Critical Microsoft Excel Information Disclosure Vulnerability (CVE-2026-26144)
Microsoft published guidance for CVE-2026-26144, a Critical Microsoft Excel information disclosure vulnerability tracked in the Microsoft Security Update Guide. Microsoft maps the issue to CWE-79 (improper neutralization of input during web page generation / XSS) and provides CVSS v3.1 scoring indicating network-reachable exploitation conditions with high confidentiality impact (vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
The advisory is available via MSRC’s Update Guide endpoints (including RSS, PowerShell, API, and CSAF links) to support patch/vulnerability management workflows. No additional incident context, exploitation details, or third-party reporting is included in the provided material beyond the MSRC advisory metadata and scoring.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
1 event from the most recent confirmed update back to the earliest known activity.
Microsoft discloses CVE-2026-26144 in Excel Security Update Guide
Microsoft published Security Update Guide entries for CVE-2026-26144, identifying it as a Microsoft Excel information disclosure vulnerability. No additional technical synopsis was provided in the referenced advisories.
Sources
2 references tracked. Mallory keeps watching after this page renders.
CVE-2026-26144 - Security Update Guide - Microsoft - Microsoft Excel Information Disclosure Vulnerability
msrc.microsoft.com
Open sourceCVE-2026-26144 - Security Update Guide - Microsoft - Microsoft Excel Information Disclosure Vulnerability
msrc.microsoft.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Multiple Microsoft Excel Remote Code Execution Flaws Added to MSRC Update Guide
Microsoft added several **Microsoft Excel Remote Code Execution** entries to its Security Update Guide, including `CVE-2025-62556`, `CVE-2025-62564`, `CVE-2025-54896`, and `CVE-2025-59233`. The advisories identify the affected product as Microsoft Excel and classify each issue as a remote code execution vulnerability, indicating that successful exploitation could allow arbitrary code to run in the context of the targeted application. The referenced entries were published across multiple update cycles in 2025, with `CVE-2025-54896` appearing in September, `CVE-2025-59233` in October, and `CVE-2025-62556` and `CVE-2025-62564` in December. Microsoft provided the vulnerabilities through its MSRC Security Update Guide, but the referenced records did not include public synopses in the source material, leaving the CVE identifiers and product classification as the primary confirmed details.
May 25, 2026
Microsoft Windows Kernel Elevation of Privilege Vulnerability (CVE-2026-24289)
Microsoft published guidance for **CVE-2026-24289**, an **Important** severity **Windows Kernel elevation of privilege** vulnerability caused by **CWE-416 (use-after-free)**. Microsoft scored the issue with **CVSS 3.1: 7.8** (vector `AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H`), indicating exploitation requires **local** access with **low** attack complexity and **low privileges**, and could result in high impact to confidentiality, integrity, and availability if successfully exploited. The Security Update Guide entry provides standard Microsoft consumption options (e.g., *PowerShell*, API, CSAF) for tracking and integrating the advisory into vulnerability management workflows. The two provided references are effectively duplicate MSRC pages for the same CVE (one localized under `/en-US/`) and do not add distinct technical details beyond the vulnerability classification and scoring.
Mar 21, 2026
Microsoft March 2026 Patch Tuesday Vulnerabilities Across SharePoint, Office/Excel, Windows Drivers, and GDI
Microsoft published security advisories for multiple **Important** and **Critical** vulnerabilities affecting *SharePoint Server*, *Microsoft Office/Excel*, Windows components, and *GDI*. The highest-impact server-side issue is **CVE-2026-26114**, a *SharePoint Server* **remote code execution** flaw attributed to **CWE-502 (deserialization of untrusted data)** with a CVSS v3.1 vector `AV:N/AC:L/PR:L/UI:N` (base score shown as 8.8), indicating network reachability with low complexity and requiring low privileges. Microsoft also disclosed **CVE-2026-26105**, a *SharePoint Server* **spoofing** issue mapped to **CWE-79 (XSS)** with `AV:N/AC:L/PR:N/UI:R` (base score shown as 8.1), implying remote exploitation that requires user interaction. On the endpoint/application side, Microsoft listed several *Office/Excel* **remote code execution** vulnerabilities: **CVE-2026-26109** (Excel RCE; **CWE-125 out-of-bounds read**; vector `AV:L/AC:L/PR:N/UI:N`, base score shown as 8.4), **CVE-2026-26108** (Excel RCE; **CWE-122 heap-based buffer overflow**; `AV:L/AC:L/PR:N/UI:R`, base score shown as 7.8), and **CVE-2026-26112** (Excel RCE; **CWE-822 untrusted pointer dereference**; `AV:L/AC:L/PR:N/UI:R`, base score shown as 7.8). Microsoft also published **CVE-2026-26113**, a **Critical** *Microsoft Office* RCE (also **CWE-822**) with `AV:L/AC:L/PR:N/UI:N` (base score shown as 8.4); one reference is a duplicate advisory page for the same CVE. Additional component advisories include **CVE-2026-24288** (Windows Mobile Broadband Driver RCE; **CWE-122**; `AV:P/AC:L/PR:N/UI:N`, base score shown as 6.8, requiring physical access) and **CVE-2026-25190** (GDI RCE; **CWE-426 untrusted search path**; `AV:L/AC:L/PR:N/UI:R`, base score shown as 7.8).
Mar 21, 2026