CVE-2026-20944:

Out-of-bounds read vulnerability in Microsoft Office Word enables local code execution.

Score
A numerical rating that indicates how dangerous this vulnerability is.

8.4High

Published Date:Jan 13, 2026
CISA KEV Date:*No Data*
Industries Affected:20

Threat Predictions

EPSS Score:0.0
EPSS Percentile:8%

Exploitability

Score:2.5
Attack Vector:LOCAL
Attack Complexity:LOW
Privileges Required:NONE
User Interaction:NONE
Scope:UNCHANGED

Impact

Score:5.9
Confidentiality Impact:HIGH
Integrity Impact:HIGH
Availability Impact:HIGH

Description Preview

Out-of-bounds read vulnerability in Microsoft Office Word enables local code execution.

Overview

The vulnerability (CVE-2026-20944) in Microsoft Office Word is classified as an out-of-bounds read issue, corresponding to CWE-125. It has a CVSS v3.1 base score of 8.4, indicating high severity. The attack vector is local, with low attack complexity and no privileges required. The vulnerability can lead to high impacts on confidentiality, integrity, and availability. Exploitation of this vulnerability could allow an attacker to execute arbitrary code on the target system, potentially leading to full system compromise.

Remediation

While specific remediation details are not provided in the CVE information, general best practices for addressing such vulnerabilities include:
1. Apply the latest security updates from Microsoft as soon as they become available.
2. Implement the principle of least privilege to limit potential damage from exploits.
3. Use application whitelisting to prevent unauthorized code execution.
4. Employ endpoint detection and response (EDR) solutions to detect and prevent exploitation attempts.
5. Regularly backup important data to mitigate potential data loss from successful attacks.
Users and administrators should monitor Microsoft's official channels for specific patch information and apply updates promptly when released.