CVE-2026-26144

Name of the Vulnerable Software and Affected Versions Microsoft Excel (affected versions not specified)

Description A flaw exists in Microsoft Excel that could allow an attacker to disclose information over a network. The issue involves improper neutralization of input during web page generation, specifically a cross-site scripting condition. This flaw can be exploited through the Copilot Agent to exfiltrate data. The vulnerability is present when previewing a file.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.