# CVE-2026-33824

> A remote code execution vulnerability exists in Microsoft Office and Outlook due to an OLE object handling bug. An attacker could exploit this vulnerability by sending a specially crafted email; previewing the email in the Outlook Preview Pane is sufficient to trigger exploitation without requiring the user to open the message. Successful exploitation allows arbitrary code execution in the context of the user. The vulnerability was disclosed as part of the Microsoft April 2026 Patch Tuesday release, which remediated 167 vulnerabilities. This CVE was rated Critical severity with a CVSS 8.4 base

- **CVSS:** 8.4 (HIGH)
- **EPSS:** 0.1%
- **CWE:** CWE-843

Canonical: https://intel.threadlinqs.com/cve/CVE-2026-33824
Full threat coverage + IOCs via the Threadlinqs MCP server (Purple tier): https://intel.threadlinqs.com/mcp