CVE-2026-32198
Published: 14 April 2026
Summary
CVE-2026-32198 is a high-severity Use After Free (CWE-416) vulnerability. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 21.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2026-32198 is a use-after-free vulnerability (CWE-416) affecting Microsoft Office Excel. Published on 2026-04-14T18:17:26.473, it carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). The issue enables an unauthorized attacker to execute code locally by exploiting memory management flaws in Excel.
Exploitation requires local access to the target system (AV:L) with low attack complexity (AC:L) and no privileges (PR:N), but user interaction is necessary (UI:R), such as opening a specially crafted Excel file. Upon success, the attacker achieves high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H) without scope change (S:U), allowing arbitrary code execution under the context of the interacting user.
Mitigation details are available in the Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32198.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-22581
Vulnerability details
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Use-after-free RCE in Excel triggered by opening a crafted file directly enables client-side exploitation (T1203), user execution of malicious files (T1204.002), and common delivery via spearphishing attachments (T1566.001).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires timely remediation of flaws like the use-after-free vulnerability in Excel through vendor patches, directly preventing exploitation.
Implements memory protection mechanisms such as ASLR and DEP that directly mitigate use-after-free exploits by preventing unauthorized code execution from memory corruption.
Deploys malicious code protection tools to scan and block specially crafted Excel files exploiting the vulnerability before user interaction.