#VU126255 Out-of-bounds read in Microsoft products - CVE-2026-32188
Published: April 16, 2026
Vulnerability identifier: #VU126255
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2026-32188
CWE-ID: CWE-125
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Office Online Server
Microsoft Office
Microsoft Excel
Microsoft 365 Apps for Enterprise
Microsoft Office LTSC
Office Online Server
Microsoft Office
Microsoft Excel
Microsoft 365 Apps for Enterprise
Microsoft Office LTSC
Software vendor:
Microsoft
Microsoft
Description
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in Microsoft Excel. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system or perform a denial of service (DoS) attack.
Remediation
Install updates from vendor's website.