PatchSiren cyber security CVE debrief
CVE-2026-55046 Microsoft CVE debrief
CVE-2026-55046 is an out-of-bounds read vulnerability in Microsoft Office Excel. The CVE record was published on 2026-07-14T18:18:16.353Z and has not been modified since then. The NVD entry is currently Analyzed. The vulnerability affects multiple versions of Microsoft Office, including Office 2016, Office 2019, Office 2021, and Office 2024. Users of Microsoft Office Excel should be aware of this vulnerability and take steps to mitigate it. The vulnerability allows an unauthorized attacker to disclose information locally.
- Vendor
- Microsoft
- Product
- Microsoft 365 Apps for Enterprise
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-14
- Original CVE updated
- 2026-07-16
- Advisory published
- 2026-07-14
- Advisory updated
- 2026-07-16
Who should care
Users of Microsoft Office Excel, particularly those in organizations that use the software, should be aware of this vulnerability and take steps to mitigate it. This includes administrators, security teams, and IT personnel responsible for maintaining and securing Microsoft Office installations. Additionally, individuals who use Microsoft Office Excel in their personal or professional capacity should also be aware of the vulnerability and take steps to protect themselves.
Technical summary
The vulnerability is an out-of-bounds read in Microsoft Office Excel, which allows an unauthorized attacker to disclose information locally. The CVSS score is 5.5 and the severity is MEDIUM. The vulnerability affects multiple versions of Microsoft Office, including Office 2016, Office 2019, Office 2021, and Office 2024. The vendor has provided a patch for the vulnerability, which should be applied as soon as possible.
Defensive priority
Medium priority
Recommended defensive actions
- Apply the patch from Microsoft
- Inventory and verify affected systems
- Monitor for suspicious activity
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
Evidence notes
The CVE record and NVD detail provide information on the vulnerability. The vendor advisory provides a patch for the vulnerability. Users should verify affected systems and apply the patch. The vulnerability allows an unauthorized attacker to disclose information locally. There is no evidence of exploitation in the wild. The vendor has provided a patch for the vulnerability, which should be applied as soon as possible. The NVD entry is currently Analyzed.
Official resources
-
CVE-2026-55046 CVE record
CVE.org
-
CVE-2026-55046 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Patch, Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-14T18:18:16.353Z and has not been modified since then. The NVD entry is currently Analyzed.