Information Disclosure Vulnerability in Microsoft Office Excel
CVE-2026-32188

7.1HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft 365 Apps For Enterprise; Microsoft Excel 2016; Microsoft Office 2019; Microsoft Office Ltsc 2021
Vendor: CVE Published:; 14 April 2026

What is CVE-2026-32188?

An information disclosure vulnerability in Microsoft Office Excel enables unauthorized attackers to exploit out-of-bounds read conditions, potentially leading to localized data leaks. Attackers can leverage this flaw to gain access to sensitive information contained in Excel files, posing a significant threat to data privacy and organizational security. It is essential for users to apply the latest patches and updates provided by Microsoft to mitigate associated risks.

Affected Version(s)

Microsoft 365 Apps for Enterprise 32-bit Systems 16.0.1

Microsoft Excel 2016 32-bit Systems 16.0.0.0 < 16.0.5548.1000

Microsoft Office 2019 32-bit Systems 19.0.0

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisorypatch

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 14, 2026
Vulnerability Reserved
Mar 11, 2026

CVE-2026-32188 Data

JSON