CVE-2026-45458EXPLOITEDPATCHED

microsoft · microsoft 365 apps for enterpri

Microsoft Outlook and Word Remote Code Execution Vulnerability

Description

Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

Affected Products

Vendor	Product	Versions
microsoft	microsoft 365 apps for enterpri	16.0.1, 19.0.0, -, 16.0.1, 16.0.0, -, -, 16.0.0, 16.0.0, 16.0.0, 16.0.1

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45458(vendor-advisory, patch)

Related News (3 articles)

Tier C

Qualys Blog1h ago

Microsoft and Adobe Patch Tuesday, June 2026 Security Update Review

→ No new info (linked only)

Tier C

VulDB4h ago

CVE-2026-45458 | Microsoft Outlook/Word prior 16.0.10417.20137 use after free

→ No new info (linked only)

Tier A

Microsoft MSRC8h ago

CVE-2026-45458 Microsoft Outlook and Word Remote Code Execution Vulnerability

→ No new info (linked only)

CVSS 3.18.4 HIGH

VectorCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

https://aka.ms/OfficeSecurityReleases16.0.5556.100516.0.10417.2015316.0.19725.2038416.0.5556.1000

CWECWE-416

PublishedJun 9, 2026

Last enriched4h agov2

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-41091EXPKEV

Microsoft Defender Elevation of Privilege Vulnerability

Trending: 158

HIGHCVE-2026-33825EXPKEV

Microsoft Defender Elevation of Privilege Vulnerability

Trending: 158

MEDIUMCVE-2026-45498EXPKEV

Microsoft Defender Denial of Service Vulnerability

Trending: 144

CRITICALCVE-2026-41089EXPKEV

Windows Netlogon Remote Code Execution Vulnerability

Trending: 106

MEDIUMCVE-2026-45585EXP

Windows BitLocker Security Feature Bypass Vulnerability

Trending: 96

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Jun 9, 2026

Discovered by ZDM

Jun 9, 2026

Updated: description, severity, activelyExploited, tags

Jun 9, 2026

Actively Exploited

Jun 9, 2026

Patch Available

Jun 9, 2026

Version History

Last enriched 4h ago

v2Tier C4h ago

Updated description with new technical details, changed severity to CRITICAL, and added CVE-2026-45458 as a new tag.

descriptionseverityactivelyExploitedtags

via VulDB

v15h ago

Initial creation