Microsoft has disclosed multiple Microsoft Word remote code execution flaws in its Security Update Guide, including CVE-2026-40366, CVE-2026-40361, and the earlier-listed CVE-2026-33115. The advisories identify all three issues as Word RCE vulnerabilities, indicating that specially crafted Word documents or related content could allow arbitrary code execution in affected environments.
The newly published entries for CVE-2026-40366 and CVE-2026-40361 expand a growing set of Word security issues alongside CVE-2026-33115, underscoring continued risk around document-based attack paths in Microsoft Office. Organizations using Microsoft Word should review the corresponding Security Update Guide entries, prioritize patch deployment, and reinforce controls for untrusted document handling while assessing exposure across user endpoints.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
3 events from the most recent confirmed update back to the earliest known activity.
Microsoft published a Security Update Guide entry for CVE-2026-40359, described as a Microsoft Excel Remote Code Execution Vulnerability. The reference indicates the advisory was published on 2026-05-12.
Microsoft published Security Update Guide entries for CVE-2026-40361 and CVE-2026-40366, both described as Microsoft Word Remote Code Execution Vulnerabilities. Both references show a publication date of 2026-05-12.
Microsoft added CVE-2026-33115 to its Security Update Guide as a Microsoft Word Remote Code Execution Vulnerability. The reference indicates the advisory was published on 2026-04-14.
6 references tracked. Mallory keeps watching after this page renders.
msrc.microsoft.com
Open sourcemsrc.microsoft.com
Open sourcemsrc.microsoft.com
Open sourcemsrc.microsoft.com
Open sourcemsrc.microsoft.com
Open sourcemsrc.microsoft.com
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.