Cross-Site Scripting Vulnerability in Microsoft Office Excel
CVE-2026-26144

7.5HIGH

Key Information:

Vendor

Microsoft
Status
Microsoft 365 Apps For Enterprise
Vendor
CVE Published:
10 March 2026

Badges

👾 Exploit Exists📰 News Worthy

What is CVE-2026-26144?

An issue in Microsoft Office Excel arises from improper handling of input during web page generation, which may allow an unauthorized attacker to craft malicious content. This content can potentially lead to the disclosure of sensitive information over a network, posing significant risks to users’ data security. Users are advised to apply the necessary patches and updates to mitigate the risk associated with this vulnerability.

Affected Version(s)

Microsoft 365 Apps for Enterprise 32-bit Systems 16.0.1

News Articles

favicon imageDark Reading

Every Old Vulnerability Is Now an AI Vulnerability

AI's danger isn't that it's creating new bugs, it's that it's amplifying old ones.

3 weeks ago

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...
vendor-advisorypatch

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by Dark Reading

  • Vulnerability published

  • Vulnerability Reserved

.