CVE Catalog

CVE-2026-45460

MediumCVSS 4.7
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.36%

28th percentile - higher than 28% of all known CVEs

Summary

A buffer over-read vulnerability in Microsoft Office allows an unauthorized attacker to disclose information locally. The issue occurs when reading data beyond the allowed memory region.

Risk Assessment

An attacker with local access to the system may read sensitive data stored in the Office process memory, leading to information disclosure.

Recommendation

Apply the security update released by Microsoft for Office immediately. Also restrict local access to systems running the vulnerable component.

Original NVD description (English source)

Buffer over-read in Microsoft Office allows an unauthorized attacker to disclose information locally.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS