Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
6DescriptionCVE.org
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
AnalysisAI
Microsoft Excel use-after-free vulnerability (CWE-416) enables arbitrary code execution when a user opens a specially crafted Excel file. Affects Microsoft 365 Apps for Enterprise, Excel 2016, Office 2019, Office LTSC 2021/2024 (Windows and Mac), and Office Online Server. CVSS 7.8 (High) requires local access and user interaction but no authentication. No public exploit identified at time of analysis. Microsoft released patches addressing all affected product lines per MSRC update guide.
Technical ContextAI
This vulnerability exploits a use-after-free memory corruption flaw (CWE-416) in Microsoft Excel's file parsing or object handling routines. Use-after-free conditions occur when application code continues to reference memory after it has been deallocated, allowing attackers to manipulate freed memory regions and redirect program execution flow. The vulnerability affects Excel components across multiple Microsoft Office product families including perpetual licenses (Office LTSC 2021/2024, Excel 2016, Office 2019), subscription-based deployments (Microsoft 365 Apps for Enterprise), macOS variants (Office LTSC for Mac 2021/2024), and server-side rendering infrastructure (Office Online Server). CPE strings identify eight distinct product configurations spanning enterprise subscription services, standalone Excel installations, and both Windows and macOS perpetual licensing models. The memory corruption occurs during local file processing, requiring attackers to deliver malicious Excel documents through social engineering, email attachments, or compromised file shares.
RemediationAI
Apply vendor-released patches immediately via Microsoft Update or enterprise deployment tools. Microsoft 365 Apps for Enterprise and Office 2019/LTSC 2024 users should install updates referenced at https://aka.ms/OfficeSecurityReleases following Microsoft's standard monthly update cycle. Excel 2016 standalone installations require update to version 16.0.5548.1000 or later. Office LTSC 2021 (Windows) updates are available through the security release channel. Mac users should update Office LTSC for Mac 2021 and 2024 to version 16.108.26041219 or later via Microsoft AutoUpdate. Office Online Server administrators must deploy version 16.0.10417.20113 or later. Until patches are applied, implement defense-in-depth controls including Protected View for untrusted Office documents, Application Guard for Office to isolate document rendering, email gateway scanning for malicious attachments, and user awareness training to avoid opening Excel files from untrusted sources. Consult the official advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32199 for complete remediation instructions and deployment considerations.
Same weakness CWE-416 – Use After Free
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-22583