{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-20957", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "state": "PUBLISHED", "assignerShortName": "microsoft", "dateReserved": "2025-12-04T20:04:16.340Z", "datePublished": "2026-01-13T17:57:09.187Z", "dateUpdated": "2026-04-01T13:49:19.343Z"}, "containers": {"cna": {"title": "Microsoft Excel Remote Code Execution Vulnerability", "datePublic": "2026-01-13T16:00:00.000Z", "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:ltsc:*:*:*", "versionStartIncluding": "16.0.0.0", "versionEndExcluding": "16.0.10417.20083"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*", "versionStartIncluding": "19.0.0", "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*", "versionStartIncluding": "16.0.1", "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*", "versionStartIncluding": "16.0.1", "versionEndExcluding": "16.105.26011018"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*", "versionStartIncluding": "16.0.1", "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*", "versionStartIncluding": "16.0.0", "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*", "versionStartIncluding": "16.0.0", "versionEndExcluding": "16.105.26011018"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:excel_2016:*:*:*:*:*:*:x86:*", "versionStartIncluding": "16.0.0.0", "versionEndExcluding": "16.0.5535.1000"}]}]}], "affected": [{"vendor": "Microsoft", "product": "Microsoft 365 Apps for Enterprise", "platforms": ["32-bit Systems", "x64-based Systems"], "versions": [{"version": "16.0.1", "lessThan": "https://aka.ms/OfficeSecurityReleases", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Excel 2016", "platforms": ["32-bit Systems", "x64-based Systems"], "versions": [{"version": "16.0.0.0", "lessThan": "16.0.5535.1000", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Office 2019", "platforms": ["32-bit Systems", "x64-based Systems"], "versions": [{"version": "19.0.0", "lessThan": "https://aka.ms/OfficeSecurityReleases", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Office LTSC 2021", "platforms": ["32-bit Systems", "x64-based Systems"], "versions": [{"version": "16.0.1", "lessThan": "https://aka.ms/OfficeSecurityReleases", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Office LTSC 2024", "platforms": ["32-bit Systems", "x64-based Systems"], "versions": [{"version": "16.0.0", "lessThan": "https://aka.ms/OfficeSecurityReleases", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Office LTSC for Mac 2021", "versions": [{"version": "16.0.1", "lessThan": "16.105.26011018", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Office LTSC for Mac 2024", "versions": [{"version": "16.0.0", "lessThan": "16.105.26011018", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Office Online Server", "versions": [{"version": "16.0.0.0", "lessThan": "16.0.10417.20083", "versionType": "custom", "status": "affected"}]}], "descriptions": [{"value": "Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "CWE-191: Integer Underflow (Wrap or Wraparound)", "lang": "en-US", "type": "CWE", "cweId": "CWE-191"}, {"description": "CWE-122: Heap-based Buffer Overflow", "lang": "en-US", "type": "CWE", "cweId": "CWE-122"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-04-01T13:49:19.343Z"}, "references": [{"name": "Microsoft Excel Remote Code Execution Vulnerability", "tags": ["vendor-advisory", "patch"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20957"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "HIGH", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-20957", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-01-14T04:56:26.483241Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T15:04:18.357Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-20957", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-01-14T04:56:26.483241Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-13T18:34:12.595Z"}}], "cna": {"title": "Microsoft Excel Remote Code Execution Vulnerability", "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "Microsoft", "product": "Microsoft 365 Apps for Enterprise", "versions": [{"status": "affected", "version": "16.0.1", "lessThan": "https://aka.ms/OfficeSecurityReleases", "versionType": "custom"}], "platforms": ["32-bit Systems", "x64-based Systems"]}, {"vendor": "Microsoft", "product": "Microsoft Excel 2016", "versions": [{"status": "affected", "version": "16.0.0.0", "lessThan": "16.0.5535.1000", "versionType": "custom"}], "platforms": ["32-bit Systems", "x64-based Systems"]}, {"vendor": "Microsoft", "product": "Microsoft Office 2019", "versions": [{"status": "affected", "version": "19.0.0", "lessThan": "https://aka.ms/OfficeSecurityReleases", "versionType": "custom"}], "platforms": ["32-bit Systems", "x64-based Systems"]}, {"vendor": "Microsoft", "product": "Microsoft Office LTSC 2021", "versions": [{"status": "affected", "version": "16.0.1", "lessThan": "https://aka.ms/OfficeSecurityReleases", "versionType": "custom"}], "platforms": ["32-bit Systems", "x64-based Systems"]}, {"vendor": "Microsoft", "product": "Microsoft Office LTSC 2024", "versions": [{"status": "affected", "version": "16.0.0", "lessThan": "https://aka.ms/OfficeSecurityReleases", "versionType": "custom"}], "platforms": ["32-bit Systems", "x64-based Systems"]}, {"vendor": "Microsoft", "product": "Microsoft Office LTSC for Mac 2021", "versions": [{"status": "affected", "version": "16.0.1", "lessThan": "16.105.26011018", "versionType": "custom"}]}, {"vendor": "Microsoft", "product": "Microsoft Office LTSC for Mac 2024", "versions": [{"status": "affected", "version": "16.0.0", "lessThan": "16.105.26011018", "versionType": "custom"}]}, {"vendor": "Microsoft", "product": "Office Online Server", "versions": [{"status": "affected", "version": "16.0.0.0", "lessThan": "16.0.10417.20083", "versionType": "custom"}]}], "datePublic": "2026-01-13T16:00:00.000Z", "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20957", "name": "Microsoft Excel Remote Code Execution Vulnerability", "tags": ["vendor-advisory", "patch"]}], "descriptions": [{"lang": "en-US", "value": "Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-191", "description": "CWE-191: Integer Underflow (Wrap or Wraparound)"}, {"lang": "en-US", "type": "CWE", "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:ltsc:*:*:*", "vulnerable": true, "versionEndExcluding": "16.0.10417.20083", "versionStartIncluding": "16.0.0.0"}, {"criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases", "versionStartIncluding": "19.0.0"}, {"criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases", "versionStartIncluding": "16.0.1"}, {"criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*", "vulnerable": true, "versionEndExcluding": "16.105.26011018", "versionStartIncluding": "16.0.1"}, {"criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*", "vulnerable": true, "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases", "versionStartIncluding": "16.0.1"}, {"criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*", "vulnerable": true, "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases", "versionStartIncluding": "16.0.0"}, {"criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*", "vulnerable": true, "versionEndExcluding": "16.105.26011018", "versionStartIncluding": "16.0.0"}, {"criteria": "cpe:2.3:a:microsoft:excel_2016:*:*:*:*:*:*:x86:*", "vulnerable": true, "versionEndExcluding": "16.0.5535.1000", "versionStartIncluding": "16.0.0.0"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-04-01T13:49:19.343Z"}}}, "cveMetadata": {"cveId": "CVE-2026-20957", "state": "PUBLISHED", "dateUpdated": "2026-04-01T13:49:19.343Z", "dateReserved": "2025-12-04T20:04:16.340Z", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "datePublished": "2026-01-13T17:57:09.187Z", "assignerShortName": "microsoft"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*", "matchCriteriaId": "3259EBFE-AE2D-48B8-BE9A-E22BBDB31378", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*", "matchCriteriaId": "CD25F492-9272-4836-832C-8439EBE64CCF", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*", "matchCriteriaId": "09BF0981-749E-470B-A7AC-95AD087797EF", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*", "matchCriteriaId": "FF177984-A906-43FA-BF60-298133FBBD6B", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:-:x64:*", "matchCriteriaId": "851BAC4E-9965-4F40-9A6C-B73D9004F4C1", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:-:x86:*", "matchCriteriaId": "23B2FA23-76F4-4D83-A718-B8D04D7EA37B", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:macos:*:*", "matchCriteriaId": "BF0E8112-5B6F-4E55-8E40-38ADCF6FC654", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:-:x64:*", "matchCriteriaId": "D31E509A-0B2E-4B41-88C4-0099E800AFE6", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:-:x86:*", "matchCriteriaId": "017A7041-BEF1-4E4E-AC8A-EFC6AFEB01FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:macos:*:*", "matchCriteriaId": "EF3E56B5-E6A6-4061-9380-D421E52B9199", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office_online_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "08A33F86-5F76-4BF6-8C56-678924FDB333", "versionEndExcluding": "16.0.10417.20083", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally."}], "id": "CVE-2026-20957", "lastModified": "2026-01-14T19:47:43.980", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "secure@microsoft.com", "type": "Primary"}]}, "published": "2026-01-13T18:16:23.627", "references": [{"source": "secure@microsoft.com", "tags": ["Vendor Advisory"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20957"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-122"}, {"lang": "en", "value": "CWE-191"}], "source": "secure@microsoft.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-16T18:09:11.818208+00:00", "value": {"mitigation_remediation": ["Install the latest security updates for Microsoft Office as provided by the Microsoft Security Response Center or via Windows Update", "Configure Office settings to block or restrict execution of untrusted content: enable Protected View for all files and disable macros unless signed", "Deploy email filtering and endpoint protection to detect and block malicious Excel workbooks; consider implementing a least privilege model so that users run Office with minimum rights"], "summary": {"action": "Apply patch", "impact": "Local code execution"}, "threat_synthesis": {"affected_systems": "Microsoft identifies affected products in its Office suite, including Microsoft 365 Apps for Enterprise, Excel 2016, Office 2019, Office LTSC 2021 and LTSC 2024 for Windows and macOS, and the Office Online Server. The vulnerability applies to all supported 32\u2011bit and 64\u2011bit builds of these products, as indicated by the CPE list. No specific version numbers are listed, so all active releases of the mentioned Office versions are potentially impacted.", "description_and_impact": "A flaw in Microsoft Excel causes an integer underflow when processing worksheet data, creating an overflow condition that allows an attacker to execute arbitrary code on the host machine. This vulnerability is exploitable through a crafted Excel workbook that a user opens or imports. The resulting code runs with the privileges of the user who opens the file, granting the attacker the ability to manipulate files, install malware, or otherwise disrupt system operations. The weakness is classified as a heap\u2011based buffer overflow (CWE\u2011122) and an integer underflow (CWE\u2011191).", "risk_and_exploitability": "The CVSS score of 7.8 places this issue in the High severity range, though the EPSS score is below 1%, indicating a low predicted exploitation frequency. The vulnerability is not listed in CISA\u2019s KEV catalog, suggesting no known large\u2011scale exploitation. If an attacker can deliver a malicious workbook to a user\u2014an indication that the attack vector is likely through social engineering or compromised email attachments\u2014the local code execution can proceed with the victim\u2019s user rights. The overall risk is moderate to high for organizations that allow users to open untrusted Excel files."}}}}, "created": "2026-04-16T18:15:43.298072+00:00", "updated": "2026-04-16T18:15:43.298083+00:00", "vendors": []}