Microsoft Excel vulnerabilities

CVE-2026-26133 [HIGH] CWE-77 CVE-2026-26133: AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.

CVE-2026-26107 [HIGH] CWE-416 CVE-2026-26107: Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-26108 [HIGH] CWE-122 CVE-2026-26108: Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-26109 [HIGH] CWE-125 CVE-2026-26109: Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-26112 [HIGH] CWE-822 CVE-2026-26112: Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute c Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-21259 [HIGH] CWE-122 CVE-2026-21259: Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to elevate priv Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to elevate privileges locally.

CVE-2026-21258 [MEDIUM] CWE-20 CVE-2026-21258: Improper input validation in Microsoft Office Excel allows an unauthorized attacker to disclose info Improper input validation in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

CVE-2026-21261 [MEDIUM] CWE-125 CVE-2026-21261: Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

CVE-2026-20946 [HIGH] CWE-125 CVE-2026-20946: Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-20950 [HIGH] CWE-416 CVE-2026-20950: Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-20957 [HIGH] CWE-122 CVE-2026-20957: Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2025-62564 [HIGH] CWE-125 CVE-2025-62564: Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2025-62560 [HIGH] CWE-126 CVE-2025-62560: Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute c Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2025-62553 [HIGH] CWE-416 CVE-2025-62553: Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2025-62563 [HIGH] CWE-416 CVE-2025-62563: Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2025-62561 [HIGH] CWE-822 CVE-2025-62561: Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute c Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2025-62556 [HIGH] CWE-822 CVE-2025-62556: Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute c Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2025-62202 [HIGH] CWE-125 CVE-2025-62202: Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

CVE-2025-62200 [HIGH] CWE-822 CVE-2025-62200: Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute c Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2025-60727 [HIGH] CWE-125 CVE-2025-60727: Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.