Mar 2026: Microsoft Office Remote Code Execution Vulnerability
CVE-2026-26113 Published on March 10, 2026
Microsoft Office Remote Code Execution Vulnerability
Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally.
Weakness Type
Untrusted Pointer Dereference
The program obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer.
Products Associated with CVE-2026-26113
Want to know whenever a new CVE is published for Microsoft products? stack.watch will email you.
Affected Versions
Microsoft 365 Apps for Enterprise:- Version 16.0.1 and below https://aka.ms/OfficeSecurityReleases is affected.
- Version 16.0.0 and below 16.0.5543.1000 is affected.
- Version 19.0.0 and below https://aka.ms/OfficeSecurityReleases is affected.
- Version 16.0.1 and below https://aka.ms/OfficeSecurityReleases is affected.
- Version 16.0.0 and below https://aka.ms/OfficeSecurityReleases is affected.
- Version 16.0.1 and below 16.107.26030819 is affected.
- Version 16.0.0 and below 16.107.26030819 is affected.
- Version 16.0.0 and below 16.0.5543.1000 is affected.
- Version 16.0.0 and below 16.0.10417.20102 is affected.
- Version 16.0.0 and below 16.0.19725.20076 is affected.