Skip to main content

Microsoft CVE-2026-32197

| EUVDEUVD-2026-22579 HIGH
Use After Free (CWE-416)
2026-04-14 microsoft GHSA-3rjw-x5rf-9pp3
7.8
CVSS 3.1 · NVD
Temporal: 6.8
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
ENISA EUVD
HIGH
qualitative
CIRCL (temporal)
6.8 MEDIUM
cvss

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

6
Re-analysis Queued
Apr 17, 2026 - 15:22 vuln.today
cvss_changed
Analysis Generated
Apr 14, 2026 - 19:34 vuln.today
EUVD ID Assigned
Apr 14, 2026 - 17:46 euvd
EUVD-2026-22579
Analysis Generated
Apr 14, 2026 - 17:46 vuln.today
Patch released
Apr 14, 2026 - 17:46 nvd
Patch available
CVE Published
Apr 14, 2026 - 16:58 nvd
HIGH 7.8

DescriptionCVE.org

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

AnalysisAI

Use-after-free memory corruption in Microsoft Excel across Office 2016-2024 and Microsoft 365 enables local code execution when a user opens a malicious spreadsheet. Attackers must craft a weaponized Excel file and trick users into opening it, after which arbitrary code runs with the victim's privileges. No authentication is required, though user interaction is necessary. Exploitation probability remains moderate (CVSS 7.8) with no confirmed active exploitation (no CISA KEV listing) and no publi

Technical ContextAI

This vulnerability exploits CWE-416 (use-after-free), a class of memory corruption bugs where a program continues to reference memory after it has been freed. In Excel's parsing or rendering engine, specific spreadsheet structures trigger premature deallocation of memory objects that remain in use, allowing attackers to control the contents of freed memory regions. Subsequent operations on dangling pointers can redirect code execution to attacker-supplied payloads embedded in the malicious Excel file. Affected products span the entire modern Office ecosystem: Excel 2016 (versions prior to 16.0.5548.1000), Office 2019, Office LTSC 2021 and 2024 for both Windows and macOS (versions below 16.108.26041219 for Mac), Microsoft 365 Apps for Enterprise, and Office Online Server (versions before 16.0.10417.20113). The vulnerability resides in native code components shared across these platforms, making it a widespread cross-version issue affecting both perpetual-license and subscription-based deployments.

RemediationAI

Apply vendor-released patches immediately for all affected Office installations. For Excel 2016, upgrade to version 16.0.5548.1000 or later. For Office LTSC for Mac 2021 and 2024, upgrade to version 16.108.26041219 or later. For Microsoft Office 2019, Office LTSC 2021, Office LTSC 2024 for Windows, and Microsoft 365 Apps for Enterprise, apply the latest security updates available at https://aka.ms/OfficeSecurityReleases. For Office Online Server, upgrade to version 16.0.10417.20113 or later. Organizations unable to patch immediately should implement defense-in-depth controls including disabling Office macros by default, enabling Protected View for files from untrusted sources, deploying email attachment filtering to block suspicious Excel files, and training users to avoid opening spreadsheets from unknown senders. Detailed remediation guidance is published in Microsoft's Security Update Guide at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32197.

Share

CVE-2026-32197 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy