CVE-2026-40361

HIGH

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVSS v3.1 Score

8.4
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
LOCAL
Complexity
LOW
Privileges
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH
Published: 5/12/2026Modified: 5/13/2026

Related Intelligence (1)

CRITICALVulnerability

Microsoft Patches Critical Zero-Click Outlook Vulnerability Threatening Enterprises

CVE-2026-40361 is similar to a vulnerability found a decade ago, BadWinmail, which at the time was dubbed an “enterprise killer”. The post Microsoft Patches Critical Zero-Click Outlook Vulnerability Threatening Enterprises appeared first on SecurityWeek .

CVE-2026-40361
SecurityWeek

References (1)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40361