CVE-2026-42832: Microsoft Office Spoofing Vulnerability

Overview

Severity

High (CVSS 7.7)

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C

Category

Spoofing

Exploit Status

Not Exploited

Exploitation Likelihood

Unlikely

Patch Tuesday

2026-May

Released

2026-05-12

Description

Improper access control in Microsoft Office allows an unauthorized attacker to perform spoofing locally.

FAQ

Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector.

Affected Products (4)

Apps

• Microsoft Word for Android

Microsoft Office

• Microsoft Excel for Android
• Microsoft Office LTSC for Mac 2021
• Microsoft Office LTSC for Mac 2024

Security Updates (3)

• Release Notes
• Release Notes
• Release Notes

Acknowledgments

<a href="https://twitter.com/yanir_">Yanir Tsarimi</a>

Revision History

• 2026-05-12: Information published.