What is CVE-2026-20957?

A high-severity vulnerability in Microsoft Office Excel allows unauthorized code execution via an integer underflow. Organizations using affected products should prioritize patching to mitigate this risk.

What is the severity of CVE-2026-20957?

CVE-2026-20957 has a severity rating of HIGH with a CVSS base score of 7.8.

CVE-2026-20957 | High Vulnerability in Microsoft Office Excel

CVE-2026-20957 is a high-severity vulnerability affecting Microsoft Office Excel. This vulnerability allows an unauthorized attacker to execute code locally due to an integer underflow (wrap or wraparound). With a CVSS score of 7.8, it poses a significant risk to organizations that utilize the affected products, particularly given its local attack vector and low complexity.

Organizations using Microsoft 365 Apps, Excel versions 2016 and onward, Office 2019, and the Office Long Term Servicing Channel are at risk. The vulnerability requires user interaction to exploit, which further emphasizes the importance of user awareness and security training.

Given the nature of this vulnerability and its potential for exploitation, organizations should prioritize patching immediately. The urgency is heightened by the potential for serious impacts on confidentiality, integrity, and availability.

Currently, there are no known exploits in the wild, but the existence of this vulnerability alone poses a risk that organizations cannot afford to ignore.

Vulnerability Details

The official description states that this vulnerability allows unauthorized code execution in Microsoft Office Excel due to an integer underflow. The vulnerability has been assigned a CVSS score of 7.8, indicating high severity. The affected products include Microsoft 365 Apps, Excel 2016, Office 2019, and various versions of the Office Long Term Servicing Channel.

The vulnerability was published on January 13, 2026, and is classified under CWE-122 and CWE-191.

Technical Analysis

The root cause of CVE-2026-20957 is an integer underflow, which can lead to unexpected behavior in the application. The attack vector is local, meaning that the attacker must have access to the vulnerable system. The attack complexity is low, and no privileges are required to exploit this vulnerability, but user interaction is necessary.

The impacts of this vulnerability are severe, with high potential impacts on confidentiality, integrity, and availability. Organizations should be aware that even local vulnerabilities can be exploited to achieve significant security breaches.

Risk & Impact Analysis

Risk to organizations includes potential unauthorized access to sensitive data and manipulation of information. The blast radius of this vulnerability extends to any system running the affected versions of Microsoft Office products.

Given the CVSS score of 7.8 and the fact that it does not appear in the Known Exploited Vulnerabilities (KEV) catalog, organizations should still treat this vulnerability with high urgency, addressing it in their immediate patch management cycle.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The following versions of Microsoft products are affected by this vulnerability: Microsoft 365 Apps (both x64 and x86), Excel 2016, Office 2019, and various iterations of the Office Long Term Servicing Channel for both 2021 and 2024.

Mitigation & Remediation

Organizations should ensure that they apply the relevant patches provided by Microsoft. For detailed information on the updates, organizations can refer to the vendor advisory on the Microsoft Security Response Center. In the absence of an immediate patch, organizations should implement workarounds that limit user interactions, thereby reducing the risk of exploitation.

Penetration testing should also be considered to validate the effectiveness of the applied patches.

Detection Guidance

Organizations should monitor logs for any unusual activity related to Microsoft Office applications, specifically those that could indicate attempts to exploit this vulnerability. Behavioral anomalies in user interactions with Excel and Office products may also serve as indicators of exploitation.

AppSecure Threat Intelligence Insight

The long-term significance of CVE-2026-20957 lies in its potential to highlight weaknesses in local application security, particularly for widely used software like Microsoft Excel. Security teams should take this opportunity to reassess their defenses against local vulnerabilities.

This vulnerability also indicates a trend where local exploitation is becoming increasingly relevant, requiring organizations to implement robust training and awareness for users.

For further insights into vulnerability management strategies, organizations may refer to the vulnerability management program design and its importance in mitigating risks effectively.

Additionally, understanding the penetration testing methodology will further enhance an organization's ability to defend against similar vulnerabilities.

As organizations prepare for future threats, they should also evaluate their overall security posture and consider continuous improvement practices.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2026-20957: High Vulnerability in Microsoft Office Excel