CVE-2026-44818

Published: Jun 9, 2026Modified: Jun 11, 2026

7.0

Vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.0 / Impact: 5.9

Source: secure@microsoft.com

Description

Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Affected (14)

Products: Microsoft: 365 Apps, Excel, Microsoft 365, Office 2019, Office 2021, Office 2024, Office Online Server

7 products

Office Online Server

Configuration A

14 vulnerable

Vulnerable Software	Affected Versions
Microsoft 365 Apps	All versions
Microsoft 365 Apps	All versions
Microsoft Excel	Version 2016
Microsoft Excel	Version 2016
Microsoft Microsoft 365	All versions
Microsoft Office 2019	All versions
Microsoft Office 2019	All versions
Microsoft Office 2021	All versions
Microsoft Office 2021	All versions
Microsoft Office 2021	All versions
Microsoft Office 2024	All versions
Microsoft Office 2024	All versions
Microsoft Office 2024	All versions
Microsoft Office Online Server	All versions

Related CWEs

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

References (1)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-44818

Source: secure@microsoft.com

Vendor Advisory

Timeline

No history available yet.