Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
File-parsing flaw requires victim to open a crafted document (AV:L, UI:R); no prior system privileges needed by attacker (PR:N); impact confined to confidentiality of the vulnerable process (C:H/I:N/A:N).
Primary rating from Vendor (microsoft).
CVSS VectorVendor: microsoft
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
AnalysisAI
Untrusted pointer dereference (CWE-822) in Microsoft Excel allows a local attacker to disclose sensitive memory contents when a victim opens a specially crafted workbook. The flaw affects a broad swath of Microsoft Office product lines - from Excel 2016 through Office LTSC 2024 and their Mac counterparts - as confirmed by CPE enumeration. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires a local user to actively open a specially crafted Excel workbook; the CVSS AV:L metric confirms the attack surface is local and the attack cannot be triggered remotely without the victim performing a file-open action. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N yields a Medium score of 5.5. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker crafts a malicious Excel workbook embedding a pointer value designed to trigger the CWE-822 condition during file parsing, then delivers it via phishing email or a compromised file-sharing platform to a target user. When the victim opens the document, Excel's parser dereferences the untrusted pointer, leaking process memory - potentially exposing credentials, tokens, or other sensitive data accessible within the Office process space. … |
| Remediation | Apply the vendor-released patch confirmed available through the Microsoft Security Response Center at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55138; deploy via Windows Update, Microsoft Update Catalog, or enterprise patch management tools such as WSUS or Intune. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Local code execution in Microsoft Word (and Office/SharePoint components that render Word content) stems from an integer
Local code execution in Microsoft Office (2016, 2019, LTSC 2021/2024, Microsoft 365 Apps, and the macOS editions) arises
Arbitrary code execution in Microsoft Office Word (and the broader Office/365/SharePoint family) arises from a stack-bas
Local code execution in Microsoft Office (including Microsoft 365 Apps for Enterprise, Office 2016/2019, and Office LTSC
Local code execution in Microsoft Word (part of Microsoft 365 Apps, Office 2019, Office LTSC 2021/2024, and Office for M
Local arbitrary code execution in Microsoft Office (2016, 2019, LTSC 2021/2024, Microsoft 365 Apps for Enterprise, and O
Arbitrary code execution in Microsoft PowerPoint (and the broader Microsoft Office/365 suite on Windows and macOS) arise
Local code execution in Microsoft Office PowerPoint (including Microsoft 365 Apps, Office 2019, Office LTSC 2021/2024, a
Local code execution in Microsoft Office PowerPoint (CWE-122 heap-based buffer overflow) lets an unauthorized attacker r
Local code execution in Microsoft Word (and the wider Microsoft Office / Microsoft 365 Apps family) lets an unauthorized
Local code execution in Microsoft Office (2016, 2019, LTSC 2021/2024, Microsoft 365 Apps for Enterprise, and Office for
Local code execution in Microsoft Office (2016, 2019, LTSC 2021/2024, Microsoft 365 Apps, and Office for Mac 2021/2024)
Same weakness CWE-822 – Untrusted Pointer Dereference
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-44187
GHSA-v936-2qfp-r4vf