How severe is CVE-2024-38226?

CVE-2024-38226 has a CVSS v3 score of 7.3 (HIGH).

CVE-2024-38226

Name: publisher
Author: microsoft

7.3HIGH

Microsoft Publisher Security Feature Bypass Vulnerability

Published: 9/10/2024Updated: 10/28/2025

CISA Known Exploited Vulnerability

Microsoft Publisher contains a protection mechanism failure vulnerability that allows attacker to bypass Office macro policies used to block untrusted or malicious files.

Required Action:

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Due Date:

2024-10-01

Description

Microsoft Publisher Security Feature Bypass Vulnerability

AI AnalysisPowered by AI

Affected Products

microsoftoffice_2019

microsoftoffice_long_term_servicing_channel

2021

microsoftoffice_long_term_servicing_channel

2021

microsoftpublisher

2016

microsoftpublisher

2016

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38226
PatchVendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-38226
US Government Resource