Skip to main content

Microsoft EUVDEUVD-2026-22583

| CVE-2026-32199 HIGH
Use After Free (CWE-416)
2026-04-14 microsoft
7.8
CVSS 3.1 · NVD
Temporal: 6.8
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
ENISA EUVD
HIGH
qualitative
CIRCL (temporal)
6.8 MEDIUM
cvss

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

6
Re-analysis Queued
Apr 17, 2026 - 15:22 vuln.today
cvss_changed
Analysis Generated
Apr 14, 2026 - 19:35 vuln.today
EUVD ID Assigned
Apr 14, 2026 - 17:46 euvd
EUVD-2026-22583
Analysis Generated
Apr 14, 2026 - 17:46 vuln.today
Patch released
Apr 14, 2026 - 17:46 nvd
Patch available
CVE Published
Apr 14, 2026 - 16:58 nvd
HIGH 7.8

DescriptionCVE.org

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

AnalysisAI

Microsoft Excel use-after-free vulnerability (CWE-416) enables arbitrary code execution when a user opens a specially crafted Excel file. Affects Microsoft 365 Apps for Enterprise, Excel 2016, Office 2019, Office LTSC 2021/2024 (Windows and Mac), and Office Online Server. CVSS 7.8 (High) requires local access and user interaction but no authentication. No public exploit identified at time of analysis. Microsoft released patches addressing all affected product lines per MSRC update guide.

Technical ContextAI

This vulnerability exploits a use-after-free memory corruption flaw (CWE-416) in Microsoft Excel's file parsing or object handling routines. Use-after-free conditions occur when application code continues to reference memory after it has been deallocated, allowing attackers to manipulate freed memory regions and redirect program execution flow. The vulnerability affects Excel components across multiple Microsoft Office product families including perpetual licenses (Office LTSC 2021/2024, Excel 2016, Office 2019), subscription-based deployments (Microsoft 365 Apps for Enterprise), macOS variants (Office LTSC for Mac 2021/2024), and server-side rendering infrastructure (Office Online Server). CPE strings identify eight distinct product configurations spanning enterprise subscription services, standalone Excel installations, and both Windows and macOS perpetual licensing models. The memory corruption occurs during local file processing, requiring attackers to deliver malicious Excel documents through social engineering, email attachments, or compromised file shares.

RemediationAI

Apply vendor-released patches immediately via Microsoft Update or enterprise deployment tools. Microsoft 365 Apps for Enterprise and Office 2019/LTSC 2024 users should install updates referenced at https://aka.ms/OfficeSecurityReleases following Microsoft's standard monthly update cycle. Excel 2016 standalone installations require update to version 16.0.5548.1000 or later. Office LTSC 2021 (Windows) updates are available through the security release channel. Mac users should update Office LTSC for Mac 2021 and 2024 to version 16.108.26041219 or later via Microsoft AutoUpdate. Office Online Server administrators must deploy version 16.0.10417.20113 or later. Until patches are applied, implement defense-in-depth controls including Protected View for untrusted Office documents, Application Guard for Office to isolate document rendering, email gateway scanning for malicious attachments, and user awareness training to avoid opening Excel files from untrusted sources. Consult the official advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32199 for complete remediation instructions and deployment considerations.

Share

EUVD-2026-22583 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy