You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve 2026 26112
About this tag
CVE-2026-26112 is a Microsoft Excel Remote Code Execution vulnerability disclosed in March 2026. While the advisory labels it as remote code execution, the CVSS v3.1 vector records Attack Vector as Local (AV:L), which has caused confusion among security teams. This tag covers discussions explaining why these descriptions are not contradictory, including breakdowns of CVSS metrics, realistic attack scenarios, and practical mitigation, detection, and risk-management guidance for administrators and security teams. The content focuses on clarifying the vulnerability's nature and providing actionable steps for defenders.
Microsoft's March 2026 advisory for CVE-2026-26112 calls the flaw a “Microsoft Excel Remote Code Execution Vulnerability”, and that short label has left many defenders scratching their heads because the published CVSS v3.1 vector for the same entry records Attack Vector = Local (AV:L). This...