CVE-2026-20956
published 2026-01-13CVE-2026-20956: Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | microsoft_365_apps_for_enterprise | >= 16.0.1 < https://aka.ms/OfficeSecurityReleases | https://aka.ms/OfficeSecurityReleases |
| microsoft | microsoft_office_ltsc_2021 | >= 16.0.1 < https://aka.ms/OfficeSecurityReleases | https://aka.ms/OfficeSecurityReleases |
| microsoft | microsoft_office_ltsc_2024 | >= 16.0.0 < https://aka.ms/OfficeSecurityReleases | https://aka.ms/OfficeSecurityReleases |
| microsoft | microsoft_office_ltsc_for_mac_2021 | >= 16.0.1 < 16.105.26011018 | 16.105.26011018 |
| microsoft | microsoft_office_ltsc_for_mac_2024 | >= 16.0.0 < 16.105.26011018 | 16.105.26011018 |
| microsoft | office_long_term_servicing_channel | — | — |
| microsoft | office_long_term_servicing_channel | — | — |
| msrc | microsoft_365_apps_for_enterprise_for_32-bit_systems | — | — |
| msrc | microsoft_365_apps_for_enterprise_for_64-bit_systems | — | — |
| msrc | microsoft_office_ltsc_2021_for_32-bit_editions | — | — |
| msrc | microsoft_office_ltsc_2021_for_64-bit_editions | — | — |
| msrc | microsoft_office_ltsc_2024_for_32-bit_editions | — | — |
| msrc | microsoft_office_ltsc_2024_for_64-bit_editions | — | — |
| msrc | microsoft_office_ltsc_for_mac_2021 | — | — |
| msrc | microsoft_office_ltsc_for_mac_2024 | — | — |