PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-45469 Microsoft CVE debrief

CVE-2026-45469 is a HIGH severity vulnerability in Microsoft Office Excel, allowing unauthorized attackers to execute code locally via an integer underflow (wrap or wraparound). The vulnerability has a CVSS score of 7.8 and was published on 2026-06-09T17:17:21.460Z. The vulnerability affects various versions of Microsoft Office, including Office 2016, Office 2019, Office 2021, and Office 2024, as well as Microsoft 365 Apps.

Vendor
Microsoft
Product
Microsoft 365 Apps for Enterprise
CVSS
HIGH 7.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-09
Original CVE updated
2026-06-11
Advisory published
2026-06-09
Advisory updated
2026-06-11

Who should care

Users of Microsoft Office Excel, particularly those using vulnerable versions, should apply patches or mitigations to prevent local code execution by unauthorized attackers.

Technical summary

The vulnerability is caused by an integer underflow (wrap or wraparound) in Microsoft Office Excel. This allows an attacker to execute code locally without requiring user interaction (UI:R). The vulnerability has a CVSS vector of CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.

Defensive priority

HIGH

Recommended defensive actions

  • Apply patches or updates from Microsoft to vulnerable versions of Microsoft Office Excel.
  • Use secure configurations and best practices for Microsoft Office applications.
  • Monitor for suspicious activity and implement additional security measures as needed.

Evidence notes

The vulnerability is described in the CVE record (resourceLinkAnnotations: cve-org) and detailed in the NVD database (resourceLinkAnnotations: nvd). Microsoft has provided a vendor advisory (resourceLinkAnnotations: ref-4) for this vulnerability.

Official resources

CVE-2026-45469 was published on 2026-06-09T17:17:21.460Z and modified on 2026-06-11T18:37:56.337Z.