CVE-2026-40364
High
Published: 12 May 2026
Published
12 May 2026
Modified
12 May 2026
KEV Added
—
Patch
—
CVSS Score
8.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
N/A
Risk Priority
17
60% EPSS · 20% KEV · 20% CVSS
Summary
CVE-2026-40364 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability. Its CVSS base score is 8.4 (High).
Operationally, it is not currently listed in the CISA KEV catalog.
NVD Description
Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Deeper analysisAI
Automated synthesis unavailable for this CVE.
Details
- CWE(s)