Mar 2026: Microsoft Office Remote Code Execution Vulnerability
CVE-2026-26110 Published on March 10, 2026
Microsoft Office Remote Code Execution Vulnerability
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
Weakness Type
What is an Object Type Confusion Vulnerability?
The program allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.
CVE-2026-26110 has been classified to as an Object Type Confusion vulnerability or weakness.
Products Associated with CVE-2026-26110
Want to know whenever a new CVE is published for Microsoft products? stack.watch will email you.
Affected Versions
Microsoft 365 Apps for Enterprise:- Version 16.0.1 and below https://aka.ms/OfficeSecurityReleases is affected.
- Version 16.0.0 and below 16.0.5543.1000 is affected.
- Version 19.0.0 and below https://aka.ms/OfficeSecurityReleases is affected.
- Version 16.0.1 and below 16.0.19822.20000 is affected.
- Version 16.0.1 and below https://aka.ms/OfficeSecurityReleases is affected.
- Version 16.0.0 and below https://aka.ms/OfficeSecurityReleases is affected.
- Version 16.0.1 and below 16.107.26030819 is affected.
- Version 16.0.0 and below 16.107.26030819 is affected.