Skip to main content
Live Webinar with SANS (June 25)— Agentic CTI Automation for Fun & ProfitRegister Free
Mallory
Back to vulnerabilities
High

Type Confusion RCE in Microsoft Office

IdentifiersCVE-2026-26110CWE-843· Access of Resource Using…

CVE-2026-26110 is a critical Microsoft Office vulnerability caused by access of a resource using an incompatible type (type confusion). Microsoft and multiple supporting reports describe the flaw as enabling code execution locally, with the issue affecting Microsoft Office across Windows, macOS, and Android, including Office 2016, Office 2019, Microsoft 365 Apps for Enterprise, Office LTSC 2021/2024, and Office for Android. The vulnerability is associated with CVSS v3.1 vector AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H and a base score of 8.4. Available reporting indicates the flaw can be triggered by a malicious Office document and that the Windows File Explorer or Office/Outlook Preview Pane is a viable attack vector, meaning code execution may occur when the victim merely previews the malicious content rather than fully opening it. The underlying memory-safety issue can result in improper type handling and unintended memory access, leading to arbitrary code execution in the context of the affected application.

Share:
For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial
ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation can result in arbitrary code execution on the victim system in the security context of the affected Office application and user. Given the high confidentiality, integrity, and availability impacts reflected in the CVSS vector, an attacker could use the flaw to run malicious payloads, compromise the endpoint, steal data, deploy follow-on malware, or establish an initial foothold for lateral movement. Reporting also notes that Preview Pane-triggered exploitation materially increases operational risk because a malicious document may execute code with minimal victim action.

Mitigation

If you can’t patch tonight, do this now.

If immediate patching is not possible, disable the Windows File Explorer/Office Preview Pane to reduce exposure to preview-triggered exploitation. Additionally, restrict or block Office documents from untrusted sources until updates are deployed. These are temporary risk-reduction measures only and do not replace vendor patching.

Remediation

Patch, then assume compromise.

Apply Microsoft's March 10, 2026 security updates for all affected Microsoft Office products. Remediation is available through the normal Microsoft update channels, including Click-to-Run updates for supported Windows Office and Microsoft 365 Apps for Enterprise editions, release-note-based updates for supported Mac editions, update package 5002838 for affected Office 2016 installations, and Google Play updates for Office on Android. Organizations should ensure all affected Office versions on Windows, macOS, and Android are brought to the patched build levels referenced by Microsoft.
PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType
Microsoft Corporation365 Appsapplication
Microsoft Corporation365 Copilotapplication
Microsoft CorporationOfficeapplication
Microsoft CorporationOffice 2016application
Microsoft CorporationOffice 2019application
Microsoft CorporationOffice 2021application
Microsoft CorporationOffice 2024application
Microsoft CorporationOffice Long Term Servicing Channelapplication
Microsoft CorporationOffice Macos 2021application
Microsoft CorporationOffice Macos 2024application

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

29 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

29 SOURCESView more in app
cyber security newsNews
Mar 12, 2026
Critical Microsoft Office Vulnerability Enables Remote Code Execution Attacks

A Microsoft Office type-confusion vulnerability that can lead to code execution (described as RCE/ACE), including via Windows Explorer Preview Pane rendering of a malicious document.

Read more
bank info securityNews
Mar 12, 2026
Breach Roundup: Russian State Actors Target Signal, WhatsApp

A critical remote code execution vulnerability in Microsoft Office that can be triggered by viewing a malicious message in the Preview Pane.

Read more
govinfosecurityNews
Mar 12, 2026
Breach Roundup: Russian State Actors Target Signal, WhatsApp

A critical remote code execution vulnerability in Microsoft Office that can be triggered by viewing a malicious message in the Preview Pane.

Read more
techrepublic com securityNews
Mar 11, 2026
Patch Alert: Microsoft Fixes Nearly 80 Bugs, Including Critical Office Flaws

Microsoft Office remote code execution triggered by viewing a malicious document in the Preview Pane (memory handling issue).

Read more
+14 more in the timeline
What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.
Start free trial
Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity10

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES
MITRE CVE
cve.org · CVE-2026-26110
NVD
nvd.nist.gov/vuln/detail/CVE-2026-26110
MITRE CWE · CWE-843
Access of Resource Using Incompatible Type…
Vendor Advisory
msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26110