CVE-2026-32190PATCHED

microsoft · office

Microsoft Office Remote Code Execution Vulnerability

Description

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Affected Products

Vendor	Product	Versions
microsoft	office	16.0.1, 16.0.0, 19.0.0, 16.0.1, 16.0.0, 16.0.1, 16.0.0

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
microsoft	sharepoint	cert_advisory	90%
microsoft	microsoft 365 apps	cert_advisory	90%
microsoft	office	cert_advisory	90%
microsoft	microsoft sharepoint	cert_advisory	90%
microsoft	powerpoint	cert_advisory	90%

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32190(vendor-advisory, patch)

Related News (5 articles)

Tier D

SecurityWeek4h ago

Chinese Cybersecurity Firm’s AI Hacking Claims Draw Comparisons to Claude Mythos

→ No new info (linked only)

Tier B

BSI Advisories8d ago

[NEU] [mittel] Microsoft Office: Mehrere Schwachstellen

→ No new info (linked only)

Tier C

Qualys Blog8d ago

Microsoft and Adobe Patch Tuesday, April 2026 Security Update Review

→ No new info (linked only)

Tier C

VulDB8d ago

CVE-2026-32190 | Microsoft Office 2016/2019/LTSC/LTSC 2021/LTSC 2024 use after free

→ No new info (linked only)

Tier A

Microsoft MSRC9d ago

CVE-2026-32190 Microsoft Office Remote Code Execution Vulnerability

→ No new info (linked only)

CVSS 3.18.4 HIGH

VectorCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CISA KEV❌ No

Actively exploited❌ No

Patch available

https://aka.ms/OfficeSecurityReleases16.0.5548.100016.108.26041219

CWECWE-416

PublishedApr 14, 2026

Last enriched8d agov2

Trending Score54

Source articles5

Independent5

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-33825EXPKEV

Microsoft Defender Elevation of Privilege Vulnerability

Trending: 153

MEDIUMCVE-2026-32201EXPKEV

Microsoft SharePoint Server Spoofing Vulnerability

Trending: 132

HIGHCVE-2026-26127EXPKEV

.NET Denial of Service Vulnerability

Trending: 103

HIGHCVE-2026-40372EXP

ASP.NET Core Elevation of Privilege Vulnerability

Trending: 90

HIGHCVE-2026-26130

ASP.NET Core Denial of Service Vulnerability

Trending: 38

Pin to Dashboard

Verification

State: verified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 14, 2026

Discovered by ZDM

Apr 14, 2026

Updated: affectedVersions

Apr 14, 2026

Patch Available

Apr 22, 2026

Version History

Last enriched 8d ago

v2Tier C8d ago

Updated severity to CRITICAL, added new affected versions, and marked the vulnerability as actively exploited.

affectedVersions

via VulDB

v18d ago

Initial creation