Apr 2026: Microsoft Word Remote Code Execution Vulnerability
CVE-2026-23657 Published on April 14, 2026

Microsoft Word Remote Code Execution Vulnerability
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Vendor Advisory NVD

Weakness Type

What is a Dangling pointer Vulnerability?

Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

CVE-2026-23657 has been classified to as a Dangling pointer vulnerability or weakness.

Products Associated with CVE-2026-23657

stack.watch emails you whenever new vulnerabilities are published in Microsoft 365 Apps or Microsoft Office 2024. Just hit a watch button to start following.

Microsoft 365 Apps

Microsoft Office 2024

Affected Versions

Microsoft 365 Apps for Enterprise:

Version 16.0.1 and below https://aka.ms/OfficeSecurityReleases is affected.

Microsoft Office LTSC 2024:

Version 16.0.0 and below https://aka.ms/OfficeSecurityReleases is affected.

Apr 2026: Microsoft Word Remote Code Execution VulnerabilityCVE-2026-23657 Published on April 14, 2026

Weakness Type

What is a Dangling pointer Vulnerability?

Products Associated with CVE-2026-23657

Affected Versions

Apr 2026: Microsoft Word Remote Code Execution Vulnerability
CVE-2026-23657 Published on April 14, 2026