Microsoft published security advisories for several Microsoft Word Remote Code Execution flaws, including CVE-2026-40364, CVE-2026-40367, and the earlier CVE-2026-33114, indicating multiple distinct code-execution issues affecting Word. The entries were released through the Microsoft Security Response Center's Security Update Guide and identify the vulnerabilities as capable of enabling remote code execution in the Office application.
The disclosures point to an ongoing stream of Word security fixes rather than a single isolated bug, underscoring continued risk around malicious document handling in enterprise environments. Organizations that rely on Microsoft Office should review the affected product listings and associated updates for each CVE in the Security Update Guide and prioritize patch deployment for systems where Word is installed or used to open untrusted files.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
3 events from the most recent confirmed update back to the earliest known activity.
Microsoft published CVE-2026-40367 in its Security Update Guide as a Microsoft Word remote code execution vulnerability. The reference is dated 2026-05-12.
Microsoft published CVE-2026-40364 in its Security Update Guide as a Microsoft Word remote code execution vulnerability. The reference is dated 2026-05-12.
Microsoft added CVE-2026-33114, a Microsoft Word remote code execution vulnerability, to its Security Update Guide. The reference indicates the advisory was published on 2026-04-14.
4 references tracked. Mallory keeps watching after this page renders.
msrc.microsoft.com
Open sourcemsrc.microsoft.com
Open sourcemsrc.microsoft.com
Open sourcemsrc.microsoft.com
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.