DNA View

High Severity Vulnerability

This vulnerability has been rated as High severity. Immediate action is recommended.

CVE-2026-20949

High

Low Medium High Critical

7.8

CVSS Score

Published: Jan 13, 2026

Last Modified: Jan 16, 2026

CWE: CWE-284

Vulnerability Description

Improper access control in Microsoft Office Excel allows an unauthorized attacker to bypass a security feature locally.

CVSS Metrics

Common Vulnerability Scoring System

Vector String:

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Known Affected Software

3 configuration(s) from 1 vendor(s)

office_long_term_servicing_channel

Version:

2024

CPE:

cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:-:x64:*

office_long_term_servicing_channel

Version:

2021

CPE:

cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x86:*

365_apps

Version:

CPE:

cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*

This vulnerability affects 3 software configuration(s). Ensure you patch all affected systems.

References & Resources

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20949
secure@microsoft.com Vendor Advisory

Severity Details

7.8

out of 10.0

High

Weakness Type (CWE)

CWE-284

Improper Access Control

Description: The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Typical Severity: Medium
Abstraction Level: Pillar

View CWE Details on MITRE

Key Information

Published Date: January 13, 2026

External Resources

NIST NVD

National Vulnerability Database

MITRE CVE

Official CVE record

CVE Vulnerabilities

Posts & Pages

High Severity Vulnerability

CVE-2026-20949

Vulnerability Description

CVSS Metrics

Known Affected Software

microsoft

References & Resources

Severity Details

Weakness Type (CWE)

Key Information

External Resources