🟠 High | Source: Microsoft Security Response Center
CVE-2026-45460 is an information disclosure vulnerability affecting Microsoft Office for Android. Exploitation could allow an attacker to access sensitive data that should otherwise be protected within the application. Microsoft has released a security update and users of the affected Android app should apply it promptly.
Security Architect’s Take: Ensure your mobile device management (MDM) or MAM policy enforces automatic app updates for Microsoft Office on Android, and verify that managed devices are running the patched version. Consider reviewing data classification policies to limit the sensitivity of data accessible via mobile Office clients until patching is confirmed.
Original advisory: CVE-2026-45460 Microsoft Office Information Disclosure Vulnerability