High Severity Vulnerability
This vulnerability has been rated as High severity. Immediate action is recommended.
CVE-2026-20948
High
Low
Medium
High
Critical
7.8
CVSS Score
Vulnerability Description
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVSS Metrics
Common Vulnerability Scoring System
Vector String:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
L
Attack Complexity
L
Privileges Required
N
User Interaction
R
Scope
U
Confidentiality
H
Integrity
H
Availability
H
Known Affected Software
7 configuration(s) from 1 vendor(s)
office_long_term_servicing_channel
Version:
2024
CPE:
cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:-:x64:*
office_long_term_servicing_channel
Version:
2021
CPE:
cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x86:*
office
Version:
2019
CPE:
cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:x64:*
sharepoint_server
Version:
2016
CPE:
cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*
word
Version:
2016
CPE:
cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:x86:*
sharepoint_server
Version:
2019
CPE:
cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*
365_apps
Version:
-
CPE:
cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*
This vulnerability affects 7 software configuration(s). Ensure you patch all affected systems.
Severity Details
7.8
out of 10.0
High
Weakness Type (CWE)
CWE-822
Untrusted Pointer Dereference
- Description
- The product obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer.
- Typical Severity
- High
- Abstraction Level
- Base
Key Information
- Published Date
- January 13, 2026
