CVE-2026-33095 — Use After Free in Microsoft 365 Apps FOR Enterprise

Severity

7.8HIGHNVD

EPSS

0.1%

top 81.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedApr 14

Description

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

▶CVEListV5microsoft/microsoft_office_ltsc_202116.0.1 — https://aka.ms/OfficeSecurityReleases

▶CVEListV5microsoft/microsoft_office_ltsc_202416.0.0 — https://aka.ms/OfficeSecurityReleases

▶CVEListV5microsoft/microsoft_365_apps_for_enterprise16.0.1 — https://aka.ms/OfficeSecurityReleases

VulDB

Microsoft Office LTSC/LTSC 2021/LTSC 2024 Word use after free↗2026-04-14

▶

GHSA

GHSA-2cgh-c2fq-mxqp: Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally↗2026-04-14

▶

CVEList

Microsoft Word Remote Code Execution Vulnerability↗2026-04-14

▶