Skip to main content

Microsoft EUVDEUVD-2026-22361

| CVE-2026-23657 HIGH
Use After Free (CWE-416)
2026-04-14 microsoft
7.8
CVSS 3.1 · NVD
Temporal: 6.8
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
ENISA EUVD
HIGH
qualitative
CIRCL (temporal)
6.8 MEDIUM
cvss

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

6
Re-analysis Queued
Apr 17, 2026 - 15:22 vuln.today
cvss_changed
Analysis Generated
Apr 14, 2026 - 19:25 vuln.today
EUVD ID Assigned
Apr 14, 2026 - 17:46 euvd
EUVD-2026-22361
Analysis Generated
Apr 14, 2026 - 17:46 vuln.today
Patch released
Apr 14, 2026 - 17:46 nvd
Patch available
CVE Published
Apr 14, 2026 - 16:57 nvd
HIGH 7.8

DescriptionCVE.org

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

AnalysisAI

Local code execution in Microsoft Office Word via use-after-free memory corruption affects Microsoft 365 Apps for Enterprise and Office LTSC 2024. Unauthenticated attackers can achieve full system compromise (confidentiality, integrity, availability) by inducing users to open specially crafted Word documents, triggering memory reuse vulnerabilities during document parsing. Vendor patch available via Microsoft Security Response Center. No public exploit identified at time of analysis, though CVSS 7.8 indicates high severity when user interaction occurs.

Technical ContextAI

This vulnerability stems from a use-after-free condition (CWE-416) in Microsoft Word's document processing engine. Use-after-free vulnerabilities occur when application code continues to reference memory after it has been deallocated, allowing attackers to manipulate freed memory regions and redirect program execution flow. The affected products per CPE strings are Microsoft 365 Apps for Enterprise (version 16.0.1 and earlier) and Microsoft Office LTSC 2024 (version 16.0.0 and earlier), both using the shared Office document rendering infrastructure. The local attack vector indicates exploitation requires the malicious document to be opened on the target system, rather than remote network-based exploitation. Tags indicate this can cause memory corruption leading to denial of service or arbitrary code execution depending on exploitation technique.

RemediationAI

Apply security updates provided by Microsoft through the official Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23657. Organizations using Microsoft 365 Apps for Enterprise should update beyond version 16.0.1, and those using Office LTSC 2024 should update beyond version 16.0.0, with specific patched versions detailed at https://aka.ms/OfficeSecurityReleases. Enable automatic updates for Microsoft Office products where feasible to ensure timely patch deployment. As interim mitigation until patches are applied, implement strict controls on opening Word documents from untrusted sources, enforce Protected View settings in Word to sandbox potentially malicious documents, and deploy email gateway filtering to block suspicious Office file attachments. Application whitelisting and endpoint detection solutions can provide additional defense-in-depth layers by detecting abnormal behavior from Word processes.

Share

EUVD-2026-22361 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy