CVE-2026-42831EXPLOITEDPATCHED

Microsoft · Microsoft Office for Android

Microsoft Office Remote Code Execution Vulnerability

Description

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

Affected Products

Vendor	Product	Versions
Microsoft	Microsoft Office for Android	16.0.1, 16.0.1, 16.0.0, 16.108.26041219

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
microsoft	microsoft office ltsc for mac	mitre_affected	90%

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42831(vendor-advisory, patch)

Related News (5 articles)

Tier C

Cisco Talos3h ago

Microsoft Patch Tuesday for May 2026 — Snort rules and prominent vulnerabilities

→ No new info (linked only)

Tier C

Qualys Blog3h ago

Microsoft and Adobe Patch Tuesday, May 2026 Security Update Review

→ No new info (linked only)

Tier C

VulDB5h ago

CVE-2026-42831 | Microsoft Office up to 16.108.26041219 heap-based overflow

→ No new info (linked only)

Tier D

BleepingComputer5h ago

Microsoft May 2026 Patch Tuesday fixes 120 flaws, no zero-days

→ No new info (linked only)

Tier A

Microsoft MSRC9h ago

CVE-2026-42831 Microsoft Office Remote Code Execution Vulnerability

→ No new info (linked only)

CVSS 3.17.8 CRITICAL

VectorCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

16.0.19822.2019016.109.26051019

CWECWE-122

PublishedMay 12, 2026

Last enriched4h agov4

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-41103EXP

Microsoft SSO Plugin for Jira & Confluence Elevation of Privilege Vulnerability

Trending: 79

CRITICALCVE-2026-33844EXP

Azure Managed Instance for Apache Cassandra Remote Code Execution Vulnerability

Trending: 76

HIGHCVE-2026-26129EXP

M365 Copilot Information Disclosure Vulnerability

Trending: 75

CRITICALCVE-2026-33109EXP

Azure Managed Instance for Apache Cassandra Remote Code Execution Vulnerability

Trending: 73

CRITICALCVE-2026-42898EXP

Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability

Trending: 73

Pin to Dashboard

Verification

State: verified

Confidence: 0%

Vulnerability Timeline

CVE Published

May 12, 2026

Discovered by ZDM

May 12, 2026

Updated: description, exploitAvailable, activelyExploited

May 12, 2026

Actively Exploited

May 12, 2026

Exploit Available

May 12, 2026

Patch Available

May 12, 2026

Updated: tags

May 12, 2026

Updated: affectedVersions, severity

May 12, 2026

Version History

Last enriched 4h ago

v4Tier C4h ago

Updated severity to CRITICAL, added new affected version 16.108.26041219, and noted that no exploit is available.

affectedVersionsseverity

via VulDB

v3Tier D5h ago

Updated severity to CRITICAL, set patchAvailable to null, and added new tag 'Remote Code Execution'.