High severity8.4NVD Advisory· Published May 12, 2026· Updated May 13, 2026
CVE-2026-40361
CVE-2026-40361
Description
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
12- Week in review: Cisco patches SD-WAN 0-day, unpatched Microsoft Exchange Server flaw exploitedHelp Net Security · May 17, 2026
- May 2026 Patch Tuesday: no zero-days but plenty to fixMalwarebytes Labs · May 13, 2026
- Microsoft’s agentic security system found four critical Windows RCE flawsHelp Net Security · May 13, 2026
- Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE FlawsThe Hacker News · May 13, 2026
- Microsoft Patches Critical Zero-Click Outlook Vulnerability Threatening EnterprisesSecurityWeek · May 13, 2026
- It's Patch Tuesday for Microsoft & Not a Zero-Day In SightDark Reading · May 12, 2026
- Microsoft Patch Tuesday for May 2026 — Snort rules and prominent vulnerabilitiesCisco Talos Intelligence · May 12, 2026
- Microsoft May 2026 Patch Tuesday: Many fixes, but no zero-daysHelp Net Security · May 12, 2026
- Microsoft May 2026 Patch Tuesday fixes 120 flaws, no zero-daysBleepingComputer · May 12, 2026
- Microsoft Patches 137 VulnerabilitiesSecurityWeek · May 12, 2026
- Microsoft’s May 2026 Patch Tuesday Addresses 118 CVEs (CVE-2026-41103)Tenable Blog · May 12, 2026
- May 2026 Patch Tuesday: 30 Critical Vulnerabilities Among 130 CVEsCrowdStrike Blog