CVE-2026-26144 Microsoft — Exploit & Vulnerability Details HIGH

Parameter	Value
CVSS	7.5 (HIGH)
Type	CWE-79 (Cross-Site Scripting (XSS) (Межсайтовый скриптинг))
Vendor	Microsoft
Public PoC	No

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.

Attack Parameters

Attack Vector

Network

Атака возможна удалённо

Attack Complexity

Low

Легко эксплуатировать

Privileges Required

None

Права не нужны

User Interaction

None

Не нужно действие пользователя

Impact Assessment

Confidentiality

High

Полная утечка данных

Integrity

None

Нет модификации данных

Availability

None

Нет нарушения работы

CVSS Vector v3.1

Weakness Type (CWE)

CWE-79 Cross-Site Scripting (XSS) (Межсайтовый скриптинг)

References 1

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26144

secure@microsoft.com

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-26123

Microsoft

5.5

CVE-2026-26134

Microsoft

7.8

CVE-2026-26114

Microsoft

8.8

CVE-2026-26113

Microsoft

8.4

CVE-2026-26112

Microsoft

7.8

Menu

CVE-2026-26144

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 1

Related Vulnerabilities

CVE-2026-26123

CVE-2026-26134

CVE-2026-26114

CVE-2026-26113

CVE-2026-26112

CVE Details

Editor's Choice

Menu

CVE-2026-26144

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 1

Related Vulnerabilities

CVE-2026-26123

CVE-2026-26134

CVE-2026-26114

CVE-2026-26113

CVE-2026-26112

CVE Details

Editor's Choice

Stay informed on cybersecurity