CVE-2026-55041 – Microsoft Excel Remote Code Execution Vulnerability

CVSS 7.8 IMPORTANT Critical or Zero Day – Immediate Deployment

“A single Excel spreadsheet can become the first step in a serious cyberattack when critical vulnerabilities remain unpatched.”

A heap-based buffer overflow vulnerability in Microsoft Excel allows an unauthorized attacker to execute arbitrary code on a local system. Successful exploitation requires a user to open a specially crafted Excel file. Microsoft has released security updates for affected Excel and Office products.

CVSS Score: 7.8

SEVERITY: Critical

THREAT:
This vulnerability allows an attacker to execute arbitrary code by convincing a user to open a specially crafted Excel workbook. Malicious spreadsheets can be distributed through phishing emails, file-sharing services, or collaboration platforms. If exploited, the attacker can execute code with the privileges of the current user, potentially resulting in malware installation, credential theft, or further compromise of the affected device.

EXPLOITS:
At the time of publication, the vulnerability has not been publicly disclosed and Microsoft has not detected active exploitation. Microsoft assesses exploitation as less likely. The CVSS v3.1 temporal metrics list exploit code maturity as Unproven, and the provided information does not confirm the existence of publicly available proof-of-concept exploit code.

TECHNICAL SUMMARY:
The vulnerability is caused by a heap-based buffer overflow (CWE-122) in Microsoft Excel. A specially crafted Excel file can trigger memory corruption, allowing arbitrary code execution. Although categorized as a Remote Code Execution vulnerability, Microsoft explains that the attack itself is carried out locally after a user opens the malicious file.

EXPLOITABILITY:
Affected products include Microsoft 365 Apps for Enterprise (32-bit and 64-bit), Microsoft Excel 2016 (32-bit and 64-bit), Microsoft Office 2019, Microsoft Office LTSC 2021, Microsoft Office LTSC 2024, and Office Online Server. Exploitation requires no attacker privileges but does require user interaction, specifically opening a specially crafted Excel file.

BUSINESS IMPACT:
Excel files are commonly exchanged inside and outside organizations, making them a frequent target for phishing campaigns. Successful exploitation could allow attackers to execute malicious code, deploy ransomware, steal sensitive business information, or establish a foothold for additional attacks across the network.

WORKAROUND:
No mitigations or workarounds are available. Microsoft recommends installing the appropriate security updates for all affected Excel and Office products.

URGENCY:
This vulnerability should be deployed urgently because it is rated Critical. Although user interaction is required, malicious spreadsheet attachments remain a common attack vector. Prompt deployment of the available security updates significantly reduces the risk of compromise.

Key Details

Affected Product
Microsoft 365 Apps
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
CWE Classification
CWE-122
Patch this CVE on all your endpoints in under 5 minutes. First 200 endpoints are free forever, scale as needed.