CVE-2026-40364

CVSS Score & Metrics

Base Score

8.4 / 10

Vector String

                                        CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H                                    

Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Published Date

May 12, 2026

Last Modified

May 19, 2026

CWE ID

CWE-122

Source

NVD

Vendor

microsoft

Product

365_apps