CVE-2026-23657
Published: 14 April 2026
Summary
CVE-2026-23657 is a high-severity Use After Free (CWE-416) vulnerability. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 21.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2026-23657 is a use-after-free vulnerability (CWE-416) affecting Microsoft Office Word. Published on 2026-04-14, it enables an unauthorized attacker to execute code locally, earning a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).
The vulnerability can be exploited by an unauthorized attacker with local access to the target system. Exploitation requires low complexity and user interaction, such as opening a malicious Word document. Successful attacks allow arbitrary code execution with high impacts on confidentiality, integrity, and availability.
Microsoft's Security Response Center provides mitigation guidance in its update guide at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23657.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-22361
Vulnerability details
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Use-after-free in Word enables arbitrary code execution via malicious document (T1204.002 User Execution: Malicious File) and client-side exploitation (T1203).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires identification, reporting, and timely remediation of the use-after-free flaw in Microsoft Office Word via vendor patches.
Implements memory protection mechanisms that directly mitigate use-after-free vulnerabilities by enforcing controls on memory access and preventing unauthorized code execution.
Deploys malicious code protection tools to scan and block malicious Word documents or prevent code execution from UAF exploitation.