Microsoft Office: Unauth attacker can execute code locally

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

8.4

Microsoft Office: Unauth attacker can execute code locally

CVE-2026-32190

Summary

A vulnerability in Microsoft Office can allow an attacker to run malicious code on your computer if they can send you a specially crafted file. If you open this file, the attacker can take control of your system. Update your Microsoft Office software to the latest version to fix this issue.

Original title

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Original description

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

nvd CVSS3.1 8.4

Vulnerability type

CWE-416 Use After Free

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32190

Published: 14 Apr 2026 · Updated: 14 Apr 2026 · First seen: 14 Apr 2026