{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-26109", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "state": "PUBLISHED", "assignerShortName": "microsoft", "dateReserved": "2026-02-11T15:52:13.910Z", "datePublished": "2026-03-10T17:05:19.197Z", "dateUpdated": "2026-04-14T16:36:38.604Z"}, "containers": {"cna": {"title": "Microsoft Excel Remote Code Execution Vulnerability", "datePublic": "2026-03-10T14:00:00.000Z", "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:ltsc:*:*:*", "versionStartIncluding": "16.0.0.0", "versionEndExcluding": "16.0.10417.20102"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*", "versionStartIncluding": "19.0.0", "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*", "versionStartIncluding": "16.0.1", "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*", "versionStartIncluding": "16.0.1", "versionEndExcluding": "16.107.26030819"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*", "versionStartIncluding": "16.0.1", "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*", "versionStartIncluding": "16.0.0", "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*", "versionStartIncluding": "16.0.0", "versionEndExcluding": "16.107.26030819"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:excel_2016:*:*:*:*:*:*:x86:*", "versionStartIncluding": "16.0.0.0", "versionEndExcluding": "16.0.5543.1000"}]}]}], "affected": [{"vendor": "Microsoft", "product": "Microsoft 365 Apps for Enterprise", "platforms": ["32-bit Systems", "x64-based Systems"], "versions": [{"version": "16.0.1", "lessThan": "https://aka.ms/OfficeSecurityReleases", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Excel 2016", "platforms": ["32-bit Systems", "x64-based Systems"], "versions": [{"version": "16.0.0.0", "lessThan": "16.0.5543.1000", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Office 2019", "platforms": ["32-bit Systems", "x64-based Systems"], "versions": [{"version": "19.0.0", "lessThan": "https://aka.ms/OfficeSecurityReleases", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Office LTSC 2021", "platforms": ["32-bit Systems", "x64-based Systems"], "versions": [{"version": "16.0.1", "lessThan": "https://aka.ms/OfficeSecurityReleases", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Office LTSC 2024", "platforms": ["32-bit Systems", "x64-based Systems"], "versions": [{"version": "16.0.0", "lessThan": "https://aka.ms/OfficeSecurityReleases", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Office LTSC for Mac 2021", "versions": [{"version": "16.0.1", "lessThan": "16.107.26030819", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Office LTSC for Mac 2024", "versions": [{"version": "16.0.0", "lessThan": "16.107.26030819", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Office Online Server", "versions": [{"version": "16.0.0.0", "lessThan": "16.0.10417.20102", "versionType": "custom", "status": "affected"}]}], "descriptions": [{"value": "Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "CWE-125: Out-of-bounds Read", "lang": "en-US", "type": "CWE", "cweId": "CWE-125"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-04-14T16:36:38.604Z"}, "references": [{"name": "Microsoft Excel Remote Code Execution Vulnerability", "tags": ["vendor-advisory", "patch"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26109"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "HIGH", "baseScore": 8.4, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-05T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-26109"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-11T03:55:47.094Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-26109", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-10T18:39:51.965352Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-10T18:39:53.326Z"}}], "cna": {"title": "Microsoft Excel Remote Code Execution Vulnerability", "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 8.4, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "Microsoft", "product": "Microsoft 365 Apps for Enterprise", "versions": [{"status": "affected", "version": "16.0.1", "lessThan": "https://aka.ms/OfficeSecurityReleases", "versionType": "custom"}], "platforms": ["32-bit Systems", "x64-based Systems"]}, {"vendor": "Microsoft", "product": "Microsoft Excel 2016", "versions": [{"status": "affected", "version": "16.0.0.0", "lessThan": "16.0.5543.1000", "versionType": "custom"}], "platforms": ["32-bit Systems", "x64-based Systems"]}, {"vendor": "Microsoft", "product": "Microsoft Office 2019", "versions": [{"status": "affected", "version": "19.0.0", "lessThan": "https://aka.ms/OfficeSecurityReleases", "versionType": "custom"}], "platforms": ["32-bit Systems", "x64-based Systems"]}, {"vendor": "Microsoft", "product": "Microsoft Office LTSC 2021", "versions": [{"status": "affected", "version": "16.0.1", "lessThan": "https://aka.ms/OfficeSecurityReleases", "versionType": "custom"}], "platforms": ["32-bit Systems", "x64-based Systems"]}, {"vendor": "Microsoft", "product": "Microsoft Office LTSC 2024", "versions": [{"status": "affected", "version": "16.0.0", "lessThan": "https://aka.ms/OfficeSecurityReleases", "versionType": "custom"}], "platforms": ["32-bit Systems", "x64-based Systems"]}, {"vendor": "Microsoft", "product": "Microsoft Office LTSC for Mac 2021", "versions": [{"status": "affected", "version": "16.0.1", "lessThan": "16.107.26030819", "versionType": "custom"}]}, {"vendor": "Microsoft", "product": "Microsoft Office LTSC for Mac 2024", "versions": [{"status": "affected", "version": "16.0.0", "lessThan": "16.107.26030819", "versionType": "custom"}]}, {"vendor": "Microsoft", "product": "Office Online Server", "versions": [{"status": "affected", "version": "16.0.0.0", "lessThan": "16.0.10417.20102", "versionType": "custom"}]}], "datePublic": "2026-03-10T14:00:00.000Z", "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26109", "name": "Microsoft Excel Remote Code Execution Vulnerability", "tags": ["vendor-advisory", "patch"]}], "descriptions": [{"lang": "en-US", "value": "Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:ltsc:*:*:*", "vulnerable": true, "versionEndExcluding": "16.0.10417.20102", "versionStartIncluding": "16.0.0.0"}, {"criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases", "versionStartIncluding": "19.0.0"}, {"criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases", "versionStartIncluding": "16.0.1"}, {"criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*", "vulnerable": true, "versionEndExcluding": "16.107.26030819", "versionStartIncluding": "16.0.1"}, {"criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*", "vulnerable": true, "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases", "versionStartIncluding": "16.0.1"}, {"criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*", "vulnerable": true, "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases", "versionStartIncluding": "16.0.0"}, {"criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*", "vulnerable": true, "versionEndExcluding": "16.107.26030819", "versionStartIncluding": "16.0.0"}, {"criteria": "cpe:2.3:a:microsoft:excel_2016:*:*:*:*:*:*:x86:*", "vulnerable": true, "versionEndExcluding": "16.0.5543.1000", "versionStartIncluding": "16.0.0.0"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-04-14T16:36:38.604Z"}}}, "cveMetadata": {"cveId": "CVE-2026-26109", "state": "PUBLISHED", "dateUpdated": "2026-04-14T16:36:38.604Z", "dateReserved": "2026-02-11T15:52:13.910Z", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "datePublished": "2026-03-10T17:05:19.197Z", "assignerShortName": "microsoft"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*", "matchCriteriaId": "3259EBFE-AE2D-48B8-BE9A-E22BBDB31378", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*", "matchCriteriaId": "CD25F492-9272-4836-832C-8439EBE64CCF", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x64:*", "matchCriteriaId": "CD88F667-6773-4DB7-B6C3-9C7B769C0808", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x86:*", "matchCriteriaId": "B342EF98-B414-44D0-BAFB-FCA24294EECE", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x64:*", "matchCriteriaId": "CF5DDD09-902E-4881-98D0-CB896333B4AA", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x86:*", "matchCriteriaId": "26A3B226-5D7C-4556-9350-5222DC8EFC2C", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:-:x64:*", "matchCriteriaId": "851BAC4E-9965-4F40-9A6C-B73D9004F4C1", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:-:x86:*", "matchCriteriaId": "23B2FA23-76F4-4D83-A718-B8D04D7EA37B", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:macos:*:*", "matchCriteriaId": "BF0E8112-5B6F-4E55-8E40-38ADCF6FC654", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:-:x64:*", "matchCriteriaId": "D31E509A-0B2E-4B41-88C4-0099E800AFE6", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:-:x86:*", "matchCriteriaId": "017A7041-BEF1-4E4E-AC8A-EFC6AFEB01FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:macos:*:*", "matchCriteriaId": "EF3E56B5-E6A6-4061-9380-D421E52B9199", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office_online_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "176A8D47-83F2-4FCE-9127-A98CF423B66B", "versionEndExcluding": "16.0.10417.20102", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally."}, {"lang": "es", "value": "Lectura fuera de l\u00edmites en Microsoft Office Excel permite a un atacante no autorizado ejecutar c\u00f3digo localmente."}], "id": "CVE-2026-26109", "lastModified": "2026-03-13T16:04:59.440", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 5.9, "source": "secure@microsoft.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-10T18:18:39.270", "references": [{"source": "secure@microsoft.com", "tags": ["Vendor Advisory"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26109"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "secure@microsoft.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": null}], "enrichment": {"confidence": 90.0, "confidence_source": "inferred", "scores": [{"score": 90.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "365_apps", "vendor": "microsoft"}, {"configurations": [{"platform": ["32-bit_systems", "x64-based_systems"], "status": "affected", "versions": {"scheme": "generic", "value": "[16.0.0.0,16.0.5543.1000)"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Microsoft Excel 2016", "source": "cna", "vendor": "Microsoft"}, "product": "excel_2016", "vendor": "microsoft"}, {"configurations": [{"platform": ["32-bit_systems", "x64-based_systems"], "status": "affected", "versions": {"scheme": "semver", "value": "[16.0.1,*]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Microsoft 365 Apps for Enterprise", "source": "cna", "vendor": "Microsoft"}, "product": "microsoft_365_apps_for_enterprise", "vendor": "microsoft"}, {"configurations": [{"platform": ["32-bit_systems", "x64-based_systems"], "status": "affected", "versions": {"scheme": "semver", "value": "[19.0.0,*]"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Microsoft Office 2019", "source": "cna", "vendor": "Microsoft"}, "product": "office_2019", "vendor": "microsoft"}, {"configurations": [{"platform": ["32-bit_systems", "x64-based_systems"], "status": "affected", "versions": {"scheme": "semver", "value": "[16.0.1,*]"}}], "enrichment": {"confidence": 89.0, "confidence_source": "matching", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 89.0, "source": "matching"}]}, "original": {"product": "Microsoft Office LTSC 2021", "source": "cna", "vendor": "Microsoft"}, "product": "office_2021", "vendor": "microsoft"}, {"configurations": [{"platform": null, "status": "affected", "versions": null}], "enrichment": {"confidence": 90.0, "confidence_source": "inferred", "scores": [{"score": 90.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "office_2021", "vendor": "microsoft"}, {"configurations": [{"platform": ["32-bit_systems", "x64-based_systems"], "status": "affected", "versions": {"scheme": "semver", "value": "[16.0.0,*]"}}], "enrichment": {"confidence": 89.0, "confidence_source": "matching", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 89.0, "source": "matching"}]}, "original": {"product": "Microsoft Office LTSC 2024", "source": "cna", "vendor": "Microsoft"}, "product": "office_2024", "vendor": "microsoft"}, {"configurations": [{"platform": null, "status": "affected", "versions": null}], "enrichment": {"confidence": 90.0, "confidence_source": "inferred", "scores": [{"score": 90.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "office_2024", "vendor": "microsoft"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[16.0.0,16.107.26030819)"}}], "enrichment": {"confidence": 83.0, "confidence_source": "matching", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 83.0, "source": "matching"}]}, "original": {"product": "Microsoft Office LTSC for Mac 2024", "source": "cna", "vendor": "Microsoft"}, "product": "office_for_mac", "vendor": "microsoft"}, {"configurations": [{"platform": null, "status": "affected", "versions": null}], "enrichment": {"confidence": 90.0, "confidence_source": "inferred", "scores": [{"score": 90.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "office_macos_2021", "vendor": "microsoft"}, {"configurations": [{"platform": null, "status": "affected", "versions": null}], "enrichment": {"confidence": 90.0, "confidence_source": "inferred", "scores": [{"score": 90.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "office_macos_2024", "vendor": "microsoft"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[16.0.0.0,16.0.10417.20102)"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Office Online Server", "source": "cna", "vendor": "Microsoft"}, "product": "office_online_server", "vendor": "microsoft"}], "analysis": {"en": {"generated_at": "2026-03-16T23:15:28.946168+00:00", "value": {"mitigation_remediation": ["Apply the latest Microsoft update that contains the fix for CVE\u20112026\u201126109", "Verify that all affected Microsoft Office applications, including 365 Apps for Enterprise, Excel\u202f2016, Office\u202f2019, LTSC\u202f2021, LTSC\u202f2024, LTSC for Mac\u202f2021, and LTSC for Mac\u202f2024, are updated to the patched versions", "If a patch is not yet available, disable macro execution in Excel and monitor for suspicious file activity"], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "Affects Microsoft 365 Apps for Enterprise, Microsoft Excel\u202f2016, Microsoft Office\u202f2019, Microsoft Office LTSC\u202f2021, Microsoft Office LTSC\u202f2024, Microsoft Office LTSC for Mac\u202f2021, Microsoft Office LTSC for Mac\u202f2024, and Microsoft Office Online Server. The specific affected versions are not listed, but all editions of the listed products are impacted.", "description_and_impact": "The vulnerability is an out\u2011of\u2011bounds read in Microsoft Office Excel that can be exploited by an unauthorized attacker to initiate local code execution, as stated in the official description. This allows the attacker to run arbitrary code on the victim's machine, potentially compromising confidentiality, integrity, and availability. The weakness corresponds to CWE\u2011125.", "risk_and_exploitability": "The CVSS score of 8.4 indicates high severity, while the EPSS score of less than 1% suggests a relatively low current exploitation probability. The vulnerability is not in the KEV catalogue, indicating no confirmed widespread exploitation. The likely attack vector is through a malicious Excel file that forcefully reads beyond allocated memory, first inferred from the description of an unauthorized attacker executing code locally. Successful exploitation would require the victim to open or otherwise process the crafted file, after which arbitrary code can run under the user\u2019s privileges."}}}}, "created": "2026-03-11T11:45:16.779114+00:00", "updated": "2026-03-20T14:34:04.477384+00:00", "vendors": ["microsoft", "microsoft$PRODUCT$365_apps", "microsoft$PRODUCT$excel_2016", "microsoft$PRODUCT$microsoft_365_apps_for_enterprise", "microsoft$PRODUCT$office_2019", "microsoft$PRODUCT$office_2021", "microsoft$PRODUCT$office_2024", "microsoft$PRODUCT$office_for_mac", "microsoft$PRODUCT$office_macos_2021", "microsoft$PRODUCT$office_macos_2024", "microsoft$PRODUCT$office_online_server"]}