PatchSiren cyber security CVE debrief
CVE-2026-44822 Microsoft CVE debrief
CVE-2026-44822 is a high-severity vulnerability in Microsoft Office Excel that can be exploited by an unauthorized attacker to disclose sensitive information over a network. The vulnerability has a CVSS score of 8.2 and is classified as CWE-125.
- Vendor
- Microsoft
- Product
- Microsoft 365 Apps for Enterprise
- CVSS
- HIGH 8.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-09
- Original CVE updated
- 2026-06-11
- Advisory published
- 2026-06-09
- Advisory updated
- 2026-06-11
Who should care
Users of Microsoft Office Excel, particularly those using vulnerable versions, should apply patches or mitigations to prevent exploitation.
Technical summary
The vulnerability is an out-of-bounds read issue in Microsoft Office Excel, which can be exploited by an attacker to disclose information over a network. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N.
Defensive priority
High
Recommended defensive actions
- Apply patches or updates provided by Microsoft to vulnerable versions of Microsoft Office Excel.
- Refer to the vendor advisory at resourceLinkAnnotations with id 'ref-4' for additional mitigation or remediation guidance.
Evidence notes
The CVE record and NVD detail pages provide additional information about the vulnerability, including affected products and versions.
Official resources
-
CVE-2026-44822 CVE record
CVE.org
-
CVE-2026-44822 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
CVE-2026-44822 was published on 2026-06-09T17:17:18.580Z and modified on 2026-06-11T18:38:11.490Z.