Skip to main content
Live Webinar with SANS (June 25)— Agentic CTI Automation for Fun & ProfitRegister Free
Mallory
Back to vulnerabilities
High

Microsoft Word Untrusted Pointer Dereference Remote Code Execution Vulnerability

IdentifiersCVE-2026-33114CWE-822· Untrusted Pointer Dereference

CVE-2026-33114 is a Critical remote code execution vulnerability in Microsoft Office Word caused by an untrusted pointer dereference. The available reporting describes the flaw as affecting Microsoft Word and indicates that exploitation can occur via the Preview Pane attack surface. Supporting sources also state that exploitation results in local code execution, with code from the local machine needing to be executed as part of the exploit chain. No vulnerable function or deeper implementation detail is provided in the supplied content.

Share:
For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial
ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation can lead to arbitrary code execution in the context of the affected Word process on the local system. Because the flaw is in Microsoft Word and is described as exploitable through the Preview Pane vector, opening or previewing a malicious document could enable attacker-controlled code execution, subject to the stated local execution requirement.

Mitigation

If you can’t patch tonight, do this now.

Until patching is completed, reduce exposure by disabling or avoiding the Preview Pane for untrusted documents, blocking or filtering untrusted Office/Word files from email and web downloads, and preventing execution of untrusted local code on endpoints. Use Microsoft Office Protected View, application control, and least-privilege controls where feasible. The supplied content does not list an official vendor workaround beyond patching.

Remediation

Patch, then assume compromise.

Apply Microsoft's April 2026 security updates for Microsoft Office Word / Microsoft 365 that address CVE-2026-33114. The provided content does not include KB numbers or version-specific fixed builds, so the exact patched versions are not available from the supplied material.
PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType
Microsoft Corporation365 Appsapplication
Microsoft CorporationOffice 2021application
Microsoft CorporationOffice 2024application
Microsoft CorporationOffice Long Term Servicing Channelapplication
Microsoft CorporationOffice Macos 2021application
Microsoft CorporationOffice Macos 2024application
Microsoft CorporationWordapplication

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

7 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

7 SOURCESView more in app
sophos threat researchNews
Apr 17, 2026
Microsoft addresses 163 CVEs, 88 advisories for April Patch Tuesday | SOPHOS

A critical Microsoft Word remote code execution vulnerability affecting Office and Microsoft 365, with the Preview Pane identified as an attack vector.

Read more
cyberthroneNews
Apr 15, 2026
Microsoft Patch Tuesday - April 2026 - TheCyberThrone

A critical Microsoft Word remote code execution vulnerability caused by a pointer dereference issue.

Read more
talos intelligence blogNews
Apr 14, 2026
Microsoft Patch Tuesday for April 2026 - Snort Rule and Prominent Vulnerabilities

A critical untrusted pointer dereference vulnerability in Microsoft Office Word that could allow local code execution.

Read more
dark readingNews
Apr 14, 2026
Privilege Elevation Dominates Massive Microsoft Patch Update

A critical remote code execution vulnerability in Microsoft Word.

Read more
What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.
Start free trial
Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity3

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES
MITRE CVE
cve.org · CVE-2026-33114
NVD
nvd.nist.gov/vuln/detail/CVE-2026-33114
MITRE CWE · CWE-822
Untrusted Pointer Dereference
Vendor Advisory
msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33114