DNA View

High Severity Vulnerability

This vulnerability has been rated as High severity. Immediate action is recommended.

CVE-2026-33095

High

Low Medium High Critical

7.8

CVSS Score

Published: Apr 14, 2026

Last Modified: Apr 29, 2026

CWE: CWE-416

Vulnerability Description

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVSS Metrics

Common Vulnerability Scoring System

Vector String:

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Known Affected Software

3 configuration(s) from 1 vendor(s)

office_long_term_servicing_channel

Version:

2024

CPE:

cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:-:x64:*

office_long_term_servicing_channel

Version:

2021

CPE:

cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x86:*

365_apps

Version:

CPE:

cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*

This vulnerability affects 3 software configuration(s). Ensure you patch all affected systems.

References & Resources

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33095
secure@microsoft.com Vendor Advisory

Severity Details

7.8

out of 10.0

High

Weakness Type (CWE)

CWE-416 Top 25 #12

Use After Free

Description: The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations…
Exploit Likelihood: High
Typical Severity: High
Abstraction Level: Variant