Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Local file-open vector (AV:L) with mandatory user interaction (UI:R), no privileges needed (PR:N), yielding full code-execution impact across C/I/A, consistent with an Office client parsing flaw.
Primary rating from Vendor (microsoft).
CVSS VectorVendor: microsoft
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
AnalysisAI
Local code execution in Microsoft Office Excel (spanning Excel 2016, Office 2019, Office LTSC 2021/2024, Microsoft 365 Apps for Enterprise, the macOS builds, and Office Online Server) arises from an out-of-bounds read (CWE-125) that an attacker triggers by convincing a user to open a maliciously crafted workbook. The CVSS 3.1 base score is 7.8 with high confidentiality, integrity, and availability impact, but exploitation requires user interaction (opening the file) and no active exploitation or public proof-of-concept has been reported. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the victim to open an attacker-supplied, specially crafted Excel workbook on a vulnerable Office installation (UI:R in the CVSS vector) - there is no remote, unauthenticated, zero-click path. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, score 7.8) frames this as a local, low-complexity issue requiring no privileges but mandatory user interaction - the AV:L reflects that the malicious workbook must be opened on the target host rather than delivered over a network service, and UI:R is the primary limiting factor. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker crafts a malicious Excel workbook with corrupted record-length or offset fields and emails it to a target as an invoice or report attachment. When the victim opens the file and the parser reads past the bounds of an allocated buffer, the attacker achieves code execution in the context of the user. … |
| Remediation | Apply the Microsoft security update for CVE-2026-55031 as documented in the Security Update Guide at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55031 - Patch available per vendor advisory; the exact fixed build numbers per product channel (Current Channel, Monthly Enterprise, LTSC, and Mac editions) should be pulled from that advisory and deployed via your normal Office/Microsoft 365 update mechanism (Click-to-Run, WSUS/Intune, or the Mac AutoUpdate tool). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours, inventory all affected Microsoft Office deployments (Excel 2016, Office 2019, Office LTSC 2021/2024, Microsoft 365 Apps for Enterprise, macOS versions, and Office Online Server) and distribute security guidance instructing users to avoid opening workbook files from external sources until patches are applied. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Local code execution in Microsoft Word (and Office/SharePoint components that render Word content) stems from an integer
Local code execution in Microsoft Office (2016, 2019, LTSC 2021/2024, Microsoft 365 Apps, and the macOS editions) arises
Arbitrary code execution in Microsoft Office Word (and the broader Office/365/SharePoint family) arises from a stack-bas
Local code execution in Microsoft Office (including Microsoft 365 Apps for Enterprise, Office 2016/2019, and Office LTSC
Local code execution in Microsoft Word (part of Microsoft 365 Apps, Office 2019, Office LTSC 2021/2024, and Office for M
Local arbitrary code execution in Microsoft Office (2016, 2019, LTSC 2021/2024, Microsoft 365 Apps for Enterprise, and O
Arbitrary code execution in Microsoft PowerPoint (and the broader Microsoft Office/365 suite on Windows and macOS) arise
Local code execution in Microsoft Office PowerPoint (including Microsoft 365 Apps, Office 2019, Office LTSC 2021/2024, a
Local code execution in Microsoft Office PowerPoint (CWE-122 heap-based buffer overflow) lets an unauthorized attacker r
Local code execution in Microsoft Word (and the wider Microsoft Office / Microsoft 365 Apps family) lets an unauthorized
Local code execution in Microsoft Office (2016, 2019, LTSC 2021/2024, Microsoft 365 Apps for Enterprise, and Office for
Local code execution in Microsoft Office (2016, 2019, LTSC 2021/2024, Microsoft 365 Apps, and Office for Mac 2021/2024)
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-44172
GHSA-88h5-prqr-v67r