Security Updates for Microsoft Excel Products C2R (January 2026)

The Microsoft Excel Products are missing a security update. It is, therefore, affected by the following vulnerabilities: - Multiple remote code execution vulnerabilities that attackers can exploit to bypass authentication and execute unauthorized arbitrary commands. CVE-2026-20946, CVE-2026-20950...

CVE-2026-20956

Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally...

CVE-2026-20957

Integer underflow wrap or wraparound in Microsoft Office Excel allows an unauthorized attacker to execute code locally...

CVE-2026-20955

Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally...

CVE-2026-20949

Improper access control in Microsoft Office Excel allows an unauthorized attacker to bypass a security feature locally...

CVE-2026-20957 Microsoft Excel Remote Code Execution Vulnerability

...

CVE-2026-20957 Microsoft Excel Remote Code Execution Vulnerability

...

CVE-2026-20957

CVE-2026-20957 is a Microsoft Excel/Office vulnerability caused by an integer underflow in Excel that could allow an attacker to execute code locally. The issue affects Microsoft Excel components across Office products (including Excel on Office Online Server and Excel 2016) and is documented as ...

CVE-2026-20949 Microsoft Excel Security Feature Bypass Vulnerability

...

CVE-2026-20950 Microsoft Excel Remote Code Execution Vulnerability

...

CVE-2026-20950

CVE-2026-20950 is a Microsoft Excel remote code execution vulnerability reported as a use-after-free in Excel affecting Office/Excel components. Exploitation would allow an attacker to execute code locally on a vulnerable system. Multiple connected sources confirm Excel is affected and that updat...

CVE-2026-20949

CVE-2026-20949 is a Microsoft Excel/Office security feature bypass vulnerability described as an improper access control issue that could allow a local attacker to bypass a security feature. Multiple sources (NVD, MSRC, CNVD, EUVD) consistently identify Excel as affected and classify the impact a...

CVE-2026-20950 Microsoft Excel Remote Code Execution Vulnerability

...

CVE-2026-20949 Microsoft Excel Security Feature Bypass Vulnerability

...

CVE-2026-20956

CVE-2026-20956 is a Microsoft Excel remote code execution vulnerability caused by an untrusted pointer dereference in Excel. Affected: Microsoft Excel/Office components, with user interaction required for exploitation on a local fault. Public advisories and multiple CVE lists corroborate Excel as...

CVE-2026-20956 Microsoft Excel Remote Code Execution Vulnerability

...

CVE-2026-20956

Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally...

CVE-2026-20956 Microsoft Excel Remote Code Execution Vulnerability

...

CVE-2026-20955 Microsoft Excel Remote Code Execution Vulnerability

...

CVE-2026-20955

CVE-2026-20955 is a Microsoft Excel remote code execution vulnerability described as an untrusted pointer dereference in Excel within the Microsoft Office suite. The CVE is cited across multiple feeds (MSRC, EUVD/ENISA, CNVD, CNNVD, CIRCL) as affecting Excel and enabling a local attacker to run c...