High severity7.7NVD Advisory· Published May 12, 2026· Updated May 19, 2026
CVE-2026-42832
CVE-2026-42832
Description
Improper access control in Microsoft Office allows an unauthorized attacker to perform spoofing locally.
Affected products
5- cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:macos:*:*
Patches
Vulnerability mechanics
References
1- msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42832nvdVendor Advisory
News mentions
4- Coding Gaffe Exposes Microsoft 365 Accounts to Widespread TakeoverDark Reading · Jun 3, 2026
- Microsoft 365 Android Apps Let Any App Steal Account Tokens via Leftover Debug FlagThe Hacker News · Jun 3, 2026
- Patch Tuesday - May 2026Rapid7 Blog · May 13, 2026
- Microsoft May 2026 Patch Tuesday fixes 120 flaws, no zero-daysBleepingComputer · May 12, 2026