Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.8
Microsoft Office Excel allows malicious code execution locally
CVE-2026-26108
Summary
A flaw in Microsoft Office Excel can allow attackers to run unauthorized code on a computer, potentially leading to data theft or system compromise. This affects Microsoft Office Excel users, particularly those who open untrusted files. To stay safe, only open documents from trusted sources and keep your software up to date.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| microsoft | 365_apps | All versions | – |
| microsoft | 365_apps | All versions | – |
| microsoft | excel | 2016 | – |
| microsoft | excel | 2016 | – |
| microsoft | office | 2019 | – |
| microsoft | office | 2019 | – |
| microsoft | office_long_term_servicing_channel | 2021 | – |
| microsoft | office_long_term_servicing_channel | 2021 | – |
| microsoft | office_long_term_servicing_channel | 2021 | – |
| microsoft | office_long_term_servicing_channel | 2024 | – |
| microsoft | office_long_term_servicing_channel | 2024 | – |
| microsoft | office_long_term_servicing_channel | 2024 | – |
| microsoft | office_online_server | <= 16.0.10417.20102 | – |
| microsoft | office_online_server | All versions | – |
Original title
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Original description
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
nvd CVSS3.1
7.8
Vulnerability type
CWE-122
Heap-based Buffer Overflow
CWE-787
Out-of-bounds Write
Published: 10 Mar 2026 · Updated: 14 Mar 2026 · First seen: 11 Mar 2026