๐Ÿ” CVE Alert

CVE-2026-50387

HIGH 7.8

Windows GDI Elevation of Privilege Vulnerability

CVSS Score
7.8
EPSS Score
1.7%
EPSS Percentile
75th

Stack-based buffer overflow in Windows GDI allows an authorized attacker to elevate privileges locally.

Vendor microsoft
Product microsoft office 365 for mac
Ecosystems
Industries
TechnologyEnterprise
Published Jul 14, 2026
Last Updated Jul 16, 2026
Stay Ahead of the Next One

Get instant alerts for microsoft microsoft office 365 for mac

Be the first to know when new high vulnerabilities affecting microsoft microsoft office 365 for mac are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability

Affected Versions

Microsoft / Microsoft Office 365 for Mac
1.0.0 < 16.111.26071215
Microsoft / Microsoft Office for Android
16.0.1 < 16.0.20228.20042
Microsoft / Microsoft Office LTSC for Mac 2021
16.0.1 < 16.111.26071215
Microsoft / Microsoft Office LTSC for Mac 2024
16.0.0 < 16.111.26071215
Microsoft / Windows 10 Version 1607
10.0.14393.0 < 10.0.14393.9339
Microsoft / Windows 10 Version 1809
10.0.17763.0 < 10.0.17763.9020
Microsoft / Windows 10 Version 21H2
10.0.19044.0 < 10.0.19044.7548
Microsoft / Windows 10 Version 22H2
10.0.19045.0 < 10.0.19045.7548
Microsoft / Windows 11 Version 24H2
10.0.26100.0 < 10.0.26100.8875
Microsoft / Windows 11 Version 25H2
10.0.26200.0 < 10.0.26200.8875
Microsoft / Windows 11 version 26H1
10.0.28000.0 < 10.0.28000.2269
Microsoft / Windows Server 2012
6.2.9200.0 < 6.2.9200.26226
Microsoft / Windows Server 2012 (Server Core installation)
6.2.9200.0 < 6.2.9200.26226
Microsoft / Windows Server 2012 R2
6.3.9600.0 < 6.3.9600.23291
Microsoft / Windows Server 2012 R2 (Server Core installation)
6.3.9600.0 < 6.3.9600.23291
Microsoft / Windows Server 2016
10.0.14393.0 < 10.0.14393.9339
Microsoft / Windows Server 2016 (Server Core installation)
10.0.14393.0 < 10.0.14393.9339
Microsoft / Windows Server 2019
10.0.17763.0 < 10.0.17763.9020
Microsoft / Windows Server 2019 (Server Core installation)
10.0.17763.0 < 10.0.17763.9020
Microsoft / Windows Server 2022
10.0.20348.0 < 10.0.20348.5386
Microsoft / Windows Server 2025
10.0.26100.0 < 10.0.26100.33158
Microsoft / Windows Server 2025 (Server Core installation)
10.0.26100.0 < 10.0.26100.33158

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
msrc.microsoft.com: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50387