Black & White Path

May 29, 2026 · Information Security

Zero‑Click Outlook RCE (CVE‑2026‑40361): Selecting a New Email Instantly Compromises the System

CVE‑2026‑40361 is a high‑severity, use‑after‑free vulnerability in Microsoft Outlook’s preview pane that enables remote code execution without any user interaction; the flaw, rated 8.4 CVSS and marked “Exploitation More Likely,” affects multiple Office versions and can be mitigated by immediate patching, disabling the preview pane, registry hardening, and layered email‑gateway and endpoint defenses.