Vulnerabilities ›

CVE-2026-40359

High

CWE-416 — Weakness Type

                    Published: May 12, 2026                      ·  Modified: May 19, 2026                      ·  Source: NVD                

CVSS v3

7.8

🔗 NVD Official

📄 Description (English)

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

🤖 AI Executive Summary

CVE-2026-40359 is a use-after-free vulnerability in Microsoft Office Excel with a CVSS score of 7.8 that enables local code execution. Currently, no patch is available and no public exploit exists, but the vulnerability poses significant risk to organizations relying on Excel for critical operations. Immediate mitigation through compensating controls and user awareness is essential until Microsoft releases a patch.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: May 18, 2026 15:16

🇸🇦 Saudi Arabia Impact Assessment

This vulnerability poses significant risk to Saudi banking sector (SAMA-regulated institutions), government agencies (NCA oversight), and energy sector (ARAMCO, Saudi Aramco subsidiaries) that heavily utilize Excel for financial modeling, reporting, and data analysis. Telecom operators (STC, Mobily) and healthcare institutions managing patient data through Excel spreadsheets are also at elevated risk. Local code execution capability could lead to lateral movement within critical infrastructure networks, data exfiltration, and system compromise.

🏢 Affected Saudi Sectors

Banking and Financial Services Government and Public Administration Energy and Utilities Telecommunications Healthcare Insurance Education

🎯 MITRE ATT&CK Techniques

T1203 - Exploitation for Client Execution T1559.001 - Inter-Process Communication: Component Object Model T1204.002 - User Execution: Malicious File T1547.001 - Boot or Logon Autostart Execution: Registry Run Keys T1566.001 - Phishing: Spearphishing Attachment T1053.005 - Scheduled Task/Job: Scheduled Task

⚖️ Saudi Risk Score (AI)

7.8

/ 10.0

🔧 Remediation Steps (English)

IMMEDIATE ACTIONS:

1. Disable Excel macros in all organizational systems via Group Policy (GPO) or Microsoft Intune

2. Restrict Excel file execution from untrusted sources and email attachments

3. Implement application whitelisting to prevent unauthorized code execution

4. Isolate critical systems running Excel from network access where possible



COMPENSATING CONTROLS:

5. Deploy endpoint detection and response (EDR) solutions with behavioral monitoring for Excel processes

6. Enable Windows Defender Application Guard for Office applications

7. Implement file integrity monitoring on Excel-related processes

8. Restrict user privileges to prevent local code execution impact



DETECTION:

9. Monitor for suspicious Excel process spawning (winword.exe, excel.exe creating cmd.exe, powershell.exe)

10. Alert on Excel accessing unusual memory regions or system calls

11. Track Excel file modifications and execution from temporary directories



PATCHING:

12. Subscribe to Microsoft Security Update Guide for CVE-2026-40359 patch release

13. Establish expedited patching process once patch becomes available

14. Test patches in isolated environment before enterprise deployment

🔧 خطوات المعالجة (العربية)

الإجراءات الفورية:

1. تعطيل وحدات ماكروز Excel في جميع أنظمة المنظمة عبر Group Policy أو Microsoft Intune

2. تقييد تنفيذ ملفات Excel من مصادر غير موثوقة والمرفقات البريدية

3. تطبيق القائمة البيضاء للتطبيقات لمنع تنفيذ أكواد غير مصرح بها

4. عزل الأنظمة الحرجة التي تشغل Excel عن الوصول للشبكة حيث أمكن

الضوابط البديلة:

5. نشر حلول كشف الاستجابة للنقاط الطرفية (EDR) مع المراقبة السلوكية لعمليات Excel

6. تفعيل Windows Defender Application Guard لتطبيقات Office

7. تطبيق مراقبة سلامة الملفات على عمليات Excel ذات الصلة

8. تقييد امتيازات المستخدمين لمنع تأثير تنفيذ الأكواد المحلية

الكشف:

9. مراقبة عمليات Excel المريبة التي تنشئ cmd.exe أو powershell.exe

10. التنبيه على وصول Excel لمناطق ذاكرة غير عادية أو استدعاءات نظام

11. تتبع تعديلات ملفات Excel والتنفيذ من المجلدات المؤقتة

التصحيح:

12. الاشتراك في Microsoft Security Update Guide لإصدار تصحيح CVE-2026-40359

13. إنشاء عملية تصحيح معجلة عند توفر التصحيح

14. اختبار التصحيحات في بيئة معزولة قبل النشر على مستوى المؤسسة

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

ECC 2024 A.5.1.1 - Information Security Policies ECC 2024 A.8.1.1 - User Endpoint Devices ECC 2024 A.8.2.1 - Privileged Access Rights ECC 2024 A.8.3.1 - Password Management ECC 2024 A.12.2.1 - Change Management ECC 2024 A.12.6.1 - Management of Technical Vulnerabilities

🔵 SAMA CSF

SAMA CSF ID.BE-1 - Business Environment SAMA CSF PR.AC-1 - Access Control SAMA CSF PR.PT-1 - Security Awareness and Training SAMA CSF DE.CM-1 - Detection Processes SAMA CSF RS.MI-1 - Incident Response Planning

🟡 ISO 27001:2022

ISO 27001:2022 A.5.1 - Policies for Information Security ISO 27001:2022 A.8.1 - User Endpoint Devices ISO 27001:2022 A.8.2 - Privileged Access Rights ISO 27001:2022 A.12.2 - Change Management ISO 27001:2022 A.12.6 - Management of Technical Vulnerabilities ISO 27001:2022 A.14.2 - Development Security

🟣 PCI DSS v4.0.1

PCI DSS 6.2 - Security Patches PCI DSS 6.5.1 - Injection Flaws PCI DSS 11.2 - Vulnerability Scanning

🔗 References & Sources 1

🔗

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40359

secure@microsoft.com

📊 CVSS Score

7.8

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack VectorL — Low / Local

Attack ComplexityL — Low / Local

Privileges RequiredN — None / Network

User InteractionR — Required

ScopeU — Unchanged

ConfidentialityH — High

IntegrityH — High

AvailabilityH — High

📋 Quick Facts

Severity High

CVSS Score7.8

CWECWE-416

EPSS0.06%

Exploit No

Patch ✗ No

Published 2026-05-12

Source Feed nvd

🇸🇦 Saudi Risk Score

7.8

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

CWE-416

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-40359

Introduce Yourself

Sign In Required