HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-44822Published Modified CNA microsoft

CVE-2026-44822: Microsoft Excel Information Disclosure Vulnerability

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.

Metrics

CVSS v3.1
8.2
Severity
HIGH
Fixed in
16.0.5556.1001
Affected Products
9

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

An out-of-bounds read vulnerability in Microsoft Excel allows an unauthenticated attacker to reach the affected application over a network and trigger unintended memory disclosure. No credentials or user interaction are required to exploit the flaw, and successful exploitation exposes sensitive information stored in the process's memory while also enabling limited data modification. Patched-image rebuilds at versions 16.0.5556.1001 and 16.0.10417.20137 are available on HarborGuard for environments running an affected version.

HarborGuard Coverage

Detection

Detection for CVE-2026-44822 is available across every HarborGuard environment, with the CVE matched against images in customer registries and build pipelines within minutes of publication from upstream feeds, including custom-built images that bundle affected Excel or Office components.

Available
Triage

HarborGuard is capable of scoring this CVE at CVSS 8.2 (HIGH) and applying per-environment compliance policy weighting to determine urgency before routing the finding to the appropriate team inbox within each customer organization.

Available
Patch

A patched-image rebuild targeting versions 16.0.5556.1001 and 16.0.10417.20137 becomes available on HarborGuard once the upstream fix is confirmed for each affected product line. For customers who opt into auto-remediation, HarborGuard runs a rebuild plus regression test and opens a PR against affected workloads automatically.

Available

Exploit Conditions

  • Network reachabilityRequired

    The attacker must reach the affected Excel service over the network; no local or physical access is assumed by the CVSS vector (AV:N).

  • AuthenticationNot required

    No credentials of any privilege level are needed; the CVSS vector specifies PR:N, meaning the endpoint is reachable without authentication.

  • Victim interactionNot required

    The attacker does not need to trick or wait on any user action; UI:N means exploitation is fully attacker-driven.

  • Attack complexityDetail

    Attack complexity is rated Low (AC:L), meaning the exploit is reliable and requires no special race conditions, memory-layout assumptions, or other environmental preconditions.

Blast Radius

  • An attacker reads contents of the Excel process memory, which may include in-memory spreadsheet data, formulas, cached credentials, or session tokens.
  • The CVSS vector includes a Low integrity impact (I:L), meaning an attacker can also make limited modifications to data accessible by the process.
  • Availability is not impacted; the affected service continues running, making the information disclosure harder to detect through uptime monitoring alone.

How HarborGuard Handles This

Available on HarborGuard: detection for this CVE is active against every scanned image that bundles an affected Microsoft Excel or Office component. For environments running Microsoft Excel 2016, the specific fix version is 16.0.5556.1001; for Microsoft 365 Apps for Enterprise, Office 2019, LTSC 2021, and LTSC 2024, the fix reference is the Microsoft Office Security Releases page (https://aka.ms/OfficeSecurityReleases). Where compliance policy permits, HarborGuard can trigger a patched-image rebuild, run regression tests against the rebuilt image, and open a pull request against affected workloads. For customers who opt into auto-remediation, the median time from CVE publication to a merged patch PR for high-severity issues is around 90 minutes. For Mac variants of Office 365 and LTSC (2021 and 2024), no specific fix version is listed in the advisory; HarborGuard re-checks the advisory each ingest cycle and will make a patched rebuild available the moment upstream publishes a concrete version. In the interim, consider network-policy controls that restrict which hosts can reach Excel-serving endpoints, and review egress filtering to limit what data an exploited process can reach.

See how HarborGuard automates this

Fix available

16.0.5556.100116.0.10417.20137https://aka.ms/OfficeSecurityReleases
Patch commits
Affected packages
  • Microsoft / Microsoft 365 Apps for Enterprise
    < https://aka.ms/OfficeSecurityReleases (from 16.0.1)
  • Microsoft / Microsoft Excel 2016
    < 16.0.5556.1001 (from 16.0.0.0)
  • Microsoft / Microsoft Office 2019
    < https://aka.ms/OfficeSecurityReleases (from 19.0.0)
  • Microsoft / Microsoft Office 365 for Mac
    -
  • Microsoft / Microsoft Office LTSC 2021
    < https://aka.ms/OfficeSecurityReleases (from 16.0.1)
  • Microsoft / Microsoft Office LTSC 2024
    < https://aka.ms/OfficeSecurityReleases (from 16.0.0)
  • Microsoft / Microsoft Office LTSC for Mac 2021
    -
  • Microsoft / Microsoft Office LTSC for Mac 2024
    -
  • Microsoft / Office Online Server
    < 16.0.10417.20137 (from 16.0.0.0)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C
References