Cyber Resilience

CVE-2026-40367

HighUpdated

Published: 12 May 2026

Published
12 May 2026
Modified
01 June 2026
KEV Added
Patch
CVSS Score v3.1 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0045 36.2th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-40367 is a high-severity Untrusted Pointer Dereference (CWE-822) vulnerability in Microsoft Office Long Term Servicing Channel. Its CVSS base score is 8.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 36.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
Why these techniques?

Untrusted pointer dereference in Word enables client-side RCE via malicious document (T1203 Exploitation for Client Execution + T1204.002 Malicious File).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-20948Same product: Microsoft 365 Apps
CVE-2025-24083Same product: Microsoft 365 Apps
CVE-2026-20955Same product: Microsoft 365 Apps
CVE-2026-26113Same product: Microsoft 365 Apps
CVE-2026-26112Same product: Microsoft 365 Apps
CVE-2025-21381Same product: Microsoft 365 Apps
CVE-2025-21363Same product: Microsoft 365 Apps
CVE-2026-20956Same product: Microsoft 365 Apps
CVE-2025-24079Same product: Microsoft 365 Apps
CVE-2026-40364Same product: Microsoft 365 Apps

Affected Assets

microsoft
365 apps
all versions
microsoft
office
2019
microsoft
office long term servicing channel
2021, 2024
microsoft
sharepoint server
2016, 2019 · ≤ 16.0.19725.20280
microsoft
word
2016

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References