VDB

CVE-2026-20943

CVE-2026-20943 PUBLISHED

Multiple Microsoft Office products contain the following vulnerability.<ul><li>Untrusted search path (CWE-426, - CVE-2026-20943</li></ul>Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

EPSS 0.09% · 26.4th percentile

Risk Scores

EPSS Score
0.09%
26.4th percentile

Affected Products

VendorProductVersions
Microsoft CorporationMicrosoft Office
Microsoft CorporationOffice Deployment Tool
Microsoft CorporationMicrosoft SharePoint Server
Microsoft CorporationMicrosoft SharePoint Enterprise Server

Timeline

  • Jan 13, 2026 CVE Published
  • Jan 14, 2026 EPSS Score
  • Jan 17, 2026 EPSS Score
  • Jan 20, 2026 EPSS Score
  • Jan 20, 2026 CVE Updated
  • Jan 23, 2026 EPSS Score
  • Jan 26, 2026 EPSS Score
  • Jan 29, 2026 EPSS Score
  • Feb 1, 2026 EPSS Score
  • Feb 4, 2026 EPSS Score
  • Feb 7, 2026 EPSS Score
  • Feb 10, 2026 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›