CVE-2026-55018
Microsoft Office Remote Code Execution Vulnerability
Description
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
In plain language
AI Act nowThis is a Microsoft Office bug that could let someone run malicious code on your computer if you open a specially made Office file; if you handle emails or downloads, you should update promptly.
A use-after-free in Microsoft Office can lead to local arbitrary code execution when a user opens a crafted malicious Office document; it requires no login, but does require user interaction (opening the file).
What to do now
- Check which Microsoft Office product and version your devices run (Windows: Microsoft 365 Apps/Microsoft Office; macOS: Microsoft Office 365 for Mac, Microsoft Office LTSC for Mac 2021, Microsoft Office LTSC for Mac 2024).
- If you have Microsoft Office (Windows), update to version 16.0.5561.1000 or later.
- If you have Microsoft 365 Apps (Windows), update using Microsoft’s Office security releases guidance at https://aka.ms/OfficeSecurityReleases until your build is on the fixed line.
- If you use Microsoft Office 365 for Mac or either LTSC for Mac (2021/2024), update all affected Macs to 16.111.26071215.
- After updating, be extra cautious with email attachments and downloaded Office documents until users confirm they’re on the fixed versions.
CVSS Vector Breakdown
AV:LAttack VectorAC:LAttack ComplexityPR:NPrivileges RequiredUI:RUser InteractionS:UScopeC:HConfidentialityI:HIntegrityA:HAvailabilityWeaknesses
Affected Products
Exploitability
Attack Graph
Click technique nodes for MITRE ATT&CK details · drag to pan · Ctrl/⌘ + scroll to zoom, or go fullscreen.
MITRE ATT&CK
2 techniquesReferences
- Microsoft and Adobe Patch Tuesday, July 2026 Security Update Reviewen-us·Qualys Security Blog·
- Microsoft Patch Tuesday for July 2026 — Snort rules and prominent vulnerabilitiesen·Cisco Talos·
- Microsoft Patch Tuesday July 2026 - The AI Acopolypse is Hereen·SANS Internet Storm Center·
- Microsoft July 2026 Patch Tuesday fixes massive 570 flaws, 3 zero-daysen-us·BleepingComputer·
Unlock Complete Vulnerability Intelligence
Get the full picture for CVE-2026-55018 and every CVE in our database. Create a free account — no credit card required.
Create Free Account