CVE-2026-55899
Received Received - Intake

Microsoft Office Excel Stack-Based Buffer Overflow

Vulnerability report for CVE-2026-55899, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-14

Last updated on: 2026-07-14

Assigner: Microsoft Corporation

Description

Stack-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-14
Last Modified
2026-07-14
Generated
2026-07-14
AI Q&A
2026-07-14
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
microsoft office_excel *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
CWE-20 The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

This vulnerability could impact compliance with several standards and regulations, depending on the context of its exploitation:

  • GDPR (General Data Protection Regulation): If the vulnerability leads to unauthorized access or theft of personal data, it could result in a breach of GDPR. Organizations may face fines, legal action, or reputational damage if they fail to protect personal data adequately.
  • HIPAA (Health Insurance Portability and Accountability Act): If the affected system processes or stores protected health information (PHI), exploitation of this vulnerability could lead to a HIPAA violation. This may result in penalties, mandatory corrective actions, or audits.
  • Other standards: Compliance frameworks like ISO 27001, NIST, or PCI DSS require organizations to maintain secure systems and protect sensitive data. Failure to patch or mitigate this vulnerability could result in non-compliance, leading to potential fines or loss of certification.

Organizations should assess the risk posed by this vulnerability and take appropriate measures, such as applying patches or implementing compensating controls, to maintain compliance with relevant regulations.

Detection Guidance

The provided context does not include specific detection methods or commands for identifying the presence of CVE-2026-55899 on a network or system. Detection typically involves checking for vulnerable versions of Microsoft Office Excel or using security tools that can identify known vulnerabilities in installed software.

For accurate detection, refer to Microsoft's official guidance or use their security tools, such as Microsoft Defender for Office or the Microsoft Safety Scanner, which may include checks for this vulnerability.

Mitigation Strategies
  • Apply the latest security updates from Microsoft as soon as they are available. Refer to the Microsoft Update Guide for CVE-2026-55899 for patch details.
  • If a patch is not immediately available, consider restricting access to Microsoft Office Excel files from untrusted sources.
  • Enable protected view in Microsoft Office to help mitigate exploitation attempts via malicious files.
  • Monitor Microsoft's security advisories for additional mitigation strategies or workarounds.
Executive Summary

CVE-2026-55899 is a stack-based buffer overflow vulnerability in Microsoft Office Excel. This flaw allows an unauthorized attacker to execute arbitrary code on a victim's system locally.

A buffer overflow occurs when a program writes more data to a buffer than it can hold, causing adjacent memory to be overwritten. In this case, the vulnerability is stack-based, meaning it affects the stack memory region, which is used for function calls and local variables. An attacker could exploit this to overwrite critical memory structures and execute malicious code with the privileges of the affected application.

Impact Analysis

This vulnerability can have severe consequences if exploited. Here are the potential impacts:

  • Local code execution: An attacker could run malicious code on your system with the same permissions as the user running Excel.
  • Data theft: The attacker could access, modify, or steal sensitive data stored on your system.
  • System compromise: The attacker could install malware, create backdoors, or take control of your system.
  • Privilege escalation: If the user has administrative privileges, the attacker could gain full control over the system.

The CVSS base score of 7.8 (High severity) indicates that this vulnerability poses a significant risk, particularly if the system is not patched or mitigated.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-55899. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart