CVE-2026-20946 — Vulnetix

Try Vulnetix Request Demo

CVE-2026-20946 PUBLISHED CVSS 8.399999618530273 HIGH

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

EPSS 0.03% · 7.9th percentile

Risk Scores

CVSS v3.1

8.399999618530273

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

EPSS Score

0.03%

7.9th percentile

Affected Products

Vendor	Product	Versions
microsoft	office_2021	16.0.1
microsoft	office_macos_2021	16.0.1
Microsoft	Microsoft 365 Apps for Enterprise	16.0.1
Microsoft	Microsoft Office LTSC for Mac 2021	16.0.1
microsoft	office_2016	16.0.0
Microsoft	Microsoft Office LTSC 2024	16.0.0
Microsoft	Microsoft Office 2019	19.0.0
microsoft	365_apps	16.0.1
Microsoft	Microsoft Office LTSC 2021	16.0.1
microsoft	office_macos_2024	16.0.0
Microsoft	Microsoft Office 2016	16.0.0
microsoft	office_2024	16.0.0
microsoft	office_2019	19.0.0
Microsoft	Microsoft Office LTSC for Mac 2024	16.0.0

Timeline

Dec 4, 2025 CVE ID Reserved
Jan 13, 2026 CVE Published
Jan 13, 2026 PoC Published
Jan 13, 2026 PoC Published
Jan 13, 2026 PoC Published
Jan 13, 2026 PoC Published
Jan 14, 2026 EPSS Score
Jan 16, 2026 EPSS Score
Jan 19, 2026 EPSS Score
Jan 21, 2026 EPSS Score
Jan 24, 2026 EPSS Score
Jan 26, 2026 EPSS Score

References

Open in Interactive Console →