Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
6DescriptionCVE.org
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
AnalysisAI
Microsoft Excel memory corruption via use-after-free enables arbitrary code execution when victims open malicious spreadsheet files. This vulnerability affects all major Office deployments including Microsoft 365 Apps for Enterprise, Excel 2016, Office 2019, and Office LTSC 2021/2024 for both Windows and macOS, as well as Office Online Server. Attackers require user interaction to open a crafted file, but no authentication is needed (CVSS PR:N), making this exploitable through phishing or file-sharing attacks. Vendor patches are available through Microsoft Security Response Center. No public exploit or active exploitation confirmed at time of analysis, though the straightforward attack vector (local file + user click) and high impact (code execution with full system privileges) warrant prompt patching.
Technical ContextAI
Use-after-free vulnerabilities (CWE-416) occur when software continues to reference memory after it has been deallocated, creating a window where attackers can manipulate freed memory to redirect program execution. In Excel's case, this likely involves document parsing routines that improperly manage object lifecycles when processing specially-crafted spreadsheet elements (formulas, embedded objects, or structured data). The vulnerability spans Microsoft's entire Office ecosystem: perpetual licenses (Excel 2016, Office 2019, Office LTSC 2021/2024), subscription services (Microsoft 365 Apps for Enterprise), cross-platform deployments (Office LTSC for Mac 2021/2024), and server infrastructure (Office Online Server). The CPE enumeration indicates consistent vulnerability across the Office codebase suggesting a shared component or library is affected, possibly in the OOXML parsing layer or OLE object handling routines that are reused across products.
RemediationAI
Apply security updates immediately through Windows Update, Microsoft Update, or Office Update mechanisms depending on deployment model. For Microsoft 365 Apps for Enterprise, Office 2019, Office LTSC 2021, and Office LTSC 2024 on Windows, follow patching guidance at https://aka.ms/OfficeSecurityReleases. For Excel 2016, upgrade to version 16.0.5548.1000 or later. For Office LTSC for Mac 2021 and 2024, update to version 16.108.26041219 or later. For Office Online Server, deploy version 16.0.10417.20113 or newer. Enterprise administrators should prioritize systems handling external Excel documents and deploy updates through existing patch management infrastructure (WSUS, SCCM, Intune). As interim mitigation until patching completes, enforce Protected View for files from Internet and untrusted sources, disable macros by default, and educate users to verify sender identity before opening unsolicited Excel files. Full remediation details available at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32189.
Same weakness CWE-416 – Use After Free
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-22569
GHSA-9p74-5f5x-rgfp