Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2026-26112— Microsoft Excel Remote Code Execution Vulnerability

CVSS 7.8 · High EPSS 0.46% · P37

Affected Version Matrix 8

VendorProductVersion RangeStatus
MicrosoftMicrosoft 365 Apps for Enterprise16.0.1< https://aka.ms/OfficeSecurityReleasesaffected
MicrosoftMicrosoft Excel 201616.0.0.0< 16.0.5543.1000affected
MicrosoftMicrosoft Office 201919.0.0< https://aka.ms/OfficeSecurityReleasesaffected
MicrosoftMicrosoft Office LTSC 202116.0.1< https://aka.ms/OfficeSecurityReleasesaffected
MicrosoftMicrosoft Office LTSC 202416.0.0< https://aka.ms/OfficeSecurityReleasesaffected
MicrosoftMicrosoft Office LTSC for Mac 202116.0.1< 16.107.26030819affected
MicrosoftMicrosoft Office LTSC for Mac 202416.0.0< 16.107.26030819affected
MicrosoftOffice Online Server16.0.0.0< 16.0.10417.20102affected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-26112

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Microsoft Excel Remote Code Execution Vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
非可信指针解引用
Source: NVD (National Vulnerability Database)
Vulnerability Title
Microsoft Excel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Microsoft Excel是美国微软(Microsoft)公司的一款Office套件中的电子表格处理软件。 Microsoft Excel存在安全漏洞。攻击者利用该漏洞可以远程执行代码。以下产品和版本受到影响:Microsoft Office LTSC for Mac 2024,Microsoft Excel 2016 (32-bit edition),Microsoft Excel 2016 (64-bit edition),Office Online Server,Microsoft Office
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
MicrosoftMicrosoft 365 Apps for Enterprise 16.0.1 ~ https://aka.ms/OfficeSecurityReleases -
MicrosoftMicrosoft Excel 2016 16.0.0.0 ~ 16.0.5543.1000 -
MicrosoftMicrosoft Office 2019 19.0.0 ~ https://aka.ms/OfficeSecurityReleases -
MicrosoftMicrosoft Office LTSC 2021 16.0.1 ~ https://aka.ms/OfficeSecurityReleases -
MicrosoftMicrosoft Office LTSC 2024 16.0.0 ~ https://aka.ms/OfficeSecurityReleases -
MicrosoftMicrosoft Office LTSC for Mac 2021 16.0.1 ~ 16.107.26030819 -
MicrosoftMicrosoft Office LTSC for Mac 2024 16.0.0 ~ 16.107.26030819 -
MicrosoftOffice Online Server 16.0.0.0 ~ 16.0.10417.20102 -

II. Public POCs for CVE-2026-26112

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-26112

登录查看更多情报信息。

Vendor Advisories for CVE-2026-26112 (1)

Same Patch Batch · Microsoft · 2026-03-10 · 78 CVEs total

CVE-2026-251778.8 HIGHActive Directory Domain Services Elevation of Privilege Vulnerability
CVE-2026-261188.8 HIGHAzure MCP Server Tools Elevation of Privilege Vulnerability
CVE-2026-261068.8 HIGHMicrosoft SharePoint Server Remote Code Execution Vulnerability
CVE-2026-236698.8 HIGHRPC Runtime Library Remote Code Execution Vulnerability
CVE-2026-236548.8 HIGHGitHub: Zero Shot SCFoundation Remote Code Execution Vulnerability
CVE-2026-261168.8 HIGHSQL Server Elevation of Privilege Vulnerability
CVE-2026-261158.8 HIGHSQL Server Elevation of Privilege Vulnerability
CVE-2026-242838.8 HIGHMultiple UNC Provider Kernel Driver Elevation of Privilege Vulnerability
CVE-2026-209678.8 HIGHSystem Center Operations Manager (SCOM) Elevation of Privilege Vulnerability
CVE-2026-261148.8 HIGHMicrosoft SharePoint Server Remote Code Execution Vulnerability
CVE-2026-251888.8 HIGHWindows Telephony Service Elevation of Privilege Vulnerability
CVE-2026-212628.8 HIGHSQL Server Elevation of Privilege Vulnerability
CVE-2026-261108.4 HIGHMicrosoft Office Remote Code Execution Vulnerability
CVE-2026-261098.4 HIGHMicrosoft Excel Remote Code Execution Vulnerability
CVE-2026-261138.4 HIGHMicrosoft Office Remote Code Execution Vulnerability
CVE-2026-261488.1 HIGHMicrosoft Azure AD SSH Login extension for Linux Elevation of Privilege Vulnerability
CVE-2026-261058.1 HIGHMicrosoft SharePoint Server Spoofing Vulnerability
CVE-2026-251738.0 HIGHWindows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2026-251728.0 HIGHWindows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2026-261118.0 HIGHWindows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

Showing top 20 of 78 CVEs. View all on vendor page &rarr; →

IV. Related Vulnerabilities

V. Comments for CVE-2026-26112

No comments yet


Leave a comment