CVE-2026-20943 — Vulnetix

Try Vulnetix Request Demo

CVE-2026-20943 PUBLISHED

Multiple Microsoft Office products contain the following vulnerability.<ul><li>Untrusted search path (CWE-426, - CVE-2026-20943</li></ul>Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

EPSS 0.05% · 14.5th percentile

Risk Scores

EPSS Score

0.05%

14.5th percentile

Affected Products

Vendor	Product	Versions
Microsoft Corporation	Microsoft Office
Microsoft Corporation	Office Deployment Tool
Microsoft Corporation	Microsoft SharePoint Server
Microsoft Corporation	Microsoft SharePoint Enterprise Server

Timeline

Jan 13, 2026 CVE Published
Jan 14, 2026 EPSS Score
Jan 16, 2026 EPSS Score
Jan 19, 2026 EPSS Score
Jan 21, 2026 EPSS Score
Jan 24, 2026 EPSS Score
Jan 26, 2026 EPSS Score
Jan 28, 2026 EPSS Score
Jan 31, 2026 EPSS Score
Feb 2, 2026 EPSS Score
Feb 5, 2026 EPSS Score
Feb 7, 2026 EPSS Score

References

https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000013.html advisory

Open in Interactive Console →