cve 2026-44817

CVE-2026-44817 is an Important-rated remote code execution vulnerability in Microsoft Excel, disclosed by Microsoft on June 9, 2026. It affects Microsoft 365 Apps, Office 2019, Office LTSC 2021 and 2024, Office Online Server, Excel 2016, and several Mac Office editions. Although Microsoft reports no public disclosure or exploitation, the flaw is serious because it can be triggered through spreadsheet attachments, a common attack vector in enterprise environments. Administrators are urged to patch promptly to mitigate risk, as document software remains a frequent target for exploitation. The vulnerability underscores the need for rigorous update management in Office deployments.