Microsoft Office Online Server
86 CVEs affecting Microsoft Office Online Server. Latest disclosed: 2026-05-12. Critical: 0, High: 76.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-26109 | High | 8.4 | 2026-03-10 | Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
CVE-2025-59236 | High | 8.4 | 2025-10-14 | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
CVE-2025-49697 | High | 8.4 | 2025-07-08 | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. |
CVE-2025-21362 | High | 8.4 | 2025-01-14 | Microsoft Excel Remote Code Execution Vulnerability |
CVE-2025-21354 | High | 8.4 | 2025-01-14 | Microsoft Excel Remote Code Execution Vulnerability |
CVE-2026-40362 | High | 7.8 | 2026-05-12 | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
CVE-2026-40360 | High | 7.8 | 2026-05-12 | Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. |
CVE-2026-40359 | High | 7.8 | 2026-05-12 | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
CVE-2026-32199 | High | 7.8 | 2026-04-14 | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
CVE-2026-32198 | High | 7.8 | 2026-04-14 | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
CVE-2026-32197 | High | 7.8 | 2026-04-14 | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
CVE-2026-32189 | High | 7.8 | 2026-04-14 | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
CVE-2026-26108 | High | 7.8 | 2026-03-10 | Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
CVE-2026-26107 | High | 7.8 | 2026-03-10 | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
CVE-2026-26112 | High | 7.8 | 2026-03-10 | Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
CVE-2026-21259 | High | 7.8 | 2026-02-10 | Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to elevate privileges locally. |
CVE-2026-20957 | High | 7.8 | 2026-01-13 | Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
CVE-2026-20950 | High | 7.8 | 2026-01-13 | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
CVE-2026-20955 | High | 7.8 | 2026-01-13 | Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
CVE-2025-62560 | High | 7.8 | 2025-12-09 | Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |