VDB

CVE-2026-45456

CVE-2026-45456 PUBLISHED CVSS 8.4 HIGH

Reported by microsoft · Published June 9, 2026

Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

Risk Scores

CVSS 3.1
8.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Affected Products

VendorProductVersions
MicrosoftMicrosoft 365 Apps for Enterprise16.0.1
MicrosoftMicrosoft Office 201919.0.0
MicrosoftMicrosoft Office 365 for Mac1.0.0
MicrosoftMicrosoft Office LTSC 202116.0.1
MicrosoftMicrosoft Office LTSC 202416.0.0
MicrosoftMicrosoft Office LTSC for Mac 202116.0.1
MicrosoftMicrosoft Office LTSC for Mac 202416.0.0
MicrosoftMicrosoft SharePoint Enterprise Server 201616.0.0
MicrosoftMicrosoft SharePoint Server 201916.0.0
MicrosoftMicrosoft SharePoint Server Subscription Edition16.0.0
MicrosoftMicrosoft Word 201616.0.1
MicrosoftMicrosoft Word 201616.0.1, 16.0.1, 16.0.1
MicrosoftMicrosoft Office LTSC for Mac 2024-, 16.0.0, 16.0.0
MicrosoftMicrosoft Office LTSC for Mac 2021-, 16.0.1, 16.0.1
MicrosoftMicrosoft SharePoint Server Subscription Edition16.0.0, 16.0.0, 16.0.0
microsoft365_apps16.0.1, 16.0.1, 16.0.1
MicrosoftMicrosoft Office LTSC 202116.0.1, 16.0.1, 16.0.1
MicrosoftMicrosoft Office LTSC 202416.0.0, 16.0.0, 16.0.0
microsoftsharepoint_server16.0.0, 16.0.0, 16.0.0
microsoftoffice_202416.0.0, 16.0.0, 16.0.0

…and 13 more

Timeline

  • Jun 9, 2026 CVE Published
  • Jun 10, 2026 Coalition ESS Score
  • Jun 10, 2026 Security Advisory
  • Jun 10, 2026 Security Advisory
Open in Interactive Console →
$ Console Community · 100/wk Open console ›