CVE-2026-44818

Published Jun 9, 2026

Last updated 10 days ago

CVSS high 7.0

Overview

Description: Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Source: secure@microsoft.com
NVD status: Analyzed
Products: 365_apps, excel, microsoft_365, office_2019, office_2021, office_2024, office_online_server

Risk scores

CVSS 3.1

Type: Secondary
Base score: 7
Impact score: 5.9
Exploitability score: 1
Vector string: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

secure@microsoft.com: CWE-362

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*",
            "matchCriteriaId": "3259EBFE-AE2D-48B8-BE9A-E22BBDB31378",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*",
            "matchCriteriaId": "CD25F492-9272-4836-832C-8439EBE64CCF",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x64:*",
            "matchCriteriaId": "CD88F667-6773-4DB7-B6C3-9C7B769C0808",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x86:*",
            "matchCriteriaId": "B342EF98-B414-44D0-BAFB-FCA24294EECE",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:microsoft:microsoft_365:-:*:*:*:*:macos:*:*",
            "matchCriteriaId": "12418BDE-FA2E-4BBF-8E47-45C505399898",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:microsoft:office_2019:-:*:*:*:*:*:x64:*",
            "matchCriteriaId": "241CDE2B-ABD0-4EFF-8D73-1766E32FA20F",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:microsoft:office_2019:-:*:*:*:*:*:x86:*",
            "matchCriteriaId": "14D63E3F-A431-4DD8-979F-811E8DAC423D",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:microsoft:office_2021:-:*:*:*:ltsc:-:x64:*",
            "matchCriteriaId": "1D518075-3362-4D15-93B1-0E6C61518D16",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:microsoft:office_2021:-:*:*:*:ltsc:-:x86:*",
            "matchCriteriaId": "1059BEC6-C30B-4F0F-A878-5267A21CBD85",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:microsoft:office_2021:-:*:*:*:ltsc:macos:-:*",
            "matchCriteriaId": "0DB3EBBF-E0C4-4D5A-8D22-107463AD1DE4",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:microsoft:office_2024:-:*:*:*:ltsc:-:x64:*",
            "matchCriteriaId": "55A9AFDA-D77B-4CC7-ACE5-3A2ABDA257D8",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:microsoft:office_2024:-:*:*:*:ltsc:-:x86:*",
            "matchCriteriaId": "8887D177-26A3-4008-89B6-50A9E9830F13",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:microsoft:office_2024:-:*:*:*:ltsc:macos:-:*",
            "matchCriteriaId": "589B470B-9C2E-41E2-A44D-D8CCB4D2F933",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "E98AE986-FA31-4301-8025-E8915BA4AC5E",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

Related CVEs

References