CVE-2026-20957 — Vulnetix

CVE-2026-20957 PUBLISHED CVSS 7 HIGH

De multiples vulnérabilités ont été découvertes dans Microsoft Office. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un contournement de la politique de sécurité.

EPSS 0.16% · 36.8th percentile

Risk Scores

CVSS 3.1

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

EPSS Score

0.16%

36.8th percentile

Affected Products

Vendor	Product	Versions
Microsoft	Microsoft Office Deployment Tool	1.0
Microsoft	Office
microsoft	sharepoint_server_2019	16.0.0
microsoft	sharepoint_server_2016	16.0.0
Microsoft	Microsoft SharePoint Server Subscription Edition	16.0.0
Microsoft	Microsoft SharePoint Enterprise Server 2016	16.0.0
microsoft	sharepoint_server	16.0.0
Microsoft	Microsoft SharePoint Server 2019	16.0.0
microsoft	office	1.0
microsoft	office_2016	16.0.0
Microsoft	Microsoft Office 2016	16.0.0

Exploit Intelligence

https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1 (msrc)
CIRCL seen: CVE-2026-20943 (circl-sighting)
CIRCL seen: CVE-2026-20943 (circl-sighting)
CIRCL seen: CVE-2026-20943 (circl-sighting)
CIRCL seen: CVE-2026-20943 (circl-sighting)
Microsoft Office Click-To-Run Remote Code Execution Vulnerability (circl)

Timeline

Jan 13, 2026 CVE Published
Jan 13, 2026 PoC Published
Jan 13, 2026 PoC Published
Jan 14, 2026 EPSS Score
Jan 14, 2026 PoC Published
Jan 17, 2026 EPSS Score
Jan 20, 2026 EPSS Score
Jan 23, 2026 EPSS Score
Jan 26, 2026 EPSS Score
Jan 29, 2026 EPSS Score
Feb 1, 2026 EPSS Score
Feb 4, 2026 EPSS Score

References

Open in Interactive Console →