CVE-2026-40421

Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally.

medium 4.3 CVSS 3.1

Published: May 12, 2026

Modified: Jun 1, 2026

Product: 365 Apps

Versions: 2019,2024,2021,2016

Description

Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally.

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N