Description
Protection mechanism failure in Microsoft Office Excel allows an unauthorized attacker to bypass a security feature locally.
Published: 2026-06-09
Score: 3.3 Low
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability represents a protection mechanism failure in Microsoft Office Excel that enables an attacker without proper authorization to bypass a built‑in security feature when operating locally. The weakness, classified as CWE‑693, means that the application’s security controls are not adequately enforced, allowing the attacker to override or circumvent the control in question. Although the impact is limited to the local context of the affected machine, bypassing a security feature can open the door for further malicious activity such as executing unauthorized code or modifying protected documents.

Affected Systems

Microsoft Office products across Windows and macOS are affected. Specifically, Microsoft 365 Apps for Enterprise, Microsoft Office 365 for Mac, Microsoft Office LTSC 2024, Microsoft Office LTSC for Mac 2021, and Microsoft Office LTSC for Mac 2024 are listed as impacted by this exploit.

Risk and Exploitability

The CVSS v3.1 score of 3.3 indicates a low severity overall and the EPSS score is currently not available. The vulnerability is not listed in the CISA KEV catalog. As it is a local issue, the attacker must have local access or the opportunity to act from within the user session. While the likelihood of a remote exploitation is low, the vulnerability still requires remediation because it nullifies a security control that could otherwise prevent further compromise within the environment.

Generated by OpenCVE AI on June 9, 2026 at 19:44 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Microsoft Office cumulative update as documented on the Microsoft Update Guide website for all affected versions and platforms.
  • Disable or restrict macro usage in Excel until the update is applied to prevent exploitation of the bypassed security feature.
  • Deploy the latest Office update to all impacted devices through your organization’s patch management system to ensure complete coverage.

Generated by OpenCVE AI on June 9, 2026 at 19:44 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Description Protection mechanism failure in Microsoft Office Excel allows an unauthorized attacker to bypass a security feature locally.
Title Microsoft Excel Security Feature Bypass Vulnerability
First Time appeared Microsoft
Microsoft 365 Apps
Microsoft office 2024
Microsoft office 365
Microsoft office Macos 2021
Microsoft office Macos 2024
Weaknesses CWE-693
CPEs cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*
cpe:2.3:a:microsoft:office_365:*:*:*:*:*:macos:*:*
cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*
cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*
Vendors & Products Microsoft
Microsoft 365 Apps
Microsoft office 2024
Microsoft office 365
Microsoft office Macos 2021
Microsoft office Macos 2024
References
Metrics cvssV3_1

{'score': 3.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C'}

Subscriptions

Microsoft 365 Apps Office 2024 Office 365 Office Macos 2021 Office Macos 2024
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-06-09T21:50:38.864Z

Reserved: 2026-05-12T16:06:43.097Z

Link: CVE-2026-45459

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-09T17:17:20.203

Modified: 2026-06-09T19:32:51.440

Link: CVE-2026-45459

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T21:45:05Z

Weaknesses