CVE-2026-26144
published 2026-03-10CVE-2026-26144: Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Excel allows an unauthorized attacker to disclose…
medium4.7CVSS 3.1
AVNACLPRNUIRSCCLINAN
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | microsoft_365_apps_for_enterprise | >= 16.0.1 < https://aka.ms/OfficeSecurityReleases | https://aka.ms/OfficeSecurityReleases |
| msrc | microsoft_365_apps_for_enterprise_for_32-bit_systems | — | — |
| msrc | microsoft_365_apps_for_enterprise_for_64-bit_systems | — | — |