May 2026: Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
CVE-2026-40418 Published on May 12, 2026

Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.

Vendor Advisory NVD

Weakness Type

What is a Dangling pointer Vulnerability?

Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

CVE-2026-40418 has been classified to as a Dangling pointer vulnerability or weakness.

Products Associated with CVE-2026-40418

Want to know whenever a new CVE is published for Microsoft products? stack.watch will email you.

Microsoft Office 2019

Microsoft 365 Apps

Microsoft Office 2021

Microsoft Office 2024

Affected Versions

Microsoft 365 Apps for Enterprise:

Version 16.0.1 and below https://aka.ms/OfficeSecurityReleases is affected.

Microsoft Office 2019:

Version 19.0.0 and below https://aka.ms/OfficeSecurityReleases is affected.

Microsoft Office LTSC 2021:

Version 16.0.1 and below https://aka.ms/OfficeSecurityReleases is affected.

Microsoft Office LTSC 2024:

Version 16.0.0 and below https://aka.ms/OfficeSecurityReleases is affected.

May 2026: Microsoft Office Click-To-Run Elevation of Privilege VulnerabilityCVE-2026-40418 Published on May 12, 2026

Weakness Type

What is a Dangling pointer Vulnerability?

Products Associated with CVE-2026-40418

Affected Versions

May 2026: Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
CVE-2026-40418 Published on May 12, 2026