Vulnerability in Microsoft 365 Apps For Enterprise
CVE-2026-55024
Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVSS v3 metric
CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.
Affected products
- Microsoft 365 Apps For Enterprise — versions 16.0.1
- Microsoft Excel 2016 — versions 16.0.0.0
- Microsoft Office 2019 — versions 19.0.0
- Microsoft Office 365 For Mac — versions 1.0.0
- Microsoft Office Ltsc 2021 — versions 16.0.1
- Microsoft Office Ltsc 2024 — versions 16.0.0
- Microsoft Office Ltsc For Mac 2021 — versions 16.0.1
- Microsoft Office Ltsc For Mac 2024 — versions 16.0.0
- Microsoft Office Online Server — versions 16.0.0.0
Weakness classification (CWE)
References
- secure@microsoft.com (vendor-advisory, patch)
Frequently asked questions
- What is CVE-2026-55024?
- CVE-2026-55024 is a high-severity vulnerability in Microsoft 365 Apps For Enterprise, classified under Access of Resource Using Incompatible Type (Type Confusion). CVSS score: 7.8/10. Published 2026-07-14.
- How severe is CVE-2026-55024?
- High severity. CVSS v3 base score is 7.8 out of 10.