Office 2019 Microsoft Office 2019

  1. Vendors
  2. Microsoft
  3. Office 2019

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Microsoft Office 2019.

By the Year

In 2026 there have been 64 vulnerabilities in Microsoft Office 2019 with an average score of 7.6 out of ten. Last year, in 2025 Office 2019 had 130 security vulnerabilities published. At the current rates, it appears that the number of vulnerabilities last year and this year may equal out. Last year, the average CVE base score was greater by 0.19




Year Vulnerabilities Average Score
2026 64 7.56
2025 130 7.75
2024 7 7.71
2023 0 0.00
2022 0 0.00
2021 0 0.00
2020 7 7.29
2019 2 0.00

It may take a day or so for new Office 2019 vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Microsoft Office 2019 Security Vulnerabilities

Jun 2026: Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
CVE-2026-47293 7 - High - June 09, 2026

Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.

Dangling pointer

Jun 2026: Microsoft Office Remote Code Execution Vulnerability
CVE-2026-45463 8.4 - High - June 09, 2026

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

Integer underflow

Jun 2026: Microsoft Excel Information Disclosure Vulnerability
CVE-2026-45455 3.3 - Low - June 09, 2026

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.

Out-of-bounds Read

Jun 2026: Microsoft Excel Information Disclosure Vulnerability
CVE-2026-44822 8.2 - High - June 09, 2026

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.

Out-of-bounds Read

Jun 2026: Microsoft Office Remote Code Execution Vulnerability
CVE-2026-45645 7.8 - High - June 09, 2026

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

Untrusted Pointer Dereference

Jun 2026: Microsoft Office Remote Code Execution Vulnerability
CVE-2026-45461 8.4 - High - June 09, 2026

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

Dangling pointer

Jun 2026: Microsoft Office Information Disclosure Vulnerability
CVE-2026-45460 4.7 - Medium - June 09, 2026

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.

Buffer Over-read

Jun 2026: Microsoft Outlook and Word Remote Code Execution Vulnerability
CVE-2026-45458 8.4 - High - June 09, 2026

Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

Dangling pointer

Jun 2026: Microsoft Outlook and Word Remote Code Execution Vulnerability
CVE-2026-45456 8.4 - High - June 09, 2026

Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

Object Type Confusion

Jun 2026: Microsoft Excel Remote Code Execution Vulnerability
CVE-2026-44823 7.8 - High - June 09, 2026

Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Numeric Truncation Error

Jun 2026: Microsoft Office Remote Code Execution Vulnerability
CVE-2026-44824 7.8 - High - June 09, 2026

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

Heap-based Buffer Overflow

Jun 2026: Microsoft Excel Remote Code Execution Vulnerability
CVE-2026-44820 7.8 - High - June 09, 2026

Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Out-of-bounds Read

Jun 2026: Microsoft Office Information Disclosure Vulnerability
CVE-2026-44821 5.5 - Medium - June 09, 2026

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.

Out-of-bounds Read

Jun 2026: Microsoft Office Remote Code Execution Vulnerability
CVE-2026-44819 7.8 - High - June 09, 2026

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

Heap-based Buffer Overflow

Jun 2026: Microsoft Excel Remote Code Execution Vulnerability
CVE-2026-44818 7 - High - June 09, 2026

Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Race Condition

Jun 2026: Microsoft Excel Remote Code Execution Vulnerability
CVE-2026-44817 7.8 - High - June 09, 2026

Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Object Type Confusion

Jun 2026: Microsoft Office Information Disclosure Vulnerability
CVE-2026-45485 3.3 - Low - June 09, 2026

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.

Out-of-bounds Read

Jun 2026: Microsoft Office Remote Code Execution Vulnerability
CVE-2026-45474 8.4 - High - June 09, 2026

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

Dangling pointer

Jun 2026: Microsoft Word Remote Code Execution Vulnerability
CVE-2026-45471 7.8 - High - June 09, 2026

Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Untrusted Pointer Dereference

Jun 2026: Microsoft Office Remote Code Execution Vulnerability
CVE-2026-45472 8.4 - High - June 09, 2026

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

Dangling pointer

Jun 2026: Microsoft Office Remote Code Execution Vulnerability
CVE-2026-45475 7.8 - High - June 09, 2026

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

Heap-based Buffer Overflow

Jun 2026: Microsoft Excel Remote Code Execution Vulnerability
CVE-2026-45469 7.8 - High - June 09, 2026

Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Integer underflow

May 2026: Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
CVE-2026-35436 8.8 - High - May 12, 2026

Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.

Insufficient Granularity of Access Control

May 2026: Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
CVE-2026-40420 8.8 - High - May 12, 2026

Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.

Authorization

May 2026: Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
CVE-2026-40418 7.8 - High - May 12, 2026

Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.

Dangling pointer

May 2026: Microsoft Word Remote Code Execution Vulnerability
CVE-2026-40367 8.4 - High - May 12, 2026

Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Untrusted Pointer Dereference

May 2026: Microsoft Outlook and Word Remote Code Execution Vulnerability
CVE-2026-40361 8.4 - High - May 12, 2026

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Dangling pointer

May 2026: Microsoft Excel Remote Code Execution Vulnerability
CVE-2026-40362 7.8 - High - May 12, 2026

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Heap-based Buffer Overflow

May 2026: Microsoft Excel Remote Code Execution Vulnerability
CVE-2026-40359 7.8 - High - May 12, 2026

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Dangling pointer

May 2026: Microsoft Office Remote Code Execution Vulnerability
CVE-2026-40358 8.4 - High - May 12, 2026

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

Dangling pointer

May 2026: Microsoft Word Information Disclosure Vulnerability
CVE-2026-40421 4.3 - Medium - May 12, 2026

Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally.

External Control of File Name or Path

May 2026: Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
CVE-2026-40419 7.8 - High - May 12, 2026

Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.

Dangling pointer

May 2026: Microsoft Word Remote Code Execution Vulnerability
CVE-2026-40366 8.4 - High - May 12, 2026

Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Dangling pointer

May 2026: Microsoft Office Remote Code Execution Vulnerability
CVE-2026-40363 8.4 - High - May 12, 2026

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

Heap-based Buffer Overflow

May 2026: Microsoft Word Remote Code Execution Vulnerability
CVE-2026-40364 8.4 - High - May 12, 2026

Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Object Type Confusion

May 2026: Microsoft Excel Information Disclosure Vulnerability
CVE-2026-40360 7.8 - High - May 12, 2026

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

Out-of-bounds Read

May 2026: Microsoft Word Information Disclosure Vulnerability
CVE-2026-35440 5.5 - Medium - May 12, 2026

Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally.

Files or Directories Accessible to External Parties

May 2026: Windows Rich Text Edit Elevation of Privilege Vulnerability
CVE-2026-21530 6.7 - Medium - May 12, 2026

Double free in Windows Rich Text Edit allows an authorized attacker to elevate privileges locally.

Double-free

Apr 2026: Microsoft Excel Remote Code Execution Vulnerability
CVE-2026-32199 7.8 - High - April 14, 2026

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Dangling pointer

Apr 2026: Microsoft PowerPoint Remote Code Execution Vulnerability
CVE-2026-32200 7.8 - High - April 14, 2026

Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.

Dangling pointer

Apr 2026: Microsoft Excel Remote Code Execution Vulnerability
CVE-2026-32198 7.8 - High - April 14, 2026

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Dangling pointer

Apr 2026: Microsoft Excel Remote Code Execution Vulnerability
CVE-2026-32197 7.8 - High - April 14, 2026

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Dangling pointer

Apr 2026: Microsoft Office Remote Code Execution Vulnerability
CVE-2026-32190 8.4 - High - April 14, 2026

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Dangling pointer

Apr 2026: Microsoft Excel Remote Code Execution Vulnerability
CVE-2026-32189 7.8 - High - April 14, 2026

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Dangling pointer

Apr 2026: Microsoft Excel Information Disclosure Vulnerability
CVE-2026-32188 7.1 - High - April 14, 2026

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

Out-of-bounds Read

Mar 2026: Microsoft Office Remote Code Execution Vulnerability
CVE-2026-26110 8.4 - High - March 10, 2026

Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

Object Type Confusion

Mar 2026: Microsoft Excel Remote Code Execution Vulnerability
CVE-2026-26108 7.8 - High - March 10, 2026

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Heap-based Buffer Overflow

Mar 2026: Microsoft Excel Remote Code Execution Vulnerability
CVE-2026-26109 8.4 - High - March 10, 2026

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Out-of-bounds Read

Mar 2026: Microsoft Excel Remote Code Execution Vulnerability
CVE-2026-26107 7.8 - High - March 10, 2026

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Dangling pointer

Mar 2026: Microsoft Excel Remote Code Execution Vulnerability
CVE-2026-26112 7.8 - High - March 10, 2026

Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Untrusted Pointer Dereference

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Microsoft Office 2019 or by Microsoft? Click the Watch button to subscribe.

Microsoft
Vendor

Microsoft Office 2019
Product

subscribe