High Severity Vulnerability
This vulnerability has been rated as High severity. Immediate action is recommended.
CVE-2026-20946
High
Low
Medium
High
Critical
7.8
CVSS Score
Vulnerability Description
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVSS Metrics
Common Vulnerability Scoring System
Vector String:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
L
Attack Complexity
L
Privileges Required
N
User Interaction
R
Scope
U
Confidentiality
H
Integrity
H
Availability
H
Known Affected Software
5 configuration(s) from 1 vendor(s)
office_long_term_servicing_channel
Version:
2024
CPE:
cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:-:x64:*
office_long_term_servicing_channel
Version:
2021
CPE:
cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x86:*
office
Version:
2019
CPE:
cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:x64:*
excel
Version:
2016
CPE:
cpe:2.3:a:microsoft:excel:2016:*:*:*:*:mac_os_x:*:*
365_apps
Version:
-
CPE:
cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*
This vulnerability affects 5 software configuration(s). Ensure you patch all affected systems.
Severity Details
7.8
out of 10.0
High
Weakness Type (CWE)
CWE-125
Top 25 #11
Out-of-bounds Read
- Description
- The product reads data past the end, or before the beginning, of the intended buffer.
- Typical Severity
- High
- Abstraction Level
- Base
Key Information
- Published Date
- January 13, 2026
