CVE-2023-36761

Exploited in the Wild ✓ Confirmed 0-Day ★ Google Project Zero

Triaged: March 3, 2026 5 articles

VulnLookup ↗ NVD ↗ MITRE ↗ Advisory ↗ P0 Sheet ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-24

5.53%

probability

This CVE has a 5.53% probability of being exploited in the next 30 days.

0% Top 90.4th percentile of all CVEs 100%

CVSS score unavailable

Neither CIRCL nor NVD returned a CVSS score for this CVE. View on VulnerabilityLookup ↗

Description

Project Zero

Information disclosure vulnerability

Attack Intelligence

CWE-20 · Improper Input Validation CWE-707 · Improper Neutralization

Google Project Zero

Patched

Sept. 12, 2023

Reported by

Microsoft Threat Intelligence

Root Cause Analysis

???

Microsoft Releases Patch for Two New Actively Exploited Zero-Days Flaws

TheHackerNews

Microsoft September 2023 Patch Tuesday fixes 2 zero-days, 59 flaws

BleepingComputer Sep 12, 2023

Security Advisory 2023-064

CERT-EU Sep 13, 2023

Microsoft and Adobe Patch Tuesday, September 2023 Security Update Review

Qualys Sep 12, 2023

Microsoft October 2023 Patch Tuesday fixes 3 zero-days, 104 flaws

BleepingComputer Oct 10, 2023

Signal Intelligence

Confidenceⓘ

78%

EPSS 5.53%

Mentions 5

Last Seen Oct 10, 2023

CNA Information

Analyst Note

CVE-2023-36761 is confirmed as a legitimate Microsoft Word information disclosure vulnerability documented in the September 2023 Patch Tuesday cycle by CERT-EU. While not yet listed in CISA KEV and with limited public articles, the official vendor patch and credible institutional advisory provide strong corroboration of the vulnerability's existence.

Triage Info

Decided atMar 03, 2026