Cyber Resilience

CVE-2026-35436

HighUpdated

Published: 12 May 2026

Published
12 May 2026
Modified
01 June 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0022 12.4th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-35436 is a high-severity Insufficient Granularity of Access Control (CWE-1220) vulnerability in Microsoft Office Long Term Servicing Channel. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 12.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local privilege escalation via insufficient access control granularity directly maps to exploitation for privilege escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-40420Same product: Microsoft 365 Apps
CVE-2026-40418Same product: Microsoft 365 Apps
CVE-2025-54910Same product: Microsoft 365 Apps
CVE-2026-40419Same product: Microsoft 365 Apps
CVE-2026-20953Same product: Microsoft 365 Apps
CVE-2025-49696Same product: Microsoft 365 Apps
CVE-2026-26113Same product: Microsoft 365 Apps
CVE-2026-40358Same product: Microsoft 365 Apps
CVE-2026-33825Same vendor: Microsoft
CVE-2025-21392Same product: Microsoft 365 Apps

Affected Assets

microsoft
365 apps
all versions
microsoft
office
2019
microsoft
office long term servicing channel
2021, 2024

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-1220

Use of granular security and privacy attributes enables finer access control than coarse permission models alone.

addresses: CWE-1220

Documenting interface characteristics enables more granular control over internal access.

addresses: CWE-1220

Requires the architecture to describe granularity and placement of controls, preventing insufficiently fine-grained access decisions.

addresses: CWE-1220

Provides the necessary granularity by placing system management functions outside the reach of user-level access controls.

addresses: CWE-1220

Isolation supplies an explicit, enforceable granularity boundary between security and non-security functions that coarser access-control schemes lack.

References