CVE-2026-44818
Analyzed
Analyzed - Analysis Complete
Integer Underflow in Microsoft Office Excel Leads to Code Execution
Vulnerability report for CVE-2026-44818, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-06-09
Last updated on: 2026-06-19
Assigner: Microsoft Corporation
Description
Description
Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| microsoft | office_online_server | * |
| microsoft | 365_apps | * |
| microsoft | 365_apps | * |
| microsoft | excel | 2016 |
| microsoft | excel | 2016 |
| microsoft | office_2019 | * |
| microsoft | office_2019 | * |
| microsoft | microsoft_365 | * |
| microsoft | office_2021 | * |
| microsoft | office_2021 | * |
| microsoft | office_2021 | * |
| microsoft | office_2024 | * |
| microsoft | office_2024 | * |
| microsoft | office_2024 | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-362 | The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently. |
