DNA View

High Severity Vulnerability

This vulnerability has been rated as High severity. Immediate action is recommended.

CVE-2026-20957

High

Low Medium High Critical

7.8

CVSS Score

Published: Jan 13, 2026

Last Modified: Jan 14, 2026

CWE: CWE-122

Vulnerability Description

Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVSS Metrics

Common Vulnerability Scoring System

Vector String:

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Known Affected Software

5 configuration(s) from 1 vendor(s)

office_long_term_servicing_channel

Version:

2024

CPE:

cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:-:x64:*

office_long_term_servicing_channel

Version:

2021

CPE:

cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x86:*

office

Version:

2019

CPE:

cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:x64:*

excel

Version:

2016

CPE:

cpe:2.3:a:microsoft:excel:2016:*:*:*:*:mac_os_x:*:*

365_apps

Version:

CPE:

cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*

This vulnerability affects 5 software configuration(s). Ensure you patch all affected systems.

References & Resources

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20957
secure@microsoft.com Vendor Advisory

Severity Details

7.8

out of 10.0

High

Weakness Type (CWE)

CWE-122

Heap-based Buffer Overflow

Description: A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Exploit Likelihood: High
Typical Severity: High
Abstraction Level: Variant