Back to search

Microsoft

Microsoft 365 Apps for Windows (Office 365)

See the latest tracked release, confirm when it was published, and subscribe for update emails.

Monthly Enterprise Channel Current train Current Channel Switch to this train Semi-Annual Enterprise Channel Switch to this train
Current version
Last checked: yesterday

2603 (19822.20180)

Release date
April 14, 2026
CVE status
25 visible CVEs

Source

Vendor Release Information

Public release notes are linked for the latest stored release.

View release notes Subscribe to updates

Release history

See the latest published releases stored for this product.

Version Published Notes
2603 (19822.20180) 2026-04-14 Release Notes
2602 (19725.20170) 2026-03-10 Release Notes

Vulnerability tracking

Review curated CVEs for this product and see whether the current version is marked affected. Only CVEs with a CVSS score of 7.0 or higher and published in the last 90 days are shown.

CVE Severity Published Status Summary
CVE-2026-33115 HIGH (8.4) 2026-04-14 Current versionunclear

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Affected versions
  • From (including) 16.0.1 - Up to (excluding) https://aka.ms/OfficeSecurityReleases
  • From (including) 16.0.0 - Up to (excluding) https://aka.ms/OfficeSecurityReleases
Show 2 more
  • From (including) 16.0.1 - Up to (excluding) 16.108.26041219
  • From (including) 16.0.0 - Up to (excluding) 16.108.26041219
CVE-2026-33114 HIGH (8.4) 2026-04-14 Current versionunclear

Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Affected versions
  • From (including) 16.0.1 - Up to (excluding) https://aka.ms/OfficeSecurityReleases
  • From (including) 16.0.0 - Up to (excluding) https://aka.ms/OfficeSecurityReleases
Show 2 more
  • From (including) 16.0.1 - Up to (excluding) 16.108.26041219
  • From (including) 16.0.0 - Up to (excluding) 16.108.26041219
CVE-2026-33095 HIGH (7.8) 2026-04-14 Current versionunclear

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Affected versions
  • From (including) 16.0.1 - Up to (excluding) https://aka.ms/OfficeSecurityReleases
  • From (including) 16.0.0 - Up to (excluding) https://aka.ms/OfficeSecurityReleases
Show 2 more
  • From (including) 16.0.1 - Up to (excluding) 16.108.26041219
  • From (including) 16.0.0 - Up to (excluding) 16.108.26041219
CVE-2026-32200 HIGH (7.8) 2026-04-14 Current versionunclear

Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.

Affected versions
  • From (including) 16.0.1 - Up to (excluding) https://aka.ms/OfficeSecurityReleases
  • From (including) 19.0.0 - Up to (excluding) https://aka.ms/OfficeSecurityReleases
Show 1 more
  • From (including) 16.0.0 - Up to (excluding) https://aka.ms/OfficeSecurityReleases
CVE-2026-32199 HIGH (7.8) 2026-04-14 Current versionunclear

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Affected versions
  • From (including) 16.0.1 - Up to (excluding) https://aka.ms/OfficeSecurityReleases
  • From (including) 19.0.0 - Up to (excluding) https://aka.ms/OfficeSecurityReleases
Show 4 more
  • From (including) 16.0.0 - Up to (excluding) https://aka.ms/OfficeSecurityReleases
  • From (including) 16.0.1 - Up to (excluding) 16.108.26041219
  • From (including) 16.0.0 - Up to (excluding) 16.108.26041219
  • From (including) 16.0.0.0 - Up to (excluding) 16.0.10417.20113
CVE-2026-32198 HIGH (7.8) 2026-04-14 Current versionunclear

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Affected versions
  • From (including) 16.0.1 - Up to (excluding) https://aka.ms/OfficeSecurityReleases
  • From (including) 19.0.0 - Up to (excluding) https://aka.ms/OfficeSecurityReleases
Show 4 more
  • From (including) 16.0.0 - Up to (excluding) https://aka.ms/OfficeSecurityReleases
  • From (including) 16.0.1 - Up to (excluding) 16.108.26041219
  • From (including) 16.0.0 - Up to (excluding) 16.108.26041219
  • From (including) 16.0.0.0 - Up to (excluding) 16.0.10417.20113
CVE-2026-32197 HIGH (7.8) 2026-04-14 Current versionunclear

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Affected versions
  • From (including) 16.0.1 - Up to (excluding) https://aka.ms/OfficeSecurityReleases
  • From (including) 19.0.0 - Up to (excluding) https://aka.ms/OfficeSecurityReleases
Show 4 more
  • From (including) 16.0.0 - Up to (excluding) https://aka.ms/OfficeSecurityReleases
  • From (including) 16.0.1 - Up to (excluding) 16.108.26041219
  • From (including) 16.0.0 - Up to (excluding) 16.108.26041219
  • From (including) 16.0.0.0 - Up to (excluding) 16.0.10417.20113
CVE-2026-32190 HIGH (8.4) 2026-04-14 Current versionunclear

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Affected versions
  • From (including) 16.0.1 - Up to (excluding) https://aka.ms/OfficeSecurityReleases
  • From (including) 16.0.0 - Up to (excluding) 16.0.5548.1000
Show 4 more
  • From (including) 19.0.0 - Up to (excluding) https://aka.ms/OfficeSecurityReleases
  • From (including) 16.0.0 - Up to (excluding) https://aka.ms/OfficeSecurityReleases
  • From (including) 16.0.1 - Up to (excluding) 16.108.26041219
  • From (including) 16.0.0 - Up to (excluding) 16.108.26041219
CVE-2026-32189 HIGH (7.8) 2026-04-14 Current versionunclear

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Affected versions
  • From (including) 16.0.1 - Up to (excluding) https://aka.ms/OfficeSecurityReleases
  • From (including) 19.0.0 - Up to (excluding) https://aka.ms/OfficeSecurityReleases
Show 4 more
  • From (including) 16.0.0 - Up to (excluding) https://aka.ms/OfficeSecurityReleases
  • From (including) 16.0.1 - Up to (excluding) 16.108.26041219
  • From (including) 16.0.0 - Up to (excluding) 16.108.26041219
  • From (including) 16.0.0.0 - Up to (excluding) 16.0.10417.20113
CVE-2026-32188 HIGH (7.1) 2026-04-14 Current versionunclear

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

Affected versions
  • From (including) 16.0.1 - Up to (excluding) https://aka.ms/OfficeSecurityReleases
  • From (including) 19.0.0 - Up to (excluding) https://aka.ms/OfficeSecurityReleases
Show 4 more
  • From (including) 16.0.0 - Up to (excluding) https://aka.ms/OfficeSecurityReleases
  • From (including) 16.0.1 - Up to (excluding) 16.108.26041219
  • From (including) 16.0.0 - Up to (excluding) 16.108.26041219
  • From (including) 16.0.0.0 - Up to (excluding) 16.0.10417.20113
CVE-2026-23657 HIGH (7.8) 2026-04-14 Current versionunclear

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Affected versions
  • From (including) 16.0.1 - Up to (excluding) https://aka.ms/OfficeSecurityReleases
  • From (including) 16.0.0 - Up to (excluding) https://aka.ms/OfficeSecurityReleases
CVE-2026-26144 HIGH (7.5) 2026-03-10 Current versionunclear Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.
CVE-2026-26134 HIGH (7.8) 2026-03-10 Current versionunclear

Integer overflow or wraparound in Microsoft Office allows an authorized attacker to elevate privileges locally.

Affected versions
  • Up to (excluding) 16.0.19822.20000
CVE-2026-26113 HIGH (8.4) 2026-03-10 Current versionunclear

Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally.

Affected versions
  • 2016
  • 2019
CVE-2026-26112 HIGH (7.8) 2026-03-10 Current versionunclear

Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Affected versions
  • 2019
CVE-2026-26110 HIGH (8.4) 2026-03-10 Current versionunclear

Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

Affected versions
  • Up to (excluding) 16.0.19822.20000
CVE-2026-26109 HIGH (8.4) 2026-03-10 Current versionunclear

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Affected versions
  • 2019
CVE-2026-26108 HIGH (7.8) 2026-03-10 Current versionunclear

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Affected versions
  • 2019
CVE-2026-26107 HIGH (7.8) 2026-03-10 Current versionunclear

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Affected versions
  • 2019
CVE-2026-24285 HIGH (7.0) 2026-03-10 Current versionunclear

Use after free in Windows Win32K allows an authorized attacker to elevate privileges locally.

Affected versions
  • Up to (excluding) 16.0.19822.20000
CVE-2026-21514 HIGH (7.8) 2026-02-10 Current versionunclear Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally.
CVE-2026-21511 HIGH (7.5) 2026-02-10 Current versionunclear

Deserialization of untrusted data in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network.

Affected versions
  • 2019
CVE-2026-21260 HIGH (7.5) 2026-02-10 Current versionunclear

Exposure of sensitive information to an unauthorized actor in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network.

Affected versions
  • 2019
CVE-2026-21259 HIGH (7.8) 2026-02-10 Current versionunclear

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to elevate privileges locally.

Affected versions
  • 2019
CVE-2026-21509 HIGH (7.8) 2026-01-26 Current versionunclear

Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally.

Affected versions
  • 2016
  • 2019