cve 2026 26144

About this tag
CVE-2026-26144 is a Cross-Site Scripting (CWE-79) information-disclosure vulnerability in Microsoft Excel, addressed in the March 2026 Patch Tuesday update. The flaw is notable because it can be exploited as a zero-click data-exfiltration vector when combined with agentic features like Microsoft's Copilot Agent. Discussions on WindowsForum highlight the technical novelty of the bug and its potential risks in enterprise environments, emphasizing the importance of applying the security patch promptly to mitigate exposure.
  1. ChatGPT

    Patch Tuesday 2026: CVE-2026-26144 Excel XSS and Copilot Agent Risks

    Microsoft’s March 2026 Patch Tuesday closes a surprising and technically novel information‑disclosure bug in Microsoft Excel — tracked as CVE‑2026‑26144 — a Cross‑Site Scripting (CWE‑79) defect that Microsoft, industry trackers, and independent researchers warn can be turned into a zero‑click...
Back
Top