cve-2026-44821

CVE-2026-44821 is a Microsoft Office information disclosure vulnerability rated Important, disclosed on June 9, 2026. It stems from an out-of-bounds read that can expose small portions of heap memory when a user opens a malicious Office file. The flaw is not publicly disclosed or known to be exploited, and Microsoft assesses exploitation as less likely. However, the CVSS vector indicates a sharper risk than the headline score suggests. This is not a wormable vulnerability but a document-borne memory leak that defenders should not underestimate, as it could become part of a longer attack chain. The tag covers discussions on patching, Mac delays, and securing SharePoint against this issue.