Skip to main content

Microsoft EUVDEUVD-2026-22569

| CVE-2026-32189 HIGH
Use After Free (CWE-416)
2026-04-14 microsoft GHSA-9p74-5f5x-rgfp
7.8
CVSS 3.1 · NVD
Temporal: 6.8
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
ENISA EUVD
HIGH
qualitative
CIRCL (temporal)
6.8 MEDIUM
cvss

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

6
Re-analysis Queued
Apr 17, 2026 - 15:22 vuln.today
cvss_changed
Analysis Generated
Apr 14, 2026 - 19:22 vuln.today
EUVD ID Assigned
Apr 14, 2026 - 17:46 euvd
EUVD-2026-22569
Analysis Generated
Apr 14, 2026 - 17:46 vuln.today
Patch released
Apr 14, 2026 - 17:46 nvd
Patch available
CVE Published
Apr 14, 2026 - 16:57 nvd
HIGH 7.8

DescriptionCVE.org

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

AnalysisAI

Microsoft Excel memory corruption via use-after-free enables arbitrary code execution when victims open malicious spreadsheet files. This vulnerability affects all major Office deployments including Microsoft 365 Apps for Enterprise, Excel 2016, Office 2019, and Office LTSC 2021/2024 for both Windows and macOS, as well as Office Online Server. Attackers require user interaction to open a crafted file, but no authentication is needed (CVSS PR:N), making this exploitable through phishing or file-sharing attacks. Vendor patches are available through Microsoft Security Response Center. No public exploit or active exploitation confirmed at time of analysis, though the straightforward attack vector (local file + user click) and high impact (code execution with full system privileges) warrant prompt patching.

Technical ContextAI

Use-after-free vulnerabilities (CWE-416) occur when software continues to reference memory after it has been deallocated, creating a window where attackers can manipulate freed memory to redirect program execution. In Excel's case, this likely involves document parsing routines that improperly manage object lifecycles when processing specially-crafted spreadsheet elements (formulas, embedded objects, or structured data). The vulnerability spans Microsoft's entire Office ecosystem: perpetual licenses (Excel 2016, Office 2019, Office LTSC 2021/2024), subscription services (Microsoft 365 Apps for Enterprise), cross-platform deployments (Office LTSC for Mac 2021/2024), and server infrastructure (Office Online Server). The CPE enumeration indicates consistent vulnerability across the Office codebase suggesting a shared component or library is affected, possibly in the OOXML parsing layer or OLE object handling routines that are reused across products.

RemediationAI

Apply security updates immediately through Windows Update, Microsoft Update, or Office Update mechanisms depending on deployment model. For Microsoft 365 Apps for Enterprise, Office 2019, Office LTSC 2021, and Office LTSC 2024 on Windows, follow patching guidance at https://aka.ms/OfficeSecurityReleases. For Excel 2016, upgrade to version 16.0.5548.1000 or later. For Office LTSC for Mac 2021 and 2024, update to version 16.108.26041219 or later. For Office Online Server, deploy version 16.0.10417.20113 or newer. Enterprise administrators should prioritize systems handling external Excel documents and deploy updates through existing patch management infrastructure (WSUS, SCCM, Intune). As interim mitigation until patching completes, enforce Protected View for files from Internet and untrusted sources, disable macros by default, and educate users to verify sender identity before opening unsolicited Excel files. Full remediation details available at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32189.

Share

EUVD-2026-22569 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy