M365 Change Tracker

← All changes · security · CVE-2026-40367

CVE-2026-40367CriticalMonitor

Microsoft Word Remote Code Execution Vulnerability

Severity Critical  ·  Urgency Monitor

Why it matters: Critical severity (CVSS 8.4)

Remote Code Execution · Critical · CVSS 8.4. Affects: SharePoint Server, Microsoft Office, Microsoft 365 Apps, Microsoft Office LTSC for Mac, Microsoft Office LTSC, Microsoft Word.

CVSS 8.4EPSS 0.5%Update published 2026-06-23Source updated 2026-06-23KB5002868NVD

Affected: SharePoint Server, Microsoft Office, Microsoft 365 Apps, Microsoft Office LTSC for Mac, Microsoft Office LTSC, Microsoft Word

Change history

2026-06-23 · First seen

View at Microsoft →