Mar 2026: Microsoft Excel Information Disclosure Vulnerability
CVE-2026-26144 Published on March 10, 2026

Microsoft Excel Information Disclosure Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.

Vendor Advisory NVD

Weakness Type

What is a XSS Vulnerability?

The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

CVE-2026-26144 has been classified to as a XSS vulnerability or weakness.

Products Associated with CVE-2026-26144

Want to know whenever a new CVE is published for Microsoft 365 Apps? stack.watch will email you.

Microsoft 365 Apps

Affected Versions

Microsoft 365 Apps for Enterprise:

Version 16.0.1 and below https://aka.ms/OfficeSecurityReleases is affected.

Mar 2026: Microsoft Excel Information Disclosure VulnerabilityCVE-2026-26144 Published on March 10, 2026

Weakness Type

What is a XSS Vulnerability?

Products Associated with CVE-2026-26144

Affected Versions

Mar 2026: Microsoft Excel Information Disclosure Vulnerability
CVE-2026-26144 Published on March 10, 2026