CVE-2026-41101: Microsoft Word for Android Spoofing Vulnerability

Overview

Severity

High (CVSS 7.1)

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C

Category

Spoofing

Exploit Status

Not Exploited

Exploitation Likelihood

Unlikely

Patch Tuesday

2026-May

Released

2026-05-12

Description

Improper access control in Microsoft Office Word allows an authorized attacker to perform spoofing locally.

FAQ

Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector.

Affected Products (1)

Apps

• Microsoft Word for Android

Security Updates (1)

• Release Notes

Acknowledgments

<a href="https://twitter.com/yanir_">Yanir Tsarimi</a>

Revision History

• 2026-05-12: Information published.