{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23657", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "state": "PUBLISHED", "assignerShortName": "microsoft", "dateReserved": "2026-01-14T16:59:33.463Z", "datePublished": "2026-04-14T16:57:52.448Z", "dateUpdated": "2026-05-12T17:38:48.496Z"}, "containers": {"cna": {"title": "Microsoft Word Remote Code Execution Vulnerability", "datePublic": "2026-04-14T14:00:00.000Z", "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*", "versionStartIncluding": "16.0.1", "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*", "versionStartIncluding": "16.0.0", "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases"}]}]}], "affected": [{"vendor": "Microsoft", "product": "Microsoft 365 Apps for Enterprise", "platforms": ["32-bit Systems", "x64-based Systems"], "versions": [{"version": "16.0.1", "lessThan": "https://aka.ms/OfficeSecurityReleases", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Office LTSC 2024", "platforms": ["32-bit Systems", "x64-based Systems"], "versions": [{"version": "16.0.0", "lessThan": "https://aka.ms/OfficeSecurityReleases", "versionType": "custom", "status": "affected"}]}], "descriptions": [{"value": "Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "CWE-416: Use After Free", "lang": "en-US", "type": "CWE", "cweId": "CWE-416"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-05-12T17:38:48.496Z"}, "references": [{"name": "Microsoft Word Remote Code Execution Vulnerability", "tags": ["vendor-advisory", "patch"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23657"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "HIGH", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-23657", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-15T03:56:53.059731Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-15T09:13:16.619Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-23657", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-15T03:56:53.059731Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-15T09:08:56.554Z"}}], "cna": {"title": "Microsoft Word Remote Code Execution Vulnerability", "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "Microsoft", "product": "Microsoft 365 Apps for Enterprise", "versions": [{"status": "affected", "version": "16.0.1", "lessThan": "https://aka.ms/OfficeSecurityReleases", "versionType": "custom"}], "platforms": ["32-bit Systems", "x64-based Systems"]}, {"vendor": "Microsoft", "product": "Microsoft Office LTSC 2024", "versions": [{"status": "affected", "version": "16.0.0", "lessThan": "https://aka.ms/OfficeSecurityReleases", "versionType": "custom"}], "platforms": ["32-bit Systems", "x64-based Systems"]}], "datePublic": "2026-04-14T14:00:00.000Z", "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23657", "name": "Microsoft Word Remote Code Execution Vulnerability", "tags": ["vendor-advisory", "patch"]}], "descriptions": [{"lang": "en-US", "value": "Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-416", "description": "CWE-416: Use After Free"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases", "versionStartIncluding": "16.0.1"}, {"criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*", "vulnerable": true, "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases", "versionStartIncluding": "16.0.0"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-05-12T17:38:48.496Z"}}}, "cveMetadata": {"cveId": "CVE-2026-23657", "state": "PUBLISHED", "dateUpdated": "2026-05-12T17:38:48.496Z", "dateReserved": "2026-01-14T16:59:33.463Z", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "datePublished": "2026-04-14T16:57:52.448Z", "assignerShortName": "microsoft"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*", "matchCriteriaId": "3259EBFE-AE2D-48B8-BE9A-E22BBDB31378", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*", "matchCriteriaId": "CD25F492-9272-4836-832C-8439EBE64CCF", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:-:x64:*", "matchCriteriaId": "D31E509A-0B2E-4B41-88C4-0099E800AFE6", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:-:x86:*", "matchCriteriaId": "017A7041-BEF1-4E4E-AC8A-EFC6AFEB01FE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally."}], "id": "CVE-2026-23657", "lastModified": "2026-04-29T19:11:56.700", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "secure@microsoft.com", "type": "Primary"}]}, "published": "2026-04-14T18:16:44.327", "references": [{"source": "secure@microsoft.com", "tags": ["Vendor Advisory"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23657"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "secure@microsoft.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": ["32-bit_systems", "x64-based_systems"], "status": "affected", "versions": {"scheme": "generic", "value": "[16.0.1,https://aka.ms/OfficeSecurityReleases)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Microsoft 365 Apps for Enterprise", "source": "cna", "vendor": "Microsoft"}, "product": "microsoft_365_apps_for_enterprise", "vendor": "microsoft"}, {"configurations": [{"platform": ["32-bit_systems", "x64-based_systems"], "status": "affected", "versions": {"scheme": "generic", "value": "[16.0.0,https://aka.ms/OfficeSecurityReleases)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "Microsoft Office LTSC 2024", "source": "cna", "vendor": "Microsoft"}, "product": "office_2024", "vendor": "microsoft"}], "analysis": {"en": {"generated_at": "2026-04-14T19:16:13.430040+00:00", "value": {"mitigation_remediation": ["Apply the latest Office update from Microsoft\u2019s update guide.", "If the update has not yet been released, refrain from opening unknown or untrusted Word documents until a patch is available.", "Use email filtering rules or sandboxing to block or quarantine malicious DOCX files.", "Monitor for anomalous Office process activity with endpoint protection solutions."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "Microsoft 365 Apps for Enterprise and Microsoft Office LTSC 2024 are affected. All current releases within these product families are at risk, as no specific sub\u2011versions are listed. Users of these Office deployments should consider themselves potentially exposed.", "description_and_impact": "A use\u2011after\u2011free flaw in Microsoft Office Word allows an attacker to trigger execution of arbitrary code with the privileges of the user who opens a malicious document. The vulnerability causes the software to access freed memory again, enabling the attacker to influence Word\u2019s processing and run code. This can compromise the confidentiality, integrity, and availability of the victim\u2019s data and system. The weakness is classified under CWE\u2011416.", "risk_and_exploitability": "The CVSS base score of 7.8 denotes high severity. EPSS score is not published and the vulnerability is not in the CISA KEV catalog, but the lack of these metrics does not reduce the practical risk. Based on the description, it is inferred that the attacker must supply a specially crafted Word document, which an end\u2011user opens, making the attack vector likely local or remote via email or file transfer. If exploited, the attacker obtains full control within the user\u2019s session, allowing further lateral movement or persistence."}}}}, "created": "2026-04-15T14:54:10.487954+00:00", "updated": "2026-04-15T15:00:06.168983+00:00", "vendors": ["microsoft", "microsoft$PRODUCT$microsoft_365_apps_for_enterprise", "microsoft$PRODUCT$office_2024"]}