PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-55046 Microsoft CVE debrief

CVE-2026-55046 is an out-of-bounds read vulnerability in Microsoft Office Excel. The CVE record was published on 2026-07-14T18:18:16.353Z and has not been modified since then. The NVD entry is currently Analyzed. The vulnerability affects multiple versions of Microsoft Office, including Office 2016, Office 2019, Office 2021, and Office 2024. Users of Microsoft Office Excel should be aware of this vulnerability and take steps to mitigate it. The vulnerability allows an unauthorized attacker to disclose information locally.

Vendor
Microsoft
Product
Microsoft 365 Apps for Enterprise
CVSS
MEDIUM 5.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-14
Original CVE updated
2026-07-16
Advisory published
2026-07-14
Advisory updated
2026-07-16

Who should care

Users of Microsoft Office Excel, particularly those in organizations that use the software, should be aware of this vulnerability and take steps to mitigate it. This includes administrators, security teams, and IT personnel responsible for maintaining and securing Microsoft Office installations. Additionally, individuals who use Microsoft Office Excel in their personal or professional capacity should also be aware of the vulnerability and take steps to protect themselves.

Technical summary

The vulnerability is an out-of-bounds read in Microsoft Office Excel, which allows an unauthorized attacker to disclose information locally. The CVSS score is 5.5 and the severity is MEDIUM. The vulnerability affects multiple versions of Microsoft Office, including Office 2016, Office 2019, Office 2021, and Office 2024. The vendor has provided a patch for the vulnerability, which should be applied as soon as possible.

Defensive priority

Medium priority

Recommended defensive actions

  • Apply the patch from Microsoft
  • Inventory and verify affected systems
  • Monitor for suspicious activity
  • Review compensating controls for exposed systems while remediation is scheduled and verified
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review

Evidence notes

The CVE record and NVD detail provide information on the vulnerability. The vendor advisory provides a patch for the vulnerability. Users should verify affected systems and apply the patch. The vulnerability allows an unauthorized attacker to disclose information locally. There is no evidence of exploitation in the wild. The vendor has provided a patch for the vulnerability, which should be applied as soon as possible. The NVD entry is currently Analyzed.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-14T18:18:16.353Z and has not been modified since then. The NVD entry is currently Analyzed.