber Security News · Jun 3, 2026
- Patch Tuesday - May 2026Rapid7 Blog · May 13, 2026
- Microsoft May 2026 Patch Tuesday fixes 120 flaws, no zero-daysBleepingComputer · May 12, 2026