Skip to main content

Microsoft CVE-2026-32198

| EUVDEUVD-2026-22581 HIGH
Use After Free (CWE-416)
2026-04-14 microsoft
7.8
CVSS 3.1 · NVD
Temporal: 6.8
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
ENISA EUVD
HIGH
qualitative
CIRCL (temporal)
6.8 MEDIUM
cvss

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

6
Re-analysis Queued
Apr 17, 2026 - 15:22 vuln.today
cvss_changed
Analysis Generated
Apr 14, 2026 - 19:35 vuln.today
EUVD ID Assigned
Apr 14, 2026 - 17:46 euvd
EUVD-2026-22581
Analysis Generated
Apr 14, 2026 - 17:46 vuln.today
Patch released
Apr 14, 2026 - 17:46 nvd
Patch available
CVE Published
Apr 14, 2026 - 16:58 nvd
HIGH 7.8

DescriptionCVE.org

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

AnalysisAI

Use-after-free vulnerability in Microsoft Office Excel enables local code execution when users open maliciously crafted Excel files. Affects all major Office versions including Microsoft 365 Apps for Enterprise, Excel 2016, Office 2019, Office LTSC 2021/2024 (Windows and Mac), and Office Online Server. Attack requires no authentication (PR:N) but demands user interaction (opening a weaponized document). CVSS 7.8 (High) reflects significant impact potential (code execution with high confidentiali

Technical ContextAI

This vulnerability represents a CWE-416 use-after-free memory corruption flaw in Excel's file parsing engine. Use-after-free conditions occur when application code continues referencing memory after it has been deallocated, allowing attackers to manipulate freed memory regions and redirect program execution flow. The affected CPE scope indicates the vulnerability exists across Microsoft's entire Office product ecosystem spanning perpetual licenses (Excel 2016, Office 2019), subscription-based deployments (Microsoft 365 Apps for Enterprise), volume licensing channels (Office LTSC 2021/2024 for Windows and macOS), and server-side rendering components (Office Online Server). The consistent version patterns across products suggest a shared codebase vulnerability in Excel's document processing library, likely within format parsing routines that handle legacy .xls or modern .xlsx file structures. The memory corruption class enables arbitrary code execution when Excel processes specially crafted spreadsheet elements that trigger the use-after-free condition during object lifecycle management.

RemediationAI

Apply vendor-released security updates immediately from Microsoft Security Response Center. For Microsoft Excel 2016, upgrade to version 16.0.5548.1000 or later. For Office Online Server, deploy version 16.0.10417.20113 or later. For Office LTSC 2021/2024 on macOS, upgrade to version 16.108.26041219 or later. For Office 2019, Office LTSC 2021/2024 on Windows, and Microsoft 365 Apps for Enterprise, consult the version-specific patch matrix at https://aka.ms/OfficeSecurityReleases and deploy through Windows Update, Microsoft Update, or enterprise patch management systems. As interim mitigation where immediate patching is not feasible, enforce Office Protected View for files from untrusted sources, block Excel file attachments at email gateways, and educate users on risks of opening unsolicited spreadsheet documents. Disable macros and ActiveX controls organization-wide unless business-critical. For Office Online Server deployments, consider network segmentation to limit exposure until patches are applied. Full remediation guidance at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32198.

Share

CVE-2026-32198 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy