CVE-2023-36584

Exploited in the Wild ✓ Confirmed 0-Day

Triaged: March 20, 2026 2 articles

VulnLookup ↗ NVD ↗ MITRE ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-24

15.42%

probability

This CVE has a 15.42% probability of being exploited in the next 30 days.

0% Top 94.7th percentile of all CVEs 100%

CVSS score unavailable

Neither CIRCL nor NVD returned a CVSS score for this CVE. View on VulnerabilityLookup ↗

Microsoft October 2023 Patch Tuesday fixes 3 zero-days, 104 flaws

BleepingComputer Oct 10, 2023

CISA Adds Three Security Flaws with Active Exploitation to KEV Catalog

TheHackerNews

Signal Intelligence

Confidenceⓘ

78%

EPSS 15.42%

Mentions 2

Last Seen Oct 10, 2023

CNA Information

Analyst Note

CVE-2023-36584 is explicitly listed in Microsoft's October 2023 Patch Tuesday as one of 3 zero-days, and CISA added it to the KEV catalog based on evidence of active exploitation in the wild. The timing alignment between patch availability and exploitation reports, combined with CISA's KEV listing, supports zero-day classification.

Threat Actors 1

RomCom

apt_group Financial gain 🇷🇺 RU

Triage Info

Decided atMar 20, 2026