Spoofing Vulnerability in Office for Android by Microsoft
CVE-2026-45649

7.1HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Excel For Android; Microsoft Powerpoint For Android; Microsoft Word For Android
Vendor: CVE Published:; 9 June 2026

What is CVE-2026-45649?

An improper access control vulnerability in Office for Android enables unauthorized attackers to execute spoofing attacks locally, potentially compromising user data and system integrity. It is essential for users to apply the latest security updates to mitigate this risk.

Affected Version(s)

Microsoft Excel for Android 16.0.0.0 < 16.0.20131.20024

Microsoft PowerPoint for Android 16.0.0.0 < 16.0.20131.20024

Microsoft Word for Android 16.0.0.0 < 16.0.20131.20024

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisorypatch

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 9, 2026
Vulnerability Reserved
May 12, 2026

CVE-2026-45649 Data

JSON