Microsoft Excel Spreadsheet Software
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Microsoft Excel.
Recent Microsoft Excel Security Advisories
| Advisory | Title | Published |
|---|---|---|
| CVE-2026-21261 | CVE-2026-21261 Microsoft Excel Information Disclosure Vulnerability | February 10, 2026 |
| CVE-2026-21258 | CVE-2026-21258 Microsoft Excel Information Disclosure Vulnerability | February 10, 2026 |
| CVE-2026-21259 | CVE-2026-21259 Microsoft Excel Elevation of Privilege Vulnerability | February 10, 2026 |
| CVE-2026-20957 | CVE-2026-20957 Microsoft Excel Remote Code Execution Vulnerability | January 13, 2026 |
| CVE-2026-20950 | CVE-2026-20950 Microsoft Excel Remote Code Execution Vulnerability | January 13, 2026 |
| CVE-2026-20949 | CVE-2026-20949 Microsoft Excel Security Feature Bypass Vulnerability | January 13, 2026 |
| CVE-2026-20956 | CVE-2026-20956 Microsoft Excel Remote Code Execution Vulnerability | January 13, 2026 |
| CVE-2026-20955 | CVE-2026-20955 Microsoft Excel Remote Code Execution Vulnerability | January 13, 2026 |
| CVE-2026-20946 | CVE-2026-20946 Microsoft Excel Remote Code Execution Vulnerability | January 13, 2026 |
| CVE-2025-62560 | CVE-2025-62560 Microsoft Excel Remote Code Execution Vulnerability | December 9, 2025 |
Known Exploited Microsoft Excel Vulnerabilities
The following Microsoft Excel vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| Microsoft Excel Remote Code Execution Vulnerability |
A remote code execution vulnerability exists in Microsoft Excel when the software fails to properly handle objects in memory. CVE-2019-1297 Exploit Probability: 30.8% |
March 3, 2022 |
| Microsoft Office Security Feature Bypass Vulnerability |
A security feature bypass vulnerability exists when Microsoft Office improperly handles input. An attacker who successfully exploited the vulnerability could execute arbitrary commands. CVE-2016-7262 Exploit Probability: 87.1% |
March 3, 2022 |
| Microsoft Excel Featheader Record Memory Corruption Vulnerability |
Microsoft Office Excel allows remote attackers to execute arbitrary code via a spreadsheet with a FEATHEADER record containing an invalid cbHdrData size element that affects a pointer offset. CVE-2009-3129 Exploit Probability: 91.1% |
March 3, 2022 |
Of the known exploited vulnerabilities above, 2 are in the top 1%, or the 99th percentile of the EPSS exploit probability rankings. The vulnerability CVE-2019-1297: Microsoft Excel Remote Code Execution Vulnerability is in the top 5% of the currently known exploitable vulnerabilities.
By the Year
In 2026 there have been 0 vulnerabilities in Microsoft Excel. Last year, in 2025 Excel had 31 security vulnerabilities published. Right now, Excel is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 31 | 7.78 |
| 2024 | 12 | 7.68 |
| 2023 | 13 | 7.65 |
| 2022 | 12 | 7.35 |
| 2021 | 32 | 7.51 |
| 2020 | 39 | 7.67 |
| 2019 | 14 | 7.28 |
| 2018 | 22 | 7.13 |
It may take a day or so for new Excel vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Microsoft Excel Security Vulnerabilities
Aug 2025: Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-53737
7.8 - High
- August 12, 2025
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Heap-based Buffer Overflow
Aug 2025: Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-53739
7.8 - High
- August 12, 2025
Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Object Type Confusion
Aug 2025: Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-53741
7.8 - High
- August 12, 2025
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Heap-based Buffer Overflow
Aug 2025: Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-53735
7.8 - High
- August 12, 2025
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Dangling pointer
Aug 2025: Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-53759
7.8 - High
- August 12, 2025
Use of uninitialized resource in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Use of Uninitialized Resource
Jul 2025: Microsoft Excel Information Disclosure Vulnerability
CVE-2025-48812
5.5 - Medium
- July 08, 2025
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
Out-of-bounds Read
Jul 2025: Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-49711
7.8 - High
- July 08, 2025
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Dangling pointer
Jun 2025: Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-47165
7.8 - High
- June 10, 2025
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Dangling pointer
May 2025: Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-30383
7.8 - High
- May 13, 2025
Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Object Type Confusion
May 2025: Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-32704
8.4 - High
- May 13, 2025
Buffer over-read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Buffer Over-read
May 2025: Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-30376
7.8 - High
- May 13, 2025
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Heap-based Buffer Overflow
May 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-30377
8.4 - High
- May 13, 2025
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Dangling pointer
May 2025: Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-30379
7.8 - High
- May 13, 2025
Release of invalid pointer or reference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Release of Invalid Pointer or Reference
May 2025: Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-30381
7.8 - High
- May 13, 2025
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Out-of-bounds Read
May 2025: Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-29977
7.8 - High
- May 13, 2025
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Dangling pointer
May 2025: Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-29979
7.8 - High
- May 13, 2025
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Heap-based Buffer Overflow
May 2025: Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-30375
7.8 - High
- May 13, 2025
Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Object Type Confusion
Apr 2025: Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-27750
7.8 - High
- April 08, 2025
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Dangling pointer
Apr 2025: Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-27751
7.8 - High
- April 08, 2025
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Dangling pointer
Apr 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-26642
7.8 - High
- April 08, 2025
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally.
Out-of-bounds Read
Mar 2025: Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-24075
7.8 - High
- March 11, 2025
Stack-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Stack Overflow
Mar 2025: Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-24081
7.8 - High
- March 11, 2025
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Dangling pointer
Mar 2025: Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-24082
7.8 - High
- March 11, 2025
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Dangling pointer
Feb 2025: Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-21381
7.8 - High
- February 11, 2025
Microsoft Excel Remote Code Execution Vulnerability
Untrusted Pointer Dereference
Feb 2025: Microsoft Excel Information Disclosure Vulnerability
CVE-2025-21383
7.8 - High
- February 11, 2025
Microsoft Excel Information Disclosure Vulnerability
Out-of-bounds Read
Feb 2025: Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-21386
7.8 - High
- February 11, 2025
Microsoft Excel Remote Code Execution Vulnerability
Dangling pointer
Feb 2025: Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-21390
7.8 - High
- February 11, 2025
Microsoft Excel Remote Code Execution Vulnerability
Heap-based Buffer Overflow
Feb 2025: Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-21394
7.8 - High
- February 11, 2025
Microsoft Excel Remote Code Execution Vulnerability
Dangling pointer
Feb 2025: Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-21387
7.8 - High
- February 11, 2025
Microsoft Excel Remote Code Execution Vulnerability
Dangling pointer
Jan 2025: Microsoft Excel Security Feature Bypass Vulnerability
CVE-2025-21364
7.8 - High
- January 14, 2025
Microsoft Excel Security Feature Bypass Vulnerability
Marshaling, Unmarshaling
Jan 2025: Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-21362
8.4 - High
- January 14, 2025
Microsoft Excel Remote Code Execution Vulnerability
Dangling pointer
Microsoft Excel Library Injection Vulnerability on macOS
CVE-2024-43106
7.1 - High
- December 18, 2024
A library injection vulnerability exists in Microsoft Excel 16.83 for macOS. A specially crafted library can leverage Excel's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions.
Improper Verification of Cryptographic Signature
Microsoft Excel RCE Vulnerability
CVE-2024-49069
7.8 - High
- December 12, 2024
Microsoft Excel Remote Code Execution Vulnerability
Dangling pointer
Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-49030
7.8 - High
- November 12, 2024
Microsoft Excel Remote Code Execution Vulnerability
Heap-based Buffer Overflow
Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-49029
7.8 - High
- November 12, 2024
Microsoft Excel Remote Code Execution Vulnerability
Use of Uninitialized Resource
Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-49028
7.8 - High
- November 12, 2024
Microsoft Excel Remote Code Execution Vulnerability
Out-of-bounds Read
Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-49027
7.8 - High
- November 12, 2024
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-49026
7.8 - High
- November 12, 2024
Microsoft Excel Remote Code Execution Vulnerability
Command Injection
Microsoft Excel RCE via Malformed File
CVE-2024-43504
7.8 - High
- October 08, 2024
Microsoft Excel Remote Code Execution Vulnerability
Dangling pointer
Microsoft Excel Elevation of Privilege Vulnerability CVE-2024-43465
CVE-2024-43465
7.8 - High
- September 10, 2024
Microsoft Excel Elevation of Privilege Vulnerability
Dangling pointer
CVE-2024-38170: Microsoft Excel RCE via Remote File
CVE-2024-38170
7.1 - High
- August 13, 2024
Microsoft Excel Remote Code Execution Vulnerability
Heap-based Buffer Overflow
Microsoft Excel RCE Vulnerability
CVE-2024-30042
7.8 - High
- May 14, 2024
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office RCE via Office Component
CVE-2024-20673
7.8 - High
- February 13, 2024
Microsoft Office Remote Code Execution Vulnerability
Nov 2023: Microsoft Excel Remote Code Execution Vulnerability
CVE-2023-36041
7.8 - High
- November 14, 2023
Microsoft Excel Remote Code Execution Vulnerability
Dangling pointer
Nov 2023: Microsoft Excel Security Feature Bypass Vulnerability
CVE-2023-36037
7.8 - High
- November 14, 2023
Microsoft Excel Security Feature Bypass Vulnerability
Sep 2023: Microsoft Excel Information Disclosure Vulnerability
CVE-2023-36766
7.8 - High
- September 12, 2023
Microsoft Excel Information Disclosure Vulnerability
Out-of-bounds Read
Microsoft Excel RCE via Cell Formatting Exploit
CVE-2023-36896
7.8 - High
- August 08, 2023
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel RCE in CVE-2023-33161
CVE-2023-33161
7.8 - High
- July 11, 2023
Microsoft Excel Remote Code Execution Vulnerability
CVE202333158: Microsoft Excel RCE via Remote Code Exec
CVE-2023-33158
7.8 - High
- July 11, 2023
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel RCE via Formula Parsing (CVE-2023-33137)
CVE-2023-33137
7.8 - High
- June 14, 2023
Microsoft Excel Remote Code Execution Vulnerability
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Microsoft Excel or by Microsoft? Click the Watch button to subscribe.
