You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve 2026 26144
About this tag
CVE-2026-26144 is a Cross-Site Scripting (CWE-79) information-disclosure vulnerability in Microsoft Excel, addressed in the March 2026 Patch Tuesday update. The flaw is notable because it can be exploited as a zero-click data-exfiltration vector when combined with agentic features like Microsoft's Copilot Agent. Discussions on WindowsForum highlight the technical novelty of the bug and its potential risks in enterprise environments, emphasizing the importance of applying the security patch promptly to mitigate exposure.
Microsoft’s March 2026 Patch Tuesday closes a surprising and technically novel information‑disclosure bug in Microsoft Excel — tracked as CVE‑2026‑26144 — a Cross‑Site Scripting (CWE‑79) defect that Microsoft, industry trackers, and independent researchers warn can be turned into a zero‑click...