Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Mon, 01 Jun 2026 19:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
Tue, 19 May 2026 18:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Microsoft excel
Microsoft office Microsoft office Long Term Servicing Channel |
|
| CPEs | cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:* cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:* cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x64:* cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x86:* cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x64:* cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x86:* cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:-:x64:* cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:-:x86:* cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:macos:*:* cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:-:x64:* cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:-:x86:* cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:macos:*:* cpe:2.3:a:microsoft:office_online_server:*:*:*:*:*:*:*:* |
|
| Vendors & Products |
Microsoft excel
Microsoft office Microsoft office Long Term Servicing Channel |
Wed, 13 May 2026 10:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Tue, 12 May 2026 20:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Microsoft office Online Server
|
|
| Vendors & Products |
Microsoft office Online Server
|
Tue, 12 May 2026 17:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | |
| Title | Microsoft Excel Remote Code Execution Vulnerability | |
| First Time appeared |
Microsoft
Microsoft 365 Apps Microsoft excel 2016 Microsoft office 2019 Microsoft office 2021 Microsoft office 2024 Microsoft office Macos 2021 Microsoft office Macos 2024 |
|
| Weaknesses | CWE-122 | |
| CPEs | cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:* cpe:2.3:a:microsoft:excel_2016:*:*:*:*:*:*:x86:* cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:* cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:* cpe:2.3:a:microsoft:office_2021:*:*:*:*:ltsc:*:*:* cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:* cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:* cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:* |
|
| Vendors & Products |
Microsoft
Microsoft 365 Apps Microsoft excel 2016 Microsoft office 2019 Microsoft office 2021 Microsoft office 2024 Microsoft office Macos 2021 Microsoft office Macos 2024 |
|
| References |
| |
| Metrics |
cvssV3_1
|
Subscriptions
Status: PUBLISHED
Assigner: microsoft
Published:
Updated: 2026-06-19T16:12:51.494Z
Reserved: 2026-04-11T23:06:15.614Z
Link: CVE-2026-40362
Updated: 2026-05-13T09:58:59.562Z
Status : Modified
Published: 2026-05-12T18:17:15.077
Modified: 2026-06-17T10:45:11.243
Link: CVE-2026-40362
No data.
OpenCVE Enrichment
Updated: 2026-06-01T21:45:22Z