Microsoft
Microsoft 365 Apps for Windows (Office 365)
See the latest tracked release, confirm when it was published, and subscribe for update emails.
2604 (19929.20172)
- Release date
- May 14, 2026
- Security status
- 25 high-severity CVEs tracked in the last 90 days. Current version impact is unclear.
Source
Vendor Release Information
Public release notes are linked for the latest stored release.
Release history
See the latest published releases stored for this product.
| Version | Published | Notes |
|---|---|---|
| 2604 (19929.20172) | 2026-05-14 | Release Notes |
| 2604 (19929.20162) | 2026-05-12 | Release Notes |
| 2603 (19822.20180) | 2026-04-14 | Release Notes |
| 2602 (19725.20170) | 2026-03-10 | Release Notes |
Vulnerability tracking
versionPing monitors CVEs for this product. Matching CVEs are listed below. We only display CVEs with a CVSS score of 7.0 or higher that were published within the last 90 days.
Affected status is inferred from published affected version ranges where available. Always verify against the vendor advisory before making production decisions.
| CVE | Severity | Published | Status | Summary |
|---|---|---|---|---|
| CVE-2026-42832 | HIGH (7.7) | 2026-05-12 | Current versionunclear | Improper access control in Microsoft Office allows an unauthorized attacker to perform spoofing locally. Affected versions
|
| CVE-2026-42831 | HIGH (7.8) | 2026-05-12 | Current versionunclear | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. Affected versions
|
| CVE-2026-40420 | HIGH (8.8) | 2026-05-12 | Current versionunclear | Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally. Affected versions
|
| CVE-2026-40419 | HIGH (7.8) | 2026-05-12 | Current versionunclear | Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally. Affected versions
|
| CVE-2026-40418 | HIGH (7.8) | 2026-05-12 | Current versionunclear | Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally. Affected versions
|
| CVE-2026-40367 | HIGH (8.4) | 2026-05-12 | Current versionunclear | Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally. Affected versions
|
| CVE-2026-40366 | HIGH (8.4) | 2026-05-12 | Current versionunclear | Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally. Affected versions
|
| CVE-2026-40364 | HIGH (8.4) | 2026-05-12 | Current versionunclear | Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally. Affected versions
|
| CVE-2026-40363 | HIGH (8.4) | 2026-05-12 | Current versionunclear | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. Affected versions
|
| CVE-2026-40362 | HIGH (7.8) | 2026-05-12 | Current versionunclear | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Affected versions
|
| CVE-2026-40361 | HIGH (8.4) | 2026-05-12 | Current versionunclear | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. Affected versions
|
| CVE-2026-40360 | HIGH (7.8) | 2026-05-12 | Current versionunclear | Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. Affected versions
|
| CVE-2026-40359 | HIGH (7.8) | 2026-05-12 | Current versionunclear | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Affected versions
|
| CVE-2026-40358 | HIGH (8.4) | 2026-05-12 | Current versionunclear | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. Affected versions
|
| CVE-2026-35436 | HIGH (8.8) | 2026-05-12 | Current versionunclear | Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally. Affected versions
|
| CVE-2026-33115 | HIGH (8.4) | 2026-04-14 | Current versionunclear | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. Affected versions
Show 2 more
|
| CVE-2026-33114 | HIGH (8.4) | 2026-04-14 | Current versionunclear | Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally. Affected versions
Show 2 more
|
| CVE-2026-33095 | HIGH (7.8) | 2026-04-14 | Current versionunclear | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. Affected versions
Show 2 more
|
| CVE-2026-32200 | HIGH (7.8) | 2026-04-14 | Current versionunclear | Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally. Affected versions
|
| CVE-2026-32199 | HIGH (7.8) | 2026-04-14 | Current versionunclear | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Affected versions
|
| CVE-2026-32198 | HIGH (7.8) | 2026-04-14 | Current versionunclear | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Affected versions
|
| CVE-2026-32197 | HIGH (7.8) | 2026-04-14 | Current versionunclear | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Affected versions
|
| CVE-2026-32190 | HIGH (8.4) | 2026-04-14 | Current versionunclear | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. Affected versions
|
| CVE-2026-32189 | HIGH (7.8) | 2026-04-14 | Current versionunclear | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Affected versions
|
| CVE-2026-32188 | HIGH (7.1) | 2026-04-14 | Current versionunclear | Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. Affected versions
|