Skip to main content
Live Webinar with SANS (June 25)— Agentic CTI Automation for Fun & ProfitRegister Free
Mallory
Back to vulnerabilities
High

Microsoft Word Use-After-Free Remote Code Execution Vulnerability

IdentifiersCVE-2026-33115CWE-416· Use After Free

CVE-2026-33115 is a Critical use-after-free vulnerability in Microsoft Office Word. The provided content states that the flaw affects Word and that the Preview Pane is an attack vector. Multiple supporting references describe it as a Microsoft Word remote code execution vulnerability and specifically classify the weakness as a use-after-free. Successful exploitation results in code execution on the affected system when malicious Word content is processed, including through preview-related handling.

Share:
For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial
ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation can allow arbitrary code execution in the security context of the local user on the affected system. As reflected in the provided advisory content, this can have high impact on confidentiality, integrity, and availability, enabling an attacker to run attacker-controlled code, access or modify data available to that user, install additional payloads, or use the compromised host as a foothold for further activity.

Mitigation

If you can’t patch tonight, do this now.

No specific vendor workaround is provided in the supplied content beyond applying the official fix. Based on the provided advisory context that the Preview Pane is an attack vector, organizations should reduce exposure to untrusted Word documents until patching is complete, including avoiding previewing untrusted files in Explorer/Outlook workflows where applicable and following Microsoft's guidance for handling malicious document exposure.

Remediation

Patch, then assume compromise.

Apply Microsoft's official security update for the affected Microsoft Office Word products. The provided content indicates that Microsoft has released a vendor fix for this vulnerability. Standard remediation is to deploy the April 2026 Microsoft security updates across affected Office/Word installations and verify patch coverage on systems that process Word documents, including endpoints where Preview Pane usage is common.
PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType
Microsoft Corporation365 Appsapplication
Microsoft CorporationOffice 2021application
Microsoft CorporationOffice 2024application
Microsoft CorporationOffice Long Term Servicing Channelapplication
Microsoft CorporationOffice Macos 2021application
Microsoft CorporationOffice Macos 2024application
Microsoft CorporationOffice Wordapplication
Microsoft CorporationWordapplication

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

7 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

7 SOURCESView more in app
sophos threat researchNews
Apr 17, 2026
Microsoft addresses 163 CVEs, 88 advisories for April Patch Tuesday | SOPHOS

A critical Microsoft Word remote code execution vulnerability affecting Office and Microsoft 365, with the Preview Pane identified as an attack vector.

Read more
cyberthroneNews
Apr 15, 2026
Microsoft Patch Tuesday - April 2026 - TheCyberThrone

A critical Microsoft Word remote code execution vulnerability caused by a use-after-free flaw.

Read more
talos intelligence blogNews
Apr 14, 2026
Microsoft Patch Tuesday for April 2026 - Snort Rule and Prominent Vulnerabilities

A critical use-after-free vulnerability in Microsoft Office Word that can result in local code execution.

Read more
dark readingNews
Apr 14, 2026
Privilege Elevation Dominates Massive Microsoft Patch Update

A critical remote code execution vulnerability in Microsoft Word.

Read more
What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.
Start free trial
Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity3

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES
MITRE CVE
cve.org · CVE-2026-33115
NVD
nvd.nist.gov/vuln/detail/CVE-2026-33115
MITRE CWE · CWE-416
Use After Free
Vendor Advisory
msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33115