CVE-2023-32046

Exploited in the Wild ✓ Confirmed 0-Day ★ Google Project Zero

Triaged: March 3, 2026 5 articles

VulnLookup ↗ NVD ↗ MITRE ↗ Advisory ↗ P0 Sheet ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-24

42.66%

probability

This CVE has a 42.66% probability of being exploited in the next 30 days.

0% Top 97.5th percentile of all CVEs 100%

CVSS score unavailable

Neither CIRCL nor NVD returned a CVSS score for this CVE. View on VulnerabilityLookup ↗

Description

Project Zero

MSHTML Platform Elevation of Privilege

Google Project Zero

Patched

July 11, 2023

Reported by

Microsoft Threat Intelligence Center (MSTIC)

Root Cause Analysis

???

Microsoft Releases Patches for 132 Vulnerabilities, Including 6 Under Active Attack

TheHackerNews

Microsoft and Adobe Patch Tuesday, July 2023 Security Update Review

Qualys Jul 11, 2023

Inside the customer environment: Where threat actors, vulnerabilities, and exposed assets intersect

Tenable-Research May 27, 2026

Microsoft July 2023 Patch Tuesday warns of 6 zero-days, 132 flaws

BleepingComputer Jul 11, 2023

Security Advisory 2023-045

CERT-EU Jul 12, 2023

Signal Intelligence

Confidenceⓘ

78%

EPSS 42.66%

Mentions 5

Last Seen May 27, 2026

CNA Information

Analyst Note

CVE-2023-32046 is a Windows MSHTML elevation of privilege vulnerability with a HIGH CVSS score (7.8) that was flagged by Google Project Zero, indicating credible external security research validation. Official patch documentation from CERT-EU's July 2023 Patch Tuesday advisory corroborates the vulnerability's existence and vendor acknowledgment, though its absence from CISA KEV and limited article coverage suggest it may not yet be actively exploited in the wild.

Triage Info

Decided atMar 03, 2026