CVE-2026-45463
Published: 09 June 2026
Summary
CVE-2026-45463 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Microsoft Office 2021. Its CVSS base score is 8.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 25.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-35543
Vulnerability details
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Heap buffer overflow in Office directly enables arbitrary code execution via malicious document, mapping to T1203 Exploitation for Client Execution.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.