You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve 2026 40419
About this tag
CVE-2026-40419 is an Important-rated Microsoft Office Click-To-Run elevation-of-privilege vulnerability disclosed on May 12, 2026. It stems from a use-after-free flaw that can allow a locally authorized attacker to gain SYSTEM privileges after successful exploitation. Microsoft states the Preview Pane is not an attack vector and the vulnerability is not a remote drive-by Office document threat. However, local privilege escalation is often the second stage of a breach, and Office Click-To-Run is widely deployed, making this bug worth treating with discipline. The tag covers discussion of the vulnerability details, impact, and mitigation strategies for Windows enterprise environments.
Microsoft disclosed CVE-2026-40419 on May 12, 2026, as an Important-rated Microsoft Office Click-To-Run elevation-of-privilege vulnerability that stems from a use-after-free flaw and can allow a locally authorized attacker to gain SYSTEM privileges after applying a successful exploit. The...