CVE-2026-40361 – Microsoft Word Remote Code Execution Vulnerability

A critical remote code execution vulnerability exists in Microsoft Word due to a use-after-free flaw. An unauthorized attacker could exploit the issue to execute code locally when malicious Word content is processed. The Preview Pane is confirmed as an attack vector, and exploitation is assessed as More Likely.
CVSS Score: 8.4
SEVERITY: Critical
THREAT:
This vulnerability could allow attackers to execute arbitrary code through malicious Word content. Successful exploitation may lead to endpoint compromise, malware execution, sensitive data theft, and broader access inside the organization.

EXPLOITS:
At the time of publication, Microsoft reports that the vulnerability was not publicly disclosed and was not exploited. Exploit Code Maturity is listed as Unproven, but exploitation is assessed as More Likely.

TECHNICAL SUMMARY:
CVE-2026-40361 is caused by a use-after-free condition in Microsoft Office Word. The flaw occurs when Word improperly handles memory after it has been freed, which can allow specially crafted content to trigger code execution on the local system. Although the title says remote code execution, the CVSS attack vector is Local because the malicious content must be processed locally. The Preview Pane is an attack vector, which increases risk during routine document preview activity.

EXPLOITABILITY:
Affected software is Microsoft Office Word. Exploitation requires malicious Word content to be processed locally, including through the Preview Pane. No privileges or user interaction are required according to the CVSS metrics.

BUSINESS IMPACT:
A successful exploit could compromise employee workstations, expose confidential documents, enable credential theft, and provide attackers with an entry point into the enterprise. Word files are commonly shared through email and collaboration tools, making this vulnerability highly relevant to phishing-based attacks.

WORKAROUND:
No mitigations or workarounds are listed. Apply the official Microsoft security update.

URGENCY:
This vulnerability should be prioritized because it is Critical, the Preview Pane is an attack vector, and exploitation is assessed as More Likely. Document-based attacks can move quickly through normal business workflows and may require very little user involvement.