CVE-2026-40358

Microsoft · Office

A use-after-free vulnerability in Microsoft Office allows an unauthorized local attacker to execute arbitrary code.

Executive summary

A critical use-after-free vulnerability in Microsoft Office could allow an unauthorized local attacker to execute arbitrary code on the host system.

Vulnerability

This vulnerability is a use-after-free (CWE-416) flaw in Microsoft Office. The CVSS vector (AV:L/AC:L/PR:N/UI:N) confirms that an unauthenticated local attacker can trigger this condition, leading to memory corruption and potential code execution.

Business impact

The ability to execute arbitrary code via a use-after-free vulnerability presents a severe risk to organizational security, potentially resulting in full system compromise. With a CVSS score of 8.4, the vulnerability is highly dangerous, as it allows attackers to bypass standard security controls and gain unauthorized access to sensitive information.

Remediation

Immediate Action: Update all affected Microsoft Office instances to the latest patched versions as outlined in the Microsoft Security Update Guide (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40358).

Proactive Monitoring: Review system and application logs for unusual crashes or instability in Office applications, which may indicate exploitation attempts.

Compensating Controls: Utilize EDR tools to monitor for suspicious child processes initiated by Office applications, which is a common indicator of exploitation.

Exploitation status

Public Exploit Available: No (exploit_available: false).

Analyst recommendation

The risk of arbitrary code execution makes this vulnerability a priority for remediation. Administrators should verify that all clients receive the necessary security patches promptly to prevent potential exploitation.