High severity7.8NVD Advisory· Published Apr 14, 2026· Updated Apr 29, 2026
CVE-2026-23657
CVE-2026-23657
Description
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Affected products
5cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:-:x64:*+ 1 more
- cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:-:x64:*
- cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:-:x86:*
Patches
Vulnerability mechanics
References
1- msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23657nvdVendor Advisory
News mentions
1- Patch Tuesday - April 2026Rapid7 Blog · Apr 14, 2026