Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.8
Microsoft Office Excel Untrusted Pointer Dereference Allows Local Code Execution
CVE-2026-26112
Summary
An attacker can execute malicious code on a system running Microsoft Office Excel if they have access to the user's files. This could allow them to install malware or make unauthorized changes. Users should ensure they have the latest version of Excel installed and be cautious when opening files from untrusted sources.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| microsoft | 365_apps | All versions | – |
| microsoft | 365_apps | All versions | – |
| microsoft | excel | 2016 | – |
| microsoft | excel | 2016 | – |
| microsoft | office | 2019 | – |
| microsoft | office | 2019 | – |
| microsoft | office_long_term_servicing_channel | 2021 | – |
| microsoft | office_long_term_servicing_channel | 2021 | – |
| microsoft | office_long_term_servicing_channel | 2021 | – |
| microsoft | office_long_term_servicing_channel | 2024 | – |
| microsoft | office_long_term_servicing_channel | 2024 | – |
| microsoft | office_long_term_servicing_channel | 2024 | – |
| microsoft | office_online_server | <= 16.0.10417.20102 | – |
Original title
Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Original description
Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
nvd CVSS3.1
7.8
Vulnerability type
CWE-822
Published: 10 Mar 2026 · Updated: 14 Mar 2026 · First seen: 11 Mar 2026