CVE-2026-32198
published 2026-04-14CVE-2026-32198: Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | excel | — | — |
| microsoft | microsoft_365_apps_for_enterprise | >= 16.0.1 < https://aka.ms/OfficeSecurityReleases | https://aka.ms/OfficeSecurityReleases |
| microsoft | microsoft_excel_2016 | >= 16.0.0.0 < 16.0.5548.1000 | 16.0.5548.1000 |
| microsoft | microsoft_office_2019 | >= 19.0.0 < https://aka.ms/OfficeSecurityReleases | https://aka.ms/OfficeSecurityReleases |
| microsoft | microsoft_office_ltsc_2021 | >= 16.0.1 < https://aka.ms/OfficeSecurityReleases | https://aka.ms/OfficeSecurityReleases |
| microsoft | microsoft_office_ltsc_2024 | >= 16.0.0 < https://aka.ms/OfficeSecurityReleases | https://aka.ms/OfficeSecurityReleases |
| microsoft | microsoft_office_ltsc_for_mac_2021 | >= 16.0.1 < 16.108.26041219 | 16.108.26041219 |
| microsoft | microsoft_office_ltsc_for_mac_2024 | >= 16.0.0 < 16.108.26041219 | 16.108.26041219 |
| microsoft | office | — | — |
| microsoft | office_long_term_servicing_channel | — | — |
| microsoft | office_long_term_servicing_channel | — | — |
| microsoft | office_online_server | < 16.0.10417.20113 | 16.0.10417.20113 |
| microsoft | office_online_server | >= 16.0.0.0 < 16.0.10417.20113 | 16.0.10417.20113 |