CVE-2026-20957 — Vulnetix

Try Vulnetix Request Demo

CVE-2026-20957 PUBLISHED CVSS 7 HIGH

De multiples vulnérabilités ont été découvertes dans Microsoft Office. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un contournement de la politique de sécurité.

EPSS 0.09% · 25.7th percentile

Risk Scores

CVSS v3.1

7

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

EPSS Score

0.09%

25.7th percentile

Affected Products

Vendor	Product	Versions
Microsoft	Microsoft Office Deployment Tool	1.0
Microsoft	Office
microsoft	sharepoint_server_2019	16.0.0
microsoft	sharepoint_server_2016	16.0.0
Microsoft	Microsoft SharePoint Server Subscription Edition	16.0.0
Microsoft	Microsoft SharePoint Enterprise Server 2016	16.0.0
microsoft	sharepoint_server	16.0.0
Microsoft	Microsoft SharePoint Server 2019	16.0.0
microsoft	office	1.0
microsoft	office_2016	16.0.0
Microsoft	Microsoft Office 2016	16.0.0

Timeline

Dec 4, 2025 CVE ID Reserved
Jan 13, 2026 CVE Published
Jan 13, 2026 PoC Published
Jan 13, 2026 PoC Published
Jan 14, 2026 EPSS Score
Jan 14, 2026 PoC Published
Jan 16, 2026 EPSS Score
Jan 19, 2026 EPSS Score
Jan 21, 2026 EPSS Score
Jan 24, 2026 EPSS Score
Jan 26, 2026 EPSS Score
Jan 28, 2026 EPSS Score

References

Open in Interactive Console →