CVE-2026-44823
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: secure@microsoft.com (Secondary)
Description
Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Affected (14)
Products: Microsoft: 365 Apps, Excel, Microsoft 365, Office 2019, Office 2021, Office 2024, Office Online Server
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| All versions | |
| Version 2016 | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions |
Related CWEs
CWE-197
Numeric Truncation Error
Truncation errors occur when a primitive is cast to a primitive of a smaller size and data is lost in the conversion.
CWE-416
Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
References (1)
Source: secure@microsoft.com
Vendor Advisory
Timeline
No history available yet.