Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

SharePoint Untrusted Pointer Dereference Vulnerability (CVE-2026-40367)

Description

Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Remediation

References

Related Vulnerabilities

WordPress Plugin Reusable Blocks Extended Cross-Site Request Forgery (0.9)

WordPress Plugin Poll Maker SQL Injection (3.2.0)

WordPress Plugin CloudFlare Multiple Cross-Site Scripting Vulnerabilities (1.3.20)

Oracle HTTP Server Out-of-bounds Read Vulnerability (CVE-2020-26185)

WordPress Plugin Shortcode Factory Local File Inclusion (2.7)

Severity

High

Classification

CVE-2026-40367 CWE-822 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities