Home

CVE-2026-26144

Description

Improper neutralization of input during web page generation (cross-site scripting) in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.

Risk Information

Base Score
4.7
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
EPSS Score
Exploitation Probability
0.093

Associated Vulnerability

VulnerabilityOS Platform
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Monthly Enterprise Channel for x64 2602 of version(19725.20170)Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Monthly Enterprise Channel for x86 version 2602 (19725.20170)Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Business Monthly Enterprise Channel for x64 2602 of version(19725.20170)Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Business Monthly Enterprise Channel for x86 version 2602 (19725.20170)Windows
Microsoft Excel Remote Code Execution Vulnerability for Office 2019 for x64 1808 of volume version(10417.20108)Windows
Microsoft Excel Remote Code Execution Vulnerability for Office 2019 for x86 1808 of volume version(10417.20108)Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Business Current Channel for x64 2602 of version(19725.20172)Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Business Current Channel for x86 2602 of version(19725.20172)Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Enterprise Current Channel for x64 2602 of version(19725.20172)Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Enterprise Current Channel for x86 2602 of version(19725.20172)Windows
Microsoft Excel Remote Code Execution Vulnerability for Office 2021 for x64 2602 of Retail Version(19725.20172)Windows
Microsoft Excel Remote Code Execution Vulnerability for Office 2021 for x86 2602 of Retail Version(19725.20172)Windows
Microsoft Excel Remote Code Execution Vulnerability for Office 2024 for x86 2602 of Retail Version(19725.20172)Windows
Microsoft Excel Remote Code Execution Vulnerability for Office 2024 for x64 2602 of Retail Version(19725.20172)Windows
Microsoft Excel Remote Code Execution Vulnerability for Office 2021 for x64 2108 of volume version(14334.20570)Windows
Microsoft Excel Remote Code Execution Vulnerability for Office 2021 for x86 2108 of volume version(14334.20570)Windows
Microsoft Excel Remote Code Execution Vulnerability for Office 2024 for x64 2408 of volume version(17932.20700)Windows
Microsoft Excel Remote Code Execution Vulnerability for Office 2024 for x86 2408 of volume version(17932.20700)Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Business Semi Annual Channel for x64 2508 of version(19127.20570)Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Business Semi Annual Channel for x86 2508 of version(19127.20570)Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Enterprise Semi Annual Channel for x64 2508 of version(19127.20570)Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Enterprise Semi Annual Channel for x86 2508 of version(19127.20570)Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-43634Update for Microsoft 365 Apps for Monthly Enterprise Channel for x64 2602 of version(19725.20170)
PATCH-43636Update for Microsoft 365 Apps for Monthly Enterprise Channel for x86 version 2602 (19725.20170)
PATCH-43638Update for Microsoft 365 Apps for Business Monthly Enterprise Channel for x64 2602 of version(19725.20170)
PATCH-43640Update for Microsoft 365 Apps for Business Monthly Enterprise Channel for x86 version 2602 (19725.20170)
PATCH-43650Update for Office 2019 for x64 1808 of volume version(10417.20108)
PATCH-43652Update for Office 2019 for x86 1808 of volume version(10417.20108)
PATCH-43626Update for Microsoft 365 Apps for Business Current Channel for x64 2602 of version(19725.20172)
PATCH-43628Update for Microsoft 365 Apps for Business Current Channel for x86 2602 of version(19725.20172)
PATCH-43630Update for Microsoft 365 Apps for Enterprise Current Channel for x64 2602 of version(19725.20172)
PATCH-43632Update for Microsoft 365 Apps for Enterprise Current Channel for x86 2602 of version(19725.20172)
PATCH-43658Update for Office 2021 for x64 2602 of Retail Version(19725.20172)
PATCH-43660Update for Office 2021 for x86 2602 of Retail Version(19725.20172)
PATCH-43666Update for Office 2024 for x86 2602 of Retail Version(19725.20172)
PATCH-43668Update for Office 2024 for x64 2602 of Retail Version(19725.20172)
PATCH-43654Update for Office 2021 for x64 2108 of volume version(14334.20570)
PATCH-43656Update for Office 2021 for x86 2108 of volume version(14334.20570)
PATCH-43662Update for Office 2024 for x64 2408 of volume version(17932.20700)
PATCH-43664Update for Office 2024 for x86 2408 of volume version(17932.20700)
PATCH-43642Update for Microsoft 365 Apps for Business Semi Annual Channel for x64 2508 of version(19127.20570)
PATCH-43644Update for Microsoft 365 Apps for Business Semi Annual Channel for x86 2508 of version(19127.20570)
PATCH-43646Update for Microsoft 365 Apps for Enterprise Semi Annual Channel for x64 2508 of version(19127.20570)
PATCH-43648Update for Microsoft 365 Apps for Enterprise Semi Annual Channel for x86 2508 of version(19127.20570)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234