Cyber Resilience

CVE-2026-26134

HighUpdated

Published: 10 March 2026

Published
10 March 2026
Modified
22 May 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0005 15.1th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-26134 is a high-severity Integer Overflow or Wraparound (CWE-190) vulnerability in Microsoft 365 Copilot. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 15.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-6 (Least Privilege).

Deeper analysis

CVE-2026-26134 is an integer overflow or wraparound vulnerability (CWE-190) in Microsoft Office, also associated with CWE-416. Published on 2026-03-10T18:18:42.803, it carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). The flaw enables an authorized attacker to elevate privileges locally within affected Microsoft Office installations.

A local attacker with low privileges (PR:L) can exploit this vulnerability with low attack complexity and no user interaction required. Successful exploitation grants high-impact access to confidentiality, integrity, and availability, primarily through local privilege escalation on the targeted system.

Microsoft's Security Response Center provides an update guide for mitigation at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26134.

EU & UK References

Vulnerability details

Integer overflow or wraparound in Microsoft Office allows an authorized attacker to elevate privileges locally.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local integer overflow/use-after-free in Microsoft Office directly enables T1068 Exploitation for Privilege Escalation (AV:L, PR:L, no UI, high CIA impact).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-34333Same vendor: Microsoft
CVE-2026-34330Same vendor: Microsoft
CVE-2026-27924Same vendor: Microsoft
CVE-2026-20923Same vendor: Microsoft
CVE-2025-21372Same vendor: Microsoft
CVE-2026-25167Same vendor: Microsoft
CVE-2026-34338Same vendor: Microsoft
CVE-2026-33840Same vendor: Microsoft
CVE-2026-24307Same product: Microsoft 365 Copilot
CVE-2026-27916Same vendor: Microsoft

Affected Assets

microsoft
365 copilot
≤ 16.0.19822.20000

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mandates timely remediation of known flaws, such as applying Microsoft patches for the integer overflow vulnerability in Office to prevent local privilege escalation.

prevent

Provides memory protections like ASLR and DEP that mitigate exploitation of integer overflow and associated memory corruption issues in Microsoft Office.

prevent

Enforces least privilege for user accounts and processes, limiting the scope and impact of privilege escalation from low-privilege local attackers exploiting the vulnerability.

References