Cyber Resilience

CVE-2026-33114

High

Published: 14 April 2026

Published
14 April 2026
Modified
17 April 2026
KEV Added
Patch
CVSS Score v3.1 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0032 23.2th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-33114 is a high-severity Untrusted Pointer Dereference (CWE-822) vulnerability. Its CVSS base score is 8.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 23.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and CM-6 (Configuration Settings).

Deeper analysis

CVE-2026-33114 is an untrusted pointer dereference vulnerability (CWE-822) in Microsoft Office Word. It enables an unauthorized attacker to execute arbitrary code locally on a victim's machine. The vulnerability has a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for complete compromise of confidentiality, integrity, and availability with low complexity and no privileges required.

An attacker with local access to the target system can exploit this vulnerability by tricking a user into opening a maliciously crafted Word document. No user interaction beyond opening the file is needed, and no special privileges are required. Successful exploitation allows the attacker to execute code in the context of the Word process, potentially leading to full system compromise, such as privilege escalation, data theft, or deployment of malware.

For mitigation guidance and patch details, refer to the Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33114.

EU & UK References

Vulnerability details

Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
Why these techniques?

Untrusted pointer dereference in Microsoft Word enables arbitrary code execution when a crafted document is opened, directly mapping to exploitation of a client application vulnerability.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-21354Shared CWE-822
CVE-2026-20956Shared CWE-822
CVE-2026-26113Shared CWE-822
CVE-2025-24083Shared CWE-822
CVE-2026-26112Shared CWE-822
CVE-2026-20948Shared CWE-822
CVE-2026-40367Shared CWE-822
CVE-2025-21381Shared CWE-822
CVE-2025-21363Shared CWE-822
CVE-2026-20955Shared CWE-822

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the untrusted pointer dereference vulnerability in Microsoft Office Word through timely identification, reporting, and patching of flaws.

prevent

Implements memory protection mechanisms like ASLR and DEP to mitigate arbitrary code execution from untrusted pointer dereferences in Word documents.

prevent

Enforces hardened configuration settings for Microsoft Office, such as Protected View, to safely handle untrusted documents and prevent exploitation.

References