CVE-2026-50467 – Microsoft Office Remote Code Execution Vulnerability

CVSS 7.8 IMPORTANT Critical or Zero Day – Immediate Deployment

“A single malicious Office file can quietly become the starting point for a much larger security breach.”

A use-after-free vulnerability in Microsoft Office allows an unauthorized attacker to execute arbitrary code on a local system. Successful exploitation requires a user to open a specially crafted Office document. Microsoft has released security updates for affected Microsoft Office products across Windows and macOS.

CVSS Score: 7.8

SEVERITY: Critical

THREAT:
This vulnerability allows an attacker to execute arbitrary code by persuading a user to open a specially crafted Office document. Malicious files can be delivered through phishing emails, collaboration platforms, or file-sharing services. If successful, the attacker can run code with the privileges of the current user, potentially leading to malware installation, credential theft, data compromise, or further attacks within the environment.

EXPLOITS:
At the time of publication, the vulnerability has not been publicly disclosed and Microsoft has not detected active exploitation. Microsoft assesses exploitation as less likely. The CVSS v3.1 temporal metrics list exploit code maturity as Unproven, and the available information does not confirm the existence of publicly available proof-of-concept exploit code.

TECHNICAL SUMMARY:
The vulnerability is caused by a use-after-free (CWE-416) memory management flaw in Microsoft Office. A specially crafted Office document can trigger memory corruption by referencing memory after it has been released, allowing arbitrary code execution. Although categorized as a Remote Code Execution vulnerability, Microsoft explains that exploitation occurs locally after the victim opens the malicious document.

EXPLOITABILITY:
Affected products include Microsoft 365 Apps for Enterprise (32-bit and 64-bit), Microsoft Office 2016, Microsoft Office 2019, Microsoft Office 365 for Mac, Microsoft Office LTSC 2021, Microsoft Office LTSC 2024, Microsoft Office LTSC for Mac 2021, and Microsoft Office LTSC for Mac 2024. Exploitation requires no attacker privileges but does require user interaction, specifically opening a specially crafted Office document.

BUSINESS IMPACT:
Office documents remain one of the most common delivery methods for phishing and malware campaigns. Successful exploitation could allow attackers to execute malicious code, deploy ransomware, steal sensitive business information, or establish persistence within the environment. Organizations that frequently exchange Office documents with external users face greater exposure.

WORKAROUND:
No mitigations or workarounds are available. Microsoft recommends installing the appropriate security updates for all affected Microsoft Office products.

URGENCY:
This vulnerability should be deployed urgently because it is rated Critical. While user interaction is required, malicious Office documents continue to be a common attack vector. Prompt deployment of the available security updates helps reduce the risk of compromise.

Key Details

Affected Product
Microsoft 365 Apps
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
CWE Classification
CWE-416
Patch this CVE on all your endpoints in under 5 minutes. First 200 endpoints are free forever, scale as needed.