📧 info@ciso.sa | 📱 +966550939344 | Riyadh, Kingdom of Saudi Arabia
About FAQ Contact Us Terms of Service Privacy Policy 🌐 العربية
🔐

Welcome — Sign in or create an account for full access.

🔑 Sign In ✨ Register
🌐 العربية Sign In Create Account
🔧 Scheduled Maintenance — Saturday 2:00-4:00 AM AST. Some features may be temporarily unavailable.    ●   
💎
Pro Plan 50% Off Unlock all AI features, unlimited reports, and priority support. Upgrade
Search Center
ESC to close
navigate open Ctrl+K search
CISO Consulting
Global vulnerability Information Technology CRITICAL 38m Global supply_chain Software Development and Technology HIGH 1h Global vulnerability Information Technology and Telecommunications CRITICAL 1h Global apt Financial Services, Banking HIGH 7h Global vulnerability Technology and Software Development HIGH 10h Global vulnerability Government and Federal Agencies CRITICAL 10h Global supply_chain Software Development and Open-Source Ecosystems HIGH 11h Global vulnerability Enterprise Software/SaaS MEDIUM 11h Global supply_chain Software Development HIGH 11h Global general Insurance/Risk Management HIGH 11h Global vulnerability Information Technology CRITICAL 38m Global supply_chain Software Development and Technology HIGH 1h Global vulnerability Information Technology and Telecommunications CRITICAL 1h Global apt Financial Services, Banking HIGH 7h Global vulnerability Technology and Software Development HIGH 10h Global vulnerability Government and Federal Agencies CRITICAL 10h Global supply_chain Software Development and Open-Source Ecosystems HIGH 11h Global vulnerability Enterprise Software/SaaS MEDIUM 11h Global supply_chain Software Development HIGH 11h Global general Insurance/Risk Management HIGH 11h Global vulnerability Information Technology CRITICAL 38m Global supply_chain Software Development and Technology HIGH 1h Global vulnerability Information Technology and Telecommunications CRITICAL 1h Global apt Financial Services, Banking HIGH 7h Global vulnerability Technology and Software Development HIGH 10h Global vulnerability Government and Federal Agencies CRITICAL 10h Global supply_chain Software Development and Open-Source Ecosystems HIGH 11h Global vulnerability Enterprise Software/SaaS MEDIUM 11h Global supply_chain Software Development HIGH 11h Global general Insurance/Risk Management HIGH 11h
Vulnerabilities

CVE-2026-35440

Medium
CWE-552 — Weakness Type
Published: May 12, 2026  ·  Modified: May 15, 2026  ·  Source: NVD
CVSS v3
5.5
🔗 NVD Official
📄 Description (English)

Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally.

🤖 AI Executive Summary

CVE-2026-35440 is a medium-severity information disclosure vulnerability in Microsoft Office Word that allows unauthorized local access to files and directories. The vulnerability exploits improper file permission handling (CWE-552), potentially exposing sensitive documents and data. While no public exploit is currently available and no patch has been released, the widespread use of Microsoft Office in Saudi organizations makes this a notable risk requiring immediate attention and compensating controls.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: May 26, 2026 04:33
🇸🇦 Saudi Arabia Impact Assessment
This vulnerability poses significant risk to Saudi banking sector (SAMA-regulated institutions), government agencies (NCA oversight), healthcare organizations (MOH), and energy sector (ARAMCO, Saudi Aramco subsidiaries). The local file access vulnerability could expose confidential financial records, government documents, patient data, and proprietary energy sector information. Telecom operators (STC, Mobily) and financial services firms are particularly vulnerable due to heavy reliance on Microsoft Office for document handling and data processing.
🏢 Affected Saudi Sectors
Banking and Financial Services Government and Public Administration Healthcare Energy and Oil & Gas Telecommunications Insurance Education Legal Services
⚖️ Saudi Risk Score (AI)
6.2
/ 10.0
🔧 Remediation Steps (English)
Immediate Actions:

1. Inventory all Microsoft Office Word installations across the organization and document version numbers

2. Restrict local file system access permissions on shared drives and user directories to principle of least privilege

3. Disable unnecessary file sharing features and network discovery on workstations

4. Implement file access monitoring and logging for sensitive document directories



Compensating Controls (until patch available):

5. Apply NTFS permissions to restrict access to sensitive document folders to authorized users only

6. Use Windows AppLocker or similar tools to restrict Word execution to trusted locations

7. Enable Windows Defender Application Guard for Office applications

8. Implement Data Loss Prevention (DLP) policies to monitor and restrict access to sensitive files

9. Conduct regular file permission audits on systems containing sensitive data

10. Educate users on not opening Word documents from untrusted sources



Detection Rules:

11. Monitor for unusual file access patterns to document directories via Event ID 4663 (file access attempts)

12. Alert on Word process accessing files outside expected user profile directories

13. Track changes to NTFS permissions on sensitive document folders
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:

1. قم بحصر جميع تثبيتات Microsoft Office Word عبر المنظمة وتوثيق أرقام الإصدارات

2. قيد أذونات الوصول إلى نظام الملفات المحلي على محركات الأقراص المشتركة ومجلدات المستخدمين وفقًا لمبدأ الحد الأدنى من الامتيازات

3. عطّل ميزات مشاركة الملفات غير الضرورية واكتشاف الشبكة على محطات العمل

4. تنفيذ مراقبة وتسجيل الوصول إلى الملفات لمجلدات المستندات الحساسة



الضوابط التعويضية (حتى توفر التصحيح):

5. تطبيق أذونات NTFS لتقييد الوصول إلى مجلدات المستندات الحساسة للمستخدمين المصرح لهم فقط

6. استخدام Windows AppLocker أو أدوات مماثلة لتقييد تنفيذ Word إلى المواقع الموثوقة

7. تفعيل Windows Defender Application Guard لتطبيقات Office

8. تنفيذ سياسات منع فقدان البيانات (DLP) لمراقبة وتقييد الوصول إلى الملفات الحساسة

9. إجراء عمليات تدقيق منتظمة لأذونات الملفات على الأنظمة التي تحتوي على بيانات حساسة

10. تثقيف المستخدمين بعدم فتح مستندات Word من مصادر غير موثوقة



قواعد الكشف:

11. مراقبة أنماط الوصول غير المعتادة إلى مجلدات المستندات عبر Event ID 4663

12. تنبيهات على عملية Word التي تصل إلى ملفات خارج مجلدات ملف تعريف المستخدم المتوقعة

13. تتبع التغييرات في أذونات NTFS على مجلدات المستندات الحساسة
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
A.5.1.1 - Information security policies and procedures A.6.1.1 - Access control policy A.6.2.1 - User registration and de-registration A.6.2.2 - User access provisioning A.8.2.1 - Classification of information A.8.2.3 - Handling of assets
🔵 SAMA CSF
ID.AM-2 - Software inventory PR.AC-1 - Access control policy PR.AC-3 - Access enforcement PR.AC-4 - Access rights management DE.CM-1 - Audit logging
🟡 ISO 27001:2022
6.1.1 - Screening 6.2.1 - Information security roles and responsibilities 6.5.1 - Information classification 8.1.1 - User endpoint devices 8.2.1 - Privileged access rights 8.2.2 - Information access restriction 8.3.1 - User password management 8.3.4 - Password management system
🟣 PCI DSS v4.0.1
Requirement 1.1 - Firewall configuration standards Requirement 2.1 - Default security parameters Requirement 6.2 - Security patches Requirement 7.1 - Access control implementation Requirement 10.2 - User access logging
📊 CVSS Score
5.5
/ 10.0 — Medium
📊 CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Attack VectorL — Low / Local
Attack ComplexityL — Low / Local
Privileges RequiredN — None / Network
User InteractionR — Required
ScopeU — Unchanged
ConfidentialityH — High
IntegrityN — None / Network
AvailabilityN — None / Network
📋 Quick Facts
Severity Medium
CVSS Score5.5
CWECWE-552
EPSS0.04%
Exploit No
Patch ✗ No
Published 2026-05-12
Source Feed nvd
🇸🇦 Saudi Risk Score
6.2
/ 10.0 — Saudi Risk
Priority: HIGH
🏷️ Tags
CWE-552
⚡ Actions
🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details
Share this CVE
LinkedIn X / Twitter WhatsApp Telegram
📣 Found this valuable?
Share it with your cybersecurity network
in LinkedIn 𝕏 X / Twitter 💬 WhatsApp ✈ Telegram
🍪 Privacy Preferences
CISO Consulting — Compliant with Saudi Personal Data Protection Law (PDPL)
We use cookies and similar technologies to provide the best experience on our platform. You can choose which types you accept.
🔒
Essential Always On
Required for the website to function properly. Cannot be disabled.
📋 Sessions, CSRF tokens, authentication, language preferences
📊
Analytics
Help us understand how visitors use the site and improve performance.
📋 Page views, session duration, traffic sources, performance metrics
⚙️
Functional
Enable enhanced features like content personalization and preferences.
📋 Dark/light theme, font size, custom dashboards, saved filters
📣
Marketing
Used to deliver content and ads relevant to your interests.
📋 Campaign tracking, retargeting, social media analytics
Privacy Policy →
CISO AI Assistant
Ask anything · Documents · Support
🔐

Introduce Yourself

Enter your details to access the full assistant

Your info is private and never shared
💬
CyberAssist
Online · responds in seconds
5 / 5
🔐 Verify Your Identity

Enter your email to receive a verification code before submitting a support request.

Enter to send · / for commands 0 / 2000
CISO AI · Powered by Anthropic Claude
✦ Quick Survey Help Us Improve CISO Consulting Your feedback shapes the future of our platform — takes less than 2 minutes.
⚠ Please answer this question to continue

How would you rate your overall experience with our platform?

Rate from 1 (poor) to 5 (excellent)

🎉
Thank you!
Your response has been recorded.