Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Local malicious-file open with required user interaction gives AV:L/UI:R; an out-of-bounds read primarily leaks memory (C:H) with only crash-level availability impact (A:L), diverging from the vendor's A:H.
Primary rating from Vendor (microsoft).
CVSS VectorVendor: microsoft
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Lifecycle Timeline
2DescriptionCVE.org
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
AnalysisAI
Information disclosure in Microsoft Office Excel (2016, Office 2019, LTSC 2021/2024, Microsoft 365 Apps, Office for Mac, and Office Online Server) lets an attacker read out-of-bounds memory when a victim opens a maliciously crafted spreadsheet, potentially leaking sensitive process data such as memory contents, pointers, or credentials. Rated CVSS 7.1 with a local attack vector requiring user interaction, the flaw stems from a CWE-125 out-of-bounds read in Excel's file parser. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the victim to open an attacker-supplied, specially crafted Excel workbook in an affected Office/Excel build (UI:R user interaction is mandatory) - the attacker cannot trigger it remotely without victim action, and the AV:L vector means the malicious file must be delivered to and processed on the local machine. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H yields 7.1 (High): low attack complexity and no privileges required, but a LOCAL vector gated by required user interaction - the victim must open a malicious file. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker emails a finance employee a crafted .xlsx workbook themed as an invoice or report; when the employee opens it in Excel, the parser performs an out-of-bounds read and the leaked memory (potentially containing pointers, tokens, or document fragments) is exfiltrated back through embedded content or serves as an ASLR-bypass primitive for a follow-on exploit. The local attack vector and required user interaction mean success hinges on convincing the victim to open the file; no public POC has been identified at time of analysis. |
| Remediation | Patch available per vendor advisory - apply the Microsoft security update for CVE-2026-55122 published in the MSRC Update Guide (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55122); the input confirms a fix is available from the vendor but does not provide an exact fixed build number, so obtain the precise KB/build for each affected SKU (Microsoft 365 Apps, Excel 2016, Office 2019, LTSC 2021/2024, the Mac editions, and Office Online Server) directly from the advisory. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory all Excel installations and Microsoft 365 deployments; identify systems handling sensitive data; alert users to exercise caution with unexpected spreadsheet attachments. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Local code execution in Microsoft Word (and Office/SharePoint components that render Word content) stems from an integer
Local code execution in Microsoft Office (2016, 2019, LTSC 2021/2024, Microsoft 365 Apps, and the macOS editions) arises
Arbitrary code execution in Microsoft Office Word (and the broader Office/365/SharePoint family) arises from a stack-bas
Local code execution in Microsoft Office (including Microsoft 365 Apps for Enterprise, Office 2016/2019, and Office LTSC
Local code execution in Microsoft Word (part of Microsoft 365 Apps, Office 2019, Office LTSC 2021/2024, and Office for M
Local arbitrary code execution in Microsoft Office (2016, 2019, LTSC 2021/2024, Microsoft 365 Apps for Enterprise, and O
Arbitrary code execution in Microsoft PowerPoint (and the broader Microsoft Office/365 suite on Windows and macOS) arise
Local code execution in Microsoft Office PowerPoint (including Microsoft 365 Apps, Office 2019, Office LTSC 2021/2024, a
Local code execution in Microsoft Office PowerPoint (CWE-122 heap-based buffer overflow) lets an unauthorized attacker r
Local code execution in Microsoft Word (and the wider Microsoft Office / Microsoft 365 Apps family) lets an unauthorized
Local code execution in Microsoft Office (2016, 2019, LTSC 2021/2024, Microsoft 365 Apps for Enterprise, and Office for
Local code execution in Microsoft Office (2016, 2019, LTSC 2021/2024, Microsoft 365 Apps, and Office for Mac 2021/2024)
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-44204
GHSA-wqv8-972g-whq4