Microsoft Excel Spreadsheet Software

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Microsoft Excel.

Recent Microsoft Excel Security Advisories

Advisory	Title	Published
CVE-2026-45469	CVE-2026-45469 Microsoft Excel Remote Code Execution Vulnerability	June 9, 2026
CVE-2026-44820	CVE-2026-44820 Microsoft Excel Remote Code Execution Vulnerability	June 9, 2026
CVE-2026-44822	CVE-2026-44822 Microsoft Excel Information Disclosure Vulnerability	June 9, 2026
CVE-2026-44818	CVE-2026-44818 Microsoft Excel Remote Code Execution Vulnerability	June 9, 2026
CVE-2026-45459	CVE-2026-45459 Microsoft Excel Security Feature Bypass Vulnerability	June 9, 2026
CVE-2026-44817	CVE-2026-44817 Microsoft Excel Remote Code Execution Vulnerability	June 9, 2026
CVE-2026-44823	CVE-2026-44823 Microsoft Excel Remote Code Execution Vulnerability	June 9, 2026
CVE-2026-45455	CVE-2026-45455 Microsoft Excel Information Disclosure Vulnerability	June 9, 2026
CVE-2026-40359	CVE-2026-40359 Microsoft Excel Remote Code Execution Vulnerability	May 12, 2026
CVE-2026-40362	CVE-2026-40362 Microsoft Excel Remote Code Execution Vulnerability	May 12, 2026

Known Exploited Microsoft Excel Vulnerabilities

The following Microsoft Excel vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.

Title	Description	Added
Microsoft Excel Remote Code Execution Vulnerability	A remote code execution vulnerability exists in Microsoft Excel when the software fails to properly handle objects in memory. CVE-2019-1297 Exploit Probability: 20.5%	March 3, 2022
Microsoft Office Security Feature Bypass Vulnerability	A security feature bypass vulnerability exists when Microsoft Office improperly handles input. An attacker who successfully exploited the vulnerability could execute arbitrary commands. CVE-2016-7262 Exploit Probability: 58.0%	March 3, 2022
Microsoft Excel Featheader Record Memory Corruption Vulnerability	Microsoft Office Excel allows remote attackers to execute arbitrary code via a spreadsheet with a FEATHEADER record containing an invalid cbHdrData size element that affects a pointer offset. CVE-2009-3129 Exploit Probability: 85.7%	March 3, 2022

The vulnerability CVE-2009-3129: Microsoft Excel Featheader Record Memory Corruption Vulnerability is in the top 1% of the currently known exploitable vulnerabilities. 2 known exploited Microsoft Excel vulnerabilities are in the top 5% (95th percentile or greater) of the EPSS exploit probability rankings.

By the Year

In 2026 there have been 6 vulnerabilities in Microsoft Excel with an average score of 7.0 out of ten. Last year, in 2025 Excel had 31 security vulnerabilities published. Right now, Excel is on track to have less security vulnerabilities in 2026 than it did last year. Last year, the average CVE base score was greater by 0.80

Year	Vulnerabilities	Average Score
2026	6	6.98
2025	31	7.78
2024	12	7.68
2023	13	7.65
2022	12	7.35
2021	32	7.51
2020	39	7.67
2019	14	7.28
2018	22	7.13

It may take a day or so for new Excel vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Microsoft Excel Security Vulnerabilities

Jun 2026: Windows Graphics Component Remote Code Execution Vulnerability
CVE-2026-44812 7.8 - High - June 09, 2026

Integer overflow or wraparound in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.

Integer Overflow or Wraparound

Jun 2026: Windows Graphics Component Remote Code Execution Vulnerability
CVE-2026-44803 7.8 - High - June 09, 2026

Integer overflow or wraparound in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.

Integer Overflow or Wraparound

Jun 2026: Office for Android Spoofing Vulnerability
CVE-2026-45649 7.1 - High - June 09, 2026

Improper access control in Office for Android allows an unauthorized attacker to perform spoofing locally.

Authorization

May 2026: Microsoft Office Spoofing Vulnerability
CVE-2026-42832 7.7 - High - May 12, 2026

Improper access control in Microsoft Office allows an unauthorized attacker to perform spoofing locally.

Authorization

May 2026: Microsoft 365 Copilot for Android Spoofing Vulnerability
CVE-2026-41100 4.4 - Medium - May 12, 2026

Improper access control in M365 Copilot allows an authorized attacker to perform spoofing locally.

Authorization

Mar 2026: M365 Copilot Information Disclosure Vulnerability
CVE-2026-26133 7.1 - High - March 13, 2026

AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.

Command Injection

Aug 2025: Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-53737 7.8 - High - August 12, 2025

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Heap-based Buffer Overflow

Aug 2025: Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-53739 7.8 - High - August 12, 2025

Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Object Type Confusion

Aug 2025: Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-53741 7.8 - High - August 12, 2025

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Heap-based Buffer Overflow

Aug 2025: Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-53735 7.8 - High - August 12, 2025

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Dangling pointer

Aug 2025: Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-53759 7.8 - High - August 12, 2025

Use of uninitialized resource in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Use of Uninitialized Resource

Jul 2025: Microsoft Excel Information Disclosure Vulnerability
CVE-2025-48812 5.5 - Medium - July 08, 2025

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

Out-of-bounds Read

Jul 2025: Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-49711 7.8 - High - July 08, 2025

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Dangling pointer

Jun 2025: Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-47165 7.8 - High - June 10, 2025

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Dangling pointer

May 2025: Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-30383 7.8 - High - May 13, 2025

Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Object Type Confusion

May 2025: Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-32704 8.4 - High - May 13, 2025

Buffer over-read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Buffer Over-read

May 2025: Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-30376 7.8 - High - May 13, 2025

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Heap-based Buffer Overflow

May 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-30377 8.4 - High - May 13, 2025

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Dangling pointer

May 2025: Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-30379 7.8 - High - May 13, 2025

Release of invalid pointer or reference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Release of Invalid Pointer or Reference

May 2025: Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-30381 7.8 - High - May 13, 2025

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Out-of-bounds Read

May 2025: Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-29977 7.8 - High - May 13, 2025

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Dangling pointer

May 2025: Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-29979 7.8 - High - May 13, 2025

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Heap-based Buffer Overflow

May 2025: Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-30375 7.8 - High - May 13, 2025

Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Object Type Confusion

Apr 2025: Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-27750 7.8 - High - April 08, 2025

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Dangling pointer

Apr 2025: Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-27751 7.8 - High - April 08, 2025

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Dangling pointer

Apr 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-26642 7.8 - High - April 08, 2025

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally.

Out-of-bounds Read

Mar 2025: Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-24075 7.8 - High - March 11, 2025

Stack-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Stack Overflow

Mar 2025: Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-24081 7.8 - High - March 11, 2025

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Dangling pointer