{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-40361/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.4,"id":"CVE-2026-40361"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Office Word"],"_cs_severities":["high"],"_cs_tags":["cve-2026-40361","use-after-free","code-execution","office-word","privilege-escalation"],"_cs_type":"advisory","_cs_vendors":["Microsoft"],"content_html":"\u003cp\u003eCVE-2026-40361 is a use-after-free vulnerability affecting Microsoft Office Word. This vulnerability allows an unauthorized attacker to execute code locally on a vulnerable system. The vulnerability resides in how Word handles certain objects in memory. If an object is freed and later accessed again, it can lead to arbitrary code execution. An attacker could potentially exploit this vulnerability by crafting a malicious Word document that, when opened, triggers the use-after-free condition. Successful exploitation could allow the attacker to execute arbitrary code in the context of the current user. This poses a significant risk to organizations as it could lead to data breaches, malware infections, or system compromise.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker crafts a malicious Microsoft Word document containing a specially crafted object designed to trigger the use-after-free vulnerability (CVE-2026-40361).\u003c/li\u003e\n\u003cli\u003eThe attacker delivers the malicious Word document to the victim via email or other means of file transfer.\u003c/li\u003e\n\u003cli\u003eThe victim opens the malicious Word document using a vulnerable version of Microsoft Office Word.\u003c/li\u003e\n\u003cli\u003eWord attempts to process the crafted object within the document.\u003c/li\u003e\n\u003cli\u003eThe vulnerability is triggered when Word attempts to access a memory location that has already been freed.\u003c/li\u003e\n\u003cli\u003eThe attacker gains control of the program counter due to the use-after-free condition.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages this control to execute arbitrary code on the victim\u0026rsquo;s machine.\u003c/li\u003e\n\u003cli\u003eThe attacker can then perform malicious actions such as installing malware, stealing sensitive data, or gaining further access to the network.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-40361 allows an attacker to execute arbitrary code locally on the victim\u0026rsquo;s machine. This could lead to a complete compromise of the affected system, including data theft, malware installation, and lateral movement within the network. Given the widespread use of Microsoft Office Word, this vulnerability poses a significant risk to a large number of users and organizations.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeploy the Sigma rules provided in this brief to your SIEM to detect potential exploitation attempts.\u003c/li\u003e\n\u003cli\u003eApply the security update provided by Microsoft to patch CVE-2026-40361 in Microsoft Office Word as soon as possible. Reference: \u003ca href=\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40361\"\u003ehttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40361\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEducate users about the risks of opening unsolicited or suspicious Word documents to mitigate the initial access vector.\u003c/li\u003e\n\u003cli\u003eEnable and monitor process creation logs on endpoints to detect suspicious processes spawned by Microsoft Word.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-12T18:34:49Z","date_published":"2026-05-12T18:34:49Z","id":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-40361-word-uaf/","summary":"CVE-2026-40361 is a use-after-free vulnerability in Microsoft Office Word that allows an unauthorized attacker to execute code locally.","title":"CVE-2026-40361: Microsoft Office Word Use-After-Free Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-40361-word-uaf/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-40361","version":"https://jsonfeed.org/version/1.1"}