# CVE-2026-32190

> A heap-based buffer overflow vulnerability exists in Microsoft Word that allows remote code execution via the Preview Pane. Opening or previewing a specially crafted .docx file triggers heap corruption, enabling an attacker to execute arbitrary code in the context of the current user. The attack vector through the Preview Pane means exploitation can occur without the user explicitly opening the document, significantly increasing the risk surface. This vulnerability was patched as part of the Microsoft April 2026 Patch Tuesday release addressing 167 vulnerabilities.

- **CVSS:** 8.4 (HIGH)
- **EPSS:** 0.1%
- **CWE:** CWE-122

Canonical: https://intel.threadlinqs.com/cve/CVE-2026-32190
Full threat coverage + IOCs via the Threadlinqs MCP server (Purple tier): https://intel.threadlinqs.com/mcp