CVE-2026-23657Use After Free in Microsoft 365 Apps FOR Enterprise

CWE-416Use After Free4 documents4 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 76.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft 365 Apps FOR EnterpriseMicrosoft Office Ltsc 2024
Timeline
PublishedApr 14
Latest updateApr 15

Description

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5microsoft/microsoft_office_ltsc_202416.0.0https://aka.ms/OfficeSecurityReleases
CVEListV5microsoft/microsoft_365_apps_for_enterprise16.0.1https://aka.ms/OfficeSecurityReleases

🔴Vulnerability Details

3
VulDB
Microsoft Office LTSC 2024 Word use after free (Nessus ID 306451)2026-04-15
GHSA
GHSA-4wh4-v696-2r7r: Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally2026-04-14
CVEList
Microsoft Word Remote Code Execution Vulnerability2026-04-14