Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    895 vulnerabilities found for excel by microsoft

    CVE-2026-55949 (GCVE-0-2026-55949)

    Vulnerability from nvd – Published: 2026-07-14 17:09 – Updated: 2026-07-17 21:33
    VLAI
    Title
    Microsoft Excel Remote Code Execution Vulnerability
    Summary
    Use of uninitialized resource in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-908 - Use of Uninitialized Resource
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft 365 Apps for Enterprise Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Excel 2016 Affected: 16.0.0.0 , < 16.0.5561.1001 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2019 Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 365 for Mac Affected: 1.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2021 Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2024 Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2021 Affected: 16.0.1 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2024 Affected: 16.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Office Online Server Affected: 16.0.0.0 , < 16.0.10417.20175 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55949",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-15T03:56:08.802577Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T11:14:22.103Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft 365 Apps for Enterprise",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Excel 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1001",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office 365 for Mac",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Office Online Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.10417.20175",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:ltsc:*:*:*",
                      "versionEndExcluding": "16.0.10417.20175",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:excel_2016:*:*:*:*:*:*:x86:*",
                      "versionEndExcluding": "16.0.5561.1001",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_365:*:*:*:*:*:macos:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Use of uninitialized resource in Microsoft Office Excel allows an unauthorized attacker to execute code locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-908",
                  "description": "CWE-908: Use of Uninitialized Resource",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T21:33:05.073Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Excel Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55949"
            }
          ],
          "title": "Microsoft Excel Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-55949",
        "datePublished": "2026-07-14T17:09:12.118Z",
        "dateReserved": "2026-06-17T17:37:17.983Z",
        "dateUpdated": "2026-07-17T21:33:05.073Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55947 (GCVE-0-2026-55947)

    Vulnerability from nvd – Published: 2026-07-14 17:09 – Updated: 2026-07-17 21:33
    VLAI
    Title
    Microsoft Excel Remote Code Execution Vulnerability
    Summary
    Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft 365 Apps for Enterprise Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Excel 2016 Affected: 16.0.0.0 , < 16.0.5561.1001 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2019 Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 365 for Mac Affected: 1.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2021 Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2024 Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2021 Affected: 16.0.1 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2024 Affected: 16.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Office Online Server Affected: 16.0.0.0 , < 16.0.10417.20175 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55947",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-15T03:56:09.556646Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T11:14:08.884Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft 365 Apps for Enterprise",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Excel 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1001",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office 365 for Mac",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Office Online Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.10417.20175",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_365:*:*:*:*:*:macos:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:ltsc:*:*:*",
                      "versionEndExcluding": "16.0.10417.20175",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:excel_2016:*:*:*:*:*:*:x86:*",
                      "versionEndExcluding": "16.0.5561.1001",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T21:33:04.450Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Excel Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55947"
            }
          ],
          "title": "Microsoft Excel Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-55947",
        "datePublished": "2026-07-14T17:09:11.650Z",
        "dateReserved": "2026-06-17T17:37:17.983Z",
        "dateUpdated": "2026-07-17T21:33:04.450Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55898 (GCVE-0-2026-55898)

    Vulnerability from nvd – Published: 2026-07-14 17:09 – Updated: 2026-07-17 21:33
    VLAI
    Title
    Microsoft Excel Information Disclosure Vulnerability
    Summary
    Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft 365 Apps for Enterprise Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Excel 2016 Affected: 16.0.0.0 , < 16.0.5561.1001 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2019 Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 365 for Mac Affected: 1.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2021 Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2024 Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2021 Affected: 16.0.1 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2024 Affected: 16.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Office Online Server Affected: 16.0.0.0 , < 16.0.10417.20175 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55898",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T18:30:58.088318Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T18:31:08.843Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft 365 Apps for Enterprise",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Excel 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1001",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office 365 for Mac",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Office Online Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.10417.20175",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_365:*:*:*:*:*:macos:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:ltsc:*:*:*",
                      "versionEndExcluding": "16.0.10417.20175",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:excel_2016:*:*:*:*:*:*:x86:*",
                      "versionEndExcluding": "16.0.5561.1001",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125: Out-of-bounds Read",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T21:33:03.254Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Excel Information Disclosure Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55898"
            }
          ],
          "title": "Microsoft Excel Information Disclosure Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-55898",
        "datePublished": "2026-07-14T17:09:10.387Z",
        "dateReserved": "2026-06-17T17:36:34.621Z",
        "dateUpdated": "2026-07-17T21:33:03.254Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55141 (GCVE-0-2026-55141)

    Vulnerability from nvd – Published: 2026-07-14 17:08 – Updated: 2026-07-17 21:32
    VLAI
    Title
    Microsoft Excel Remote Code Execution Vulnerability
    Summary
    Stack-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft 365 Apps for Enterprise Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Excel 2016 Affected: 16.0.0.0 , < 16.0.5561.1001 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2019 Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 365 for Mac Affected: 1.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2021 Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2024 Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2021 Affected: 16.0.1 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2024 Affected: 16.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Office Online Server Affected: 16.0.0.0 , < 16.0.10417.20175 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55141",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-15T03:56:13.323318Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T11:13:11.742Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft 365 Apps for Enterprise",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Excel 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1001",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office 365 for Mac",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Office Online Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.10417.20175",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:ltsc:*:*:*",
                      "versionEndExcluding": "16.0.10417.20175",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:excel_2016:*:*:*:*:*:*:x86:*",
                      "versionEndExcluding": "16.0.5561.1001",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_365:*:*:*:*:*:macos:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Stack-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121: Stack-based Buffer Overflow",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T21:32:41.568Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Excel Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55141"
            }
          ],
          "title": "Microsoft Excel Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-55141",
        "datePublished": "2026-07-14T17:08:49.554Z",
        "dateReserved": "2026-06-16T15:03:49.682Z",
        "dateUpdated": "2026-07-17T21:32:41.568Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55138 (GCVE-0-2026-55138)

    Vulnerability from nvd – Published: 2026-07-14 17:08 – Updated: 2026-07-17 21:32
    VLAI
    Title
    Microsoft Excel Information Disclosure Vulnerability
    Summary
    Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-822 - Untrusted Pointer Dereference
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft 365 Apps for Enterprise Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Excel 2016 Affected: 16.0.0.0 , < 16.0.5561.1001 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2019 Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 365 for Mac Affected: 1.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2021 Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2024 Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2021 Affected: 16.0.1 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2024 Affected: 16.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Office Online Server Affected: 16.0.0.0 , < 16.0.10417.20175 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55138",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T18:52:26.772445Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T18:52:33.560Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft 365 Apps for Enterprise",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Excel 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1001",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office 365 for Mac",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Office Online Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.10417.20175",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:ltsc:*:*:*",
                      "versionEndExcluding": "16.0.10417.20175",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:excel_2016:*:*:*:*:*:*:x86:*",
                      "versionEndExcluding": "16.0.5561.1001",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_365:*:*:*:*:*:macos:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to disclose information locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-822",
                  "description": "CWE-822: Untrusted Pointer Dereference",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T21:32:37.450Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Excel Information Disclosure Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55138"
            }
          ],
          "title": "Microsoft Excel Information Disclosure Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-55138",
        "datePublished": "2026-07-14T17:08:47.258Z",
        "dateReserved": "2026-06-16T15:03:49.682Z",
        "dateUpdated": "2026-07-17T21:32:37.450Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55137 (GCVE-0-2026-55137)

    Vulnerability from nvd – Published: 2026-07-14 17:08 – Updated: 2026-07-17 21:32
    VLAI
    Title
    Microsoft Excel Remote Code Execution Vulnerability
    Summary
    Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft 365 Apps for Enterprise Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Excel 2016 Affected: 16.0.0.0 , < 16.0.5561.1001 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2019 Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 365 for Mac Affected: 1.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2021 Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2024 Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2021 Affected: 16.0.1 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2024 Affected: 16.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Office Online Server Affected: 16.0.0.0 , < 16.0.10417.20175 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55137",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-10T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T03:56:22.992Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft 365 Apps for Enterprise",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Excel 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1001",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office 365 for Mac",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Office Online Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.10417.20175",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:ltsc:*:*:*",
                      "versionEndExcluding": "16.0.10417.20175",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:excel_2016:*:*:*:*:*:*:x86:*",
                      "versionEndExcluding": "16.0.5561.1001",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_365:*:*:*:*:*:macos:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T21:32:48.613Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Excel Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55137"
            }
          ],
          "title": "Microsoft Excel Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-55137",
        "datePublished": "2026-07-14T17:08:55.624Z",
        "dateReserved": "2026-06-16T15:03:49.681Z",
        "dateUpdated": "2026-07-17T21:32:48.613Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55136 (GCVE-0-2026-55136)

    Vulnerability from nvd – Published: 2026-07-14 17:08 – Updated: 2026-07-17 21:32
    VLAI
    Title
    Microsoft Excel Remote Code Execution Vulnerability
    Summary
    Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-822 - Untrusted Pointer Dereference
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft 365 Apps for Enterprise Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Excel 2016 Affected: 16.0.0.0 , < 16.0.5561.1001 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2019 Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 365 for Mac Affected: 1.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2021 Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2024 Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2021 Affected: 16.0.1 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2024 Affected: 16.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Office Online Server Affected: 16.0.0.0 , < 16.0.10417.20175 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55136",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-10T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T03:56:13.675Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft 365 Apps for Enterprise",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Excel 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1001",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office 365 for Mac",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Office Online Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.10417.20175",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:ltsc:*:*:*",
                      "versionEndExcluding": "16.0.10417.20175",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:excel_2016:*:*:*:*:*:*:x86:*",
                      "versionEndExcluding": "16.0.5561.1001",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_365:*:*:*:*:*:macos:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-822",
                  "description": "CWE-822: Untrusted Pointer Dereference",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T21:32:39.078Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Excel Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55136"
            }
          ],
          "title": "Microsoft Excel Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-55136",
        "datePublished": "2026-07-14T17:08:48.931Z",
        "dateReserved": "2026-06-16T15:03:49.681Z",
        "dateUpdated": "2026-07-17T21:32:39.078Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55131 (GCVE-0-2026-55131)

    Vulnerability from nvd – Published: 2026-07-14 17:08 – Updated: 2026-07-17 21:32
    VLAI
    Title
    Microsoft Excel Remote Code Execution Vulnerability
    Summary
    Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft 365 Apps for Enterprise Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Excel 2016 Affected: 16.0.0.0 , < 16.0.5561.1001 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2019 Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 365 for Mac Affected: 1.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2021 Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2024 Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2021 Affected: 16.0.1 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2024 Affected: 16.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Office Online Server Affected: 16.0.0.0 , < 16.0.10417.20175 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55131",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-15T03:56:15.546157Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T11:12:42.916Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft 365 Apps for Enterprise",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Excel 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1001",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office 365 for Mac",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Office Online Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.10417.20175",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_365:*:*:*:*:*:macos:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:ltsc:*:*:*",
                      "versionEndExcluding": "16.0.10417.20175",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:excel_2016:*:*:*:*:*:*:x86:*",
                      "versionEndExcluding": "16.0.5561.1001",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T21:32:50.795Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Excel Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55131"
            }
          ],
          "title": "Microsoft Excel Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-55131",
        "datePublished": "2026-07-14T17:08:57.748Z",
        "dateReserved": "2026-06-16T15:03:49.681Z",
        "dateUpdated": "2026-07-17T21:32:50.795Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55122 (GCVE-0-2026-55122)

    Vulnerability from nvd – Published: 2026-07-14 17:08 – Updated: 2026-07-17 21:32
    VLAI
    Title
    Microsoft Excel Information Disclosure Vulnerability
    Summary
    Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft 365 Apps for Enterprise Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Excel 2016 Affected: 16.0.0.0 , < 16.0.5561.1001 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2019 Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 365 for Mac Affected: 1.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2021 Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2024 Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2021 Affected: 16.0.1 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2024 Affected: 16.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Office Online Server Affected: 16.0.0.0 , < 16.0.10417.20175 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55122",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-15T13:05:12.696066Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T13:28:24.379Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft 365 Apps for Enterprise",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Excel 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1001",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office 365 for Mac",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Office Online Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.10417.20175",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_365:*:*:*:*:*:macos:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:ltsc:*:*:*",
                      "versionEndExcluding": "16.0.10417.20175",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:excel_2016:*:*:*:*:*:*:x86:*",
                      "versionEndExcluding": "16.0.5561.1001",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125: Out-of-bounds Read",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T21:32:49.608Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Excel Information Disclosure Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55122"
            }
          ],
          "title": "Microsoft Excel Information Disclosure Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-55122",
        "datePublished": "2026-07-14T17:08:56.721Z",
        "dateReserved": "2026-06-16T15:03:49.680Z",
        "dateUpdated": "2026-07-17T21:32:49.608Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55058 (GCVE-0-2026-55058)

    Vulnerability from nvd – Published: 2026-07-14 17:08 – Updated: 2026-07-17 21:32
    VLAI
    Title
    Microsoft Excel Remote Code Execution Vulnerability
    Summary
    Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft 365 Apps for Enterprise Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Excel 2016 Affected: 16.0.0.0 , < 16.0.5561.1001 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2019 Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 365 for Mac Affected: 1.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2021 Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2024 Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2021 Affected: 16.0.1 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2024 Affected: 16.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Office Online Server Affected: 16.0.0.0 , < 16.0.10417.20175 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55058",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-10T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T03:56:15.901Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft 365 Apps for Enterprise",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Excel 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1001",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office 365 for Mac",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Office Online Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.10417.20175",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:ltsc:*:*:*",
                      "versionEndExcluding": "16.0.10417.20175",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:excel_2016:*:*:*:*:*:*:x86:*",
                      "versionEndExcluding": "16.0.5561.1001",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_365:*:*:*:*:*:macos:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125: Out-of-bounds Read",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T21:32:47.072Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Excel Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55058"
            }
          ],
          "title": "Microsoft Excel Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-55058",
        "datePublished": "2026-07-14T17:08:54.040Z",
        "dateReserved": "2026-06-16T14:13:49.836Z",
        "dateUpdated": "2026-07-17T21:32:47.072Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55054 (GCVE-0-2026-55054)

    Vulnerability from nvd – Published: 2026-07-14 17:08 – Updated: 2026-07-17 21:32
    VLAI
    Title
    Microsoft Excel Information Disclosure Vulnerability
    Summary
    Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft 365 Apps for Enterprise Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Excel 2016 Affected: 16.0.0.0 , < 16.0.5561.1001 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2019 Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 365 for Mac Affected: 1.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2021 Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2024 Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2021 Affected: 16.0.1 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2024 Affected: 16.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Office Online Server Affected: 16.0.0.0 , < 16.0.10417.20175 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55054",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T18:09:32.805040Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T18:09:46.209Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft 365 Apps for Enterprise",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Excel 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1001",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office 365 for Mac",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Office Online Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.10417.20175",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:ltsc:*:*:*",
                      "versionEndExcluding": "16.0.10417.20175",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:excel_2016:*:*:*:*:*:*:x86:*",
                      "versionEndExcluding": "16.0.5561.1001",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_365:*:*:*:*:*:macos:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125: Out-of-bounds Read",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T21:32:46.145Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Excel Information Disclosure Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55054"
            }
          ],
          "title": "Microsoft Excel Information Disclosure Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-55054",
        "datePublished": "2026-07-14T17:08:52.994Z",
        "dateReserved": "2026-06-16T14:13:49.836Z",
        "dateUpdated": "2026-07-17T21:32:46.145Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55053 (GCVE-0-2026-55053)

    Vulnerability from nvd – Published: 2026-07-14 17:08 – Updated: 2026-07-17 21:32
    VLAI
    Title
    Microsoft Excel Remote Code Execution Vulnerability
    Summary
    Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft 365 Apps for Enterprise Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Excel 2016 Affected: 16.0.0.0 , < 16.0.5561.1001 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2019 Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 365 for Mac Affected: 1.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2021 Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2024 Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2021 Affected: 16.0.1 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2024 Affected: 16.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Office Online Server Affected: 16.0.0.0 , < 16.0.10417.20175 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55053",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-10T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T03:56:22.225Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft 365 Apps for Enterprise",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Excel 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1001",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office 365 for Mac",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Office Online Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.10417.20175",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_365:*:*:*:*:*:macos:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:ltsc:*:*:*",
                      "versionEndExcluding": "16.0.10417.20175",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:excel_2016:*:*:*:*:*:*:x86:*",
                      "versionEndExcluding": "16.0.5561.1001",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T21:32:49.149Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Excel Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55053"
            }
          ],
          "title": "Microsoft Excel Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-55053",
        "datePublished": "2026-07-14T17:08:56.097Z",
        "dateReserved": "2026-06-16T14:13:49.836Z",
        "dateUpdated": "2026-07-17T21:32:49.149Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55048 (GCVE-0-2026-55048)

    Vulnerability from nvd – Published: 2026-07-14 17:08 – Updated: 2026-07-17 21:32
    VLAI
    Title
    Microsoft Excel Remote Code Execution Vulnerability
    Summary
    Integer overflow or wraparound in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-190 - Integer Overflow or Wraparound
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft 365 Apps for Enterprise Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Excel 2016 Affected: 16.0.0.0 , < 16.0.5561.1001 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2019 Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 365 for Mac Affected: 1.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2021 Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2024 Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2021 Affected: 16.0.1 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2024 Affected: 16.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Office Online Server Affected: 16.0.0.0 , < 16.0.10417.20175 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55048",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-10T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T03:56:18.113Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft 365 Apps for Enterprise",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Excel 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1001",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office 365 for Mac",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Office Online Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.10417.20175",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:ltsc:*:*:*",
                      "versionEndExcluding": "16.0.10417.20175",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:excel_2016:*:*:*:*:*:*:x86:*",
                      "versionEndExcluding": "16.0.5561.1001",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_365:*:*:*:*:*:macos:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Integer overflow or wraparound in Microsoft Office Excel allows an unauthorized attacker to execute code locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-190",
                  "description": "CWE-190: Integer Overflow or Wraparound",
                  "lang": "en-US",
                  "type": "CWE"
                },
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T21:32:29.925Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Excel Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55048"
            }
          ],
          "title": "Microsoft Excel Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-55048",
        "datePublished": "2026-07-14T17:08:40.040Z",
        "dateReserved": "2026-06-16T14:13:49.836Z",
        "dateUpdated": "2026-07-17T21:32:29.925Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55046 (GCVE-0-2026-55046)

    Vulnerability from nvd – Published: 2026-07-14 17:08 – Updated: 2026-07-17 21:32
    VLAI
    Title
    Microsoft Excel Information Disclosure Vulnerability
    Summary
    Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft 365 Apps for Enterprise Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Excel 2016 Affected: 16.0.0.0 , < 16.0.5561.1001 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2019 Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 365 for Mac Affected: 1.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2021 Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2024 Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2021 Affected: 16.0.1 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2024 Affected: 16.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Office Online Server Affected: 16.0.0.0 , < 16.0.10417.20175 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55046",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-15T13:56:08.000463Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T13:56:15.469Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft 365 Apps for Enterprise",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Excel 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1001",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office 365 for Mac",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Office Online Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.10417.20175",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_365:*:*:*:*:*:macos:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:ltsc:*:*:*",
                      "versionEndExcluding": "16.0.10417.20175",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:excel_2016:*:*:*:*:*:*:x86:*",
                      "versionEndExcluding": "16.0.5561.1001",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125: Out-of-bounds Read",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T21:32:24.341Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Excel Information Disclosure Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55046"
            }
          ],
          "title": "Microsoft Excel Information Disclosure Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-55046",
        "datePublished": "2026-07-14T17:08:34.516Z",
        "dateReserved": "2026-06-16T14:13:49.836Z",
        "dateUpdated": "2026-07-17T21:32:24.341Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55044 (GCVE-0-2026-55044)

    Vulnerability from nvd – Published: 2026-07-14 17:08 – Updated: 2026-07-17 21:32
    VLAI
    Title
    Microsoft Excel Remote Code Execution Vulnerability
    Summary
    Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft 365 Apps for Enterprise Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Excel 2016 Affected: 16.0.0.0 , < 16.0.5561.1001 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2019 Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 365 for Mac Affected: 1.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2021 Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2024 Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2021 Affected: 16.0.1 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2024 Affected: 16.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Office Online Server Affected: 16.0.0.0 , < 16.0.10417.20175 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55044",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-15T03:56:14.795058Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T11:12:57.573Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft 365 Apps for Enterprise",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Excel 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1001",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office 365 for Mac",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Office Online Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.10417.20175",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:ltsc:*:*:*",
                      "versionEndExcluding": "16.0.10417.20175",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:excel_2016:*:*:*:*:*:*:x86:*",
                      "versionEndExcluding": "16.0.5561.1001",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_365:*:*:*:*:*:macos:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125: Out-of-bounds Read",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T21:32:45.045Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Excel Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55044"
            }
          ],
          "title": "Microsoft Excel Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-55044",
        "datePublished": "2026-07-14T17:08:51.908Z",
        "dateReserved": "2026-06-16T14:13:49.836Z",
        "dateUpdated": "2026-07-17T21:32:45.045Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55041 (GCVE-0-2026-55041)

    Vulnerability from nvd – Published: 2026-07-14 17:08 – Updated: 2026-07-17 21:32
    VLAI
    Title
    Microsoft Excel Remote Code Execution Vulnerability
    Summary
    Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft 365 Apps for Enterprise Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Excel 2016 Affected: 16.0.0.0 , < 16.0.5561.1001 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2019 Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 365 for Mac Affected: 1.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2021 Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2024 Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2021 Affected: 16.0.1 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2024 Affected: 16.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Office Online Server Affected: 16.0.0.0 , < 16.0.10417.20175 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55041",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-10T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T03:56:21.454Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft 365 Apps for Enterprise",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Excel 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1001",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office 365 for Mac",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Office Online Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.10417.20175",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:ltsc:*:*:*",
                      "versionEndExcluding": "16.0.10417.20175",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:excel_2016:*:*:*:*:*:*:x86:*",
                      "versionEndExcluding": "16.0.5561.1001",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_365:*:*:*:*:*:macos:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T21:32:36.831Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Excel Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55041"
            }
          ],
          "title": "Microsoft Excel Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-55041",
        "datePublished": "2026-07-14T17:08:46.781Z",
        "dateReserved": "2026-06-16T14:13:49.835Z",
        "dateUpdated": "2026-07-17T21:32:36.831Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55039 (GCVE-0-2026-55039)

    Vulnerability from nvd – Published: 2026-07-14 17:08 – Updated: 2026-07-17 21:32
    VLAI
    Title
    Microsoft Excel Remote Code Execution Vulnerability
    Summary
    Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-191 - Integer Underflow (Wrap or Wraparound)
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft 365 Apps for Enterprise Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Excel 2016 Affected: 16.0.0.0 , < 16.0.5561.1001 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2019 Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 365 for Mac Affected: 1.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2021 Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2024 Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2021 Affected: 16.0.1 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2024 Affected: 16.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Office Online Server Affected: 16.0.0.0 , < 16.0.10417.20175 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55039",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-10T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T03:56:19.708Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft 365 Apps for Enterprise",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Excel 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1001",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office 365 for Mac",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Office Online Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.10417.20175",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:ltsc:*:*:*",
                      "versionEndExcluding": "16.0.10417.20175",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:excel_2016:*:*:*:*:*:*:x86:*",
                      "versionEndExcluding": "16.0.5561.1001",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_365:*:*:*:*:*:macos:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-191",
                  "description": "CWE-191: Integer Underflow (Wrap or Wraparound)",
                  "lang": "en-US",
                  "type": "CWE"
                },
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T21:32:33.427Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Excel Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55039"
            }
          ],
          "title": "Microsoft Excel Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-55039",
        "datePublished": "2026-07-14T17:08:43.268Z",
        "dateReserved": "2026-06-16T14:13:49.835Z",
        "dateUpdated": "2026-07-17T21:32:33.427Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55037 (GCVE-0-2026-55037)

    Vulnerability from nvd – Published: 2026-07-14 17:08 – Updated: 2026-07-17 21:32
    VLAI
    Title
    Microsoft Excel Remote Code Execution Vulnerability
    Summary
    Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft 365 Apps for Enterprise Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Excel 2016 Affected: 16.0.0.0 , < 16.0.5561.1001 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2019 Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 365 for Mac Affected: 1.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2021 Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2024 Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2021 Affected: 16.0.1 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2024 Affected: 16.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Office Online Server Affected: 16.0.0.0 , < 16.0.10417.20175 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55037",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-15T03:56:17.047071Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T11:12:27.926Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft 365 Apps for Enterprise",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Excel 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1001",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office 365 for Mac",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Office Online Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.10417.20175",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_365:*:*:*:*:*:macos:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:ltsc:*:*:*",
                      "versionEndExcluding": "16.0.10417.20175",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:excel_2016:*:*:*:*:*:*:x86:*",
                      "versionEndExcluding": "16.0.5561.1001",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T21:32:46.610Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Excel Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55037"
            }
          ],
          "title": "Microsoft Excel Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-55037",
        "datePublished": "2026-07-14T17:08:53.550Z",
        "dateReserved": "2026-06-16T14:13:49.835Z",
        "dateUpdated": "2026-07-17T21:32:46.610Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55036 (GCVE-0-2026-55036)

    Vulnerability from nvd – Published: 2026-07-14 17:08 – Updated: 2026-07-17 21:32
    VLAI
    Title
    Microsoft Excel Remote Code Execution Vulnerability
    Summary
    Buffer over-read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft 365 Apps for Enterprise Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Excel 2016 Affected: 16.0.0.0 , < 16.0.5561.1001 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2019 Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 365 for Mac Affected: 1.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2021 Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2024 Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2021 Affected: 16.0.1 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2024 Affected: 16.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Office Online Server Affected: 16.0.0.0 , < 16.0.10417.20175 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55036",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-10T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T03:56:17.375Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft 365 Apps for Enterprise",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Excel 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1001",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office 365 for Mac",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Office Online Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.10417.20175",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:ltsc:*:*:*",
                      "versionEndExcluding": "16.0.10417.20175",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:excel_2016:*:*:*:*:*:*:x86:*",
                      "versionEndExcluding": "16.0.5561.1001",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_365:*:*:*:*:*:macos:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Buffer over-read in Microsoft Office Excel allows an unauthorized attacker to execute code locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-126",
                  "description": "CWE-126: Buffer Over-read",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T21:32:44.464Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Excel Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55036"
            }
          ],
          "title": "Microsoft Excel Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-55036",
        "datePublished": "2026-07-14T17:08:51.360Z",
        "dateReserved": "2026-06-16T14:13:49.835Z",
        "dateUpdated": "2026-07-17T21:32:44.464Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55031 (GCVE-0-2026-55031)

    Vulnerability from nvd – Published: 2026-07-14 17:08 – Updated: 2026-07-17 21:32
    VLAI
    Title
    Microsoft Excel Remote Code Execution Vulnerability
    Summary
    Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft 365 Apps for Enterprise Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Excel 2016 Affected: 16.0.0.0 , < 16.0.5561.1001 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2019 Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 365 for Mac Affected: 1.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2021 Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2024 Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2021 Affected: 16.0.1 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2024 Affected: 16.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Office Online Server Affected: 16.0.0.0 , < 16.0.10417.20175 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55031",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-15T03:56:19.366978Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T11:12:13.438Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft 365 Apps for Enterprise",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Excel 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1001",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office 365 for Mac",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Office Online Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.10417.20175",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_365:*:*:*:*:*:macos:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:ltsc:*:*:*",
                      "versionEndExcluding": "16.0.10417.20175",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:excel_2016:*:*:*:*:*:*:x86:*",
                      "versionEndExcluding": "16.0.5561.1001",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125: Out-of-bounds Read",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T21:32:28.748Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Excel Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55031"
            }
          ],
          "title": "Microsoft Excel Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-55031",
        "datePublished": "2026-07-14T17:08:38.995Z",
        "dateReserved": "2026-06-16T14:12:44.285Z",
        "dateUpdated": "2026-07-17T21:32:28.748Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55029 (GCVE-0-2026-55029)

    Vulnerability from nvd – Published: 2026-07-14 17:08 – Updated: 2026-07-17 21:32
    VLAI
    Title
    Microsoft Excel Remote Code Execution Vulnerability
    Summary
    Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft 365 Apps for Enterprise Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Excel 2016 Affected: 16.0.0.0 , < 16.0.5561.1001 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2019 Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 365 for Mac Affected: 1.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2021 Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2024 Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2021 Affected: 16.0.1 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2024 Affected: 16.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Office Online Server Affected: 16.0.0.0 , < 16.0.10417.20175 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55029",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-10T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T03:56:20.664Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft 365 Apps for Enterprise",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Excel 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1001",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office 365 for Mac",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Office Online Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.10417.20175",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:ltsc:*:*:*",
                      "versionEndExcluding": "16.0.10417.20175",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:excel_2016:*:*:*:*:*:*:x86:*",
                      "versionEndExcluding": "16.0.5561.1001",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_365:*:*:*:*:*:macos:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T21:32:31.617Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Excel Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55029"
            }
          ],
          "title": "Microsoft Excel Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-55029",
        "datePublished": "2026-07-14T17:08:41.617Z",
        "dateReserved": "2026-06-16T14:12:44.285Z",
        "dateUpdated": "2026-07-17T21:32:31.617Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55025 (GCVE-0-2026-55025)

    Vulnerability from nvd – Published: 2026-07-14 17:08 – Updated: 2026-07-17 21:32
    VLAI
    Title
    Microsoft Excel Remote Code Execution Vulnerability
    Summary
    Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft 365 Apps for Enterprise Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Excel 2016 Affected: 16.0.0.0 , < 16.0.5561.1001 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2019 Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 365 for Mac Affected: 1.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2021 Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2024 Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2021 Affected: 16.0.1 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2024 Affected: 16.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Office Online Server Affected: 16.0.0.0 , < 16.0.10417.20175 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55025",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-15T03:56:24.197947Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T11:11:58.321Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft 365 Apps for Enterprise",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Excel 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1001",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office 365 for Mac",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Office Online Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.10417.20175",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:ltsc:*:*:*",
                      "versionEndExcluding": "16.0.10417.20175",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:excel_2016:*:*:*:*:*:*:x86:*",
                      "versionEndExcluding": "16.0.5561.1001",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_365:*:*:*:*:*:macos:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Access of resource using incompatible type (\u0027type confusion\u0027) in Microsoft Office Excel allows an unauthorized attacker to execute code locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-843",
                  "description": "CWE-843: Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T21:32:27.122Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Excel Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55025"
            }
          ],
          "title": "Microsoft Excel Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-55025",
        "datePublished": "2026-07-14T17:08:37.352Z",
        "dateReserved": "2026-06-16T14:12:44.285Z",
        "dateUpdated": "2026-07-17T21:32:27.122Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55024 (GCVE-0-2026-55024)

    Vulnerability from nvd – Published: 2026-07-14 17:08 – Updated: 2026-07-17 21:32
    VLAI
    Title
    Microsoft Excel Remote Code Execution Vulnerability
    Summary
    Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft 365 Apps for Enterprise Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Excel 2016 Affected: 16.0.0.0 , < 16.0.5561.1001 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2019 Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 365 for Mac Affected: 1.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2021 Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2024 Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2021 Affected: 16.0.1 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2024 Affected: 16.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Office Online Server Affected: 16.0.0.0 , < 16.0.10417.20175 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55024",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T18:16:06.252964Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T18:16:18.506Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft 365 Apps for Enterprise",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Excel 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1001",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office 365 for Mac",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Office Online Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.10417.20175",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_365:*:*:*:*:*:macos:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:ltsc:*:*:*",
                      "versionEndExcluding": "16.0.10417.20175",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:excel_2016:*:*:*:*:*:*:x86:*",
                      "versionEndExcluding": "16.0.5561.1001",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Access of resource using incompatible type (\u0027type confusion\u0027) in Microsoft Office Excel allows an unauthorized attacker to execute code locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-843",
                  "description": "CWE-843: Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T21:32:22.091Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Excel Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55024"
            }
          ],
          "title": "Microsoft Excel Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-55024",
        "datePublished": "2026-07-14T17:08:32.354Z",
        "dateReserved": "2026-06-16T14:12:44.284Z",
        "dateUpdated": "2026-07-17T21:32:22.091Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-50408 (GCVE-0-2026-50408)

    Vulnerability from nvd – Published: 2026-07-14 17:08 – Updated: 2026-07-17 21:32
    VLAI
    Title
    Microsoft Excel Information Disclosure Vulnerability
    Summary
    Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft 365 Apps for Enterprise Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Excel 2016 Affected: 16.0.0.0 , < 16.0.5561.1001 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2019 Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 365 for Mac Affected: 1.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2021 Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2024 Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2021 Affected: 16.0.1 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2024 Affected: 16.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Office Online Server Affected: 16.0.0.0 , < 16.0.10417.20175 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-50408",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-16T13:59:16.493768Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-16T14:00:10.059Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft 365 Apps for Enterprise",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Excel 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1001",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office 365 for Mac",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Office Online Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.10417.20175",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:ltsc:*:*:*",
                      "versionEndExcluding": "16.0.10417.20175",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:excel_2016:*:*:*:*:*:*:x86:*",
                      "versionEndExcluding": "16.0.5561.1001",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_365:*:*:*:*:*:macos:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125: Out-of-bounds Read",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T21:32:22.623Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Excel Information Disclosure Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50408"
            }
          ],
          "title": "Microsoft Excel Information Disclosure Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-50408",
        "datePublished": "2026-07-14T17:08:32.834Z",
        "dateReserved": "2026-06-04T18:56:53.259Z",
        "dateUpdated": "2026-07-17T21:32:22.623Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-48580 (GCVE-0-2026-48580)

    Vulnerability from nvd – Published: 2026-07-14 17:08 – Updated: 2026-07-17 21:32
    VLAI
    Title
    Microsoft Excel Information Disclosure Vulnerability
    Summary
    Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-822 - Untrusted Pointer Dereference
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft 365 Apps for Enterprise Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Excel 2016 Affected: 16.0.0.0 , < 16.0.5561.1001 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2019 Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 365 for Mac Affected: 1.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2021 Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2024 Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2021 Affected: 16.0.1 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2024 Affected: 16.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Office Online Server Affected: 16.0.0.0 , < 16.0.10417.20175 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-48580",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-15T13:57:06.636700Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T13:57:14.114Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft 365 Apps for Enterprise",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Excel 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1001",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office 365 for Mac",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Office Online Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.10417.20175",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:ltsc:*:*:*",
                      "versionEndExcluding": "16.0.10417.20175",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:excel_2016:*:*:*:*:*:*:x86:*",
                      "versionEndExcluding": "16.0.5561.1001",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_365:*:*:*:*:*:macos:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to disclose information locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-822",
                  "description": "CWE-822: Untrusted Pointer Dereference",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T21:32:15.484Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Excel Information Disclosure Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48580"
            }
          ],
          "title": "Microsoft Excel Information Disclosure Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-48580",
        "datePublished": "2026-07-14T17:08:29.197Z",
        "dateReserved": "2026-05-21T20:00:35.246Z",
        "dateUpdated": "2026-07-17T21:32:15.484Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-58618 (GCVE-0-2026-58618)

    Vulnerability from nvd – Published: 2026-07-14 17:05 – Updated: 2026-07-17 21:29
    VLAI
    Title
    Microsoft Excel Remote Code Execution Vulnerability
    Summary
    Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft 365 Apps for Enterprise Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Excel 2016 Affected: 16.0.0.0 , < 16.0.5561.1001 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2019 Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 365 for Mac Affected: 1.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2021 Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2024 Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2021 Affected: 16.0.1 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2024 Affected: 16.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Office Online Server Affected: 16.0.0.0 , < 16.0.10417.20175 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-58618",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-10T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T03:56:06.770Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft 365 Apps for Enterprise",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Excel 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1001",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office 365 for Mac",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Office Online Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.10417.20175",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:ltsc:*:*:*",
                      "versionEndExcluding": "16.0.10417.20175",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:excel_2016:*:*:*:*:*:*:x86:*",
                      "versionEndExcluding": "16.0.5561.1001",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_365:*:*:*:*:*:macos:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T21:29:21.514Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Excel Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-58618"
            }
          ],
          "title": "Microsoft Excel Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-58618",
        "datePublished": "2026-07-14T17:05:33.929Z",
        "dateReserved": "2026-07-01T18:03:43.126Z",
        "dateUpdated": "2026-07-17T21:29:21.514Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55948 (GCVE-0-2026-55948)

    Vulnerability from nvd – Published: 2026-07-14 17:05 – Updated: 2026-07-17 21:28
    VLAI
    Title
    Microsoft Excel Remote Code Execution Vulnerability
    Summary
    Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft 365 Apps for Enterprise Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Excel 2016 Affected: 16.0.0.0 , < 16.0.5561.1001 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2019 Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 365 for Mac Affected: 1.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2021 Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2024 Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2021 Affected: 16.0.1 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2024 Affected: 16.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Office Online Server Affected: 16.0.0.0 , < 16.0.10417.20175 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55948",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-10T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T03:56:10.684Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft 365 Apps for Enterprise",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Excel 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1001",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office 365 for Mac",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Office Online Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.10417.20175",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_365:*:*:*:*:*:macos:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:ltsc:*:*:*",
                      "versionEndExcluding": "16.0.10417.20175",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:excel_2016:*:*:*:*:*:*:x86:*",
                      "versionEndExcluding": "16.0.5561.1001",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416: Use After Free",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T21:28:58.991Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Excel Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55948"
            }
          ],
          "title": "Microsoft Excel Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-55948",
        "datePublished": "2026-07-14T17:05:11.111Z",
        "dateReserved": "2026-06-17T17:37:17.983Z",
        "dateUpdated": "2026-07-17T21:28:58.991Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55899 (GCVE-0-2026-55899)

    Vulnerability from nvd – Published: 2026-07-14 17:05 – Updated: 2026-07-17 21:28
    VLAI
    Title
    Microsoft Excel Remote Code Execution Vulnerability
    Summary
    Stack-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    • CWE-20 - Improper Input Validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft 365 Apps for Enterprise Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Excel 2016 Affected: 16.0.0.0 , < 16.0.5561.1001 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2019 Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 365 for Mac Affected: 1.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2021 Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2024 Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2021 Affected: 16.0.1 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2024 Affected: 16.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Office Online Server Affected: 16.0.0.0 , < 16.0.10417.20175 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55899",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-15T03:56:11.871911Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T11:13:39.404Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft 365 Apps for Enterprise",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Excel 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1001",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office 365 for Mac",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Office Online Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.10417.20175",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_365:*:*:*:*:*:macos:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:ltsc:*:*:*",
                      "versionEndExcluding": "16.0.10417.20175",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:excel_2016:*:*:*:*:*:*:x86:*",
                      "versionEndExcluding": "16.0.5561.1001",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Stack-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121: Stack-based Buffer Overflow",
                  "lang": "en-US",
                  "type": "CWE"
                },
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20: Improper Input Validation",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T21:28:57.987Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Excel Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55899"
            }
          ],
          "title": "Microsoft Excel Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-55899",
        "datePublished": "2026-07-14T17:05:10.091Z",
        "dateReserved": "2026-06-17T17:36:34.621Z",
        "dateUpdated": "2026-07-17T21:28:57.987Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-54988 (GCVE-0-2026-54988)

    Vulnerability from nvd – Published: 2026-07-14 17:05 – Updated: 2026-07-17 21:28
    VLAI
    Title
    Microsoft Excel Information Disclosure Vulnerability
    Summary
    Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft 365 Apps for Enterprise Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Excel 2016 Affected: 16.0.0.0 , < 16.0.5561.1001 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2019 Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 365 for Mac Affected: 1.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2021 Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2024 Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2021 Affected: 16.0.1 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2024 Affected: 16.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Office Online Server Affected: 16.0.0.0 , < 16.0.10417.20175 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-54988",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T17:46:04.548643Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T18:01:09.198Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft 365 Apps for Enterprise",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Excel 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1001",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office 365 for Mac",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Office Online Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.10417.20175",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_365:*:*:*:*:*:macos:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:ltsc:*:*:*",
                      "versionEndExcluding": "16.0.10417.20175",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:excel_2016:*:*:*:*:*:*:x86:*",
                      "versionEndExcluding": "16.0.5561.1001",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125: Out-of-bounds Read",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T21:28:57.444Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Excel Information Disclosure Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-54988"
            }
          ],
          "title": "Microsoft Excel Information Disclosure Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-54988",
        "datePublished": "2026-07-14T17:05:09.425Z",
        "dateReserved": "2026-06-16T14:10:05.868Z",
        "dateUpdated": "2026-07-17T21:28:57.444Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-50678 (GCVE-0-2026-50678)

    Vulnerability from nvd – Published: 2026-07-14 17:05 – Updated: 2026-07-17 21:28
    VLAI
    Title
    Microsoft Excel Information Disclosure Vulnerability
    Summary
    Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft 365 Apps for Enterprise Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Excel 2016 Affected: 16.0.0.0 , < 16.0.5561.1001 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2019 Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 365 for Mac Affected: 1.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2021 Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2024 Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2021 Affected: 16.0.1 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC for Mac 2024 Affected: 16.0.0 , < 16.111.26071215 (custom)
    Create a notification for this product.
    Microsoft Office Online Server Affected: 16.0.0.0 , < 16.0.10417.20175 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-50678",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T18:08:04.480302Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T18:08:13.019Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft 365 Apps for Enterprise",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Excel 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5561.1001",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office 365 for Mac",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office LTSC 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Office LTSC for Mac 2024",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.111.26071215",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Office Online Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.10417.20175",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:ltsc:*:*:*",
                      "versionEndExcluding": "16.0.10417.20175",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:excel_2016:*:*:*:*:*:*:x86:*",
                      "versionEndExcluding": "16.0.5561.1001",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_365:*:*:*:*:*:macos:*:*",
                      "versionEndExcluding": "16.111.26071215",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to disclose information locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.6,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T21:28:56.898Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Excel Information Disclosure Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50678"
            }
          ],
          "title": "Microsoft Excel Information Disclosure Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-50678",
        "datePublished": "2026-07-14T17:05:08.873Z",
        "dateReserved": "2026-06-05T14:35:07.080Z",
        "dateUpdated": "2026-07-17T21:28:56.898Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }