CVE-2026-55947 in Microsoft Excel / Microsoft 365 Apps
Microsoft Excel has a memory corruption issue that can let an attacker run code when a user opens a malicious file.
Quick answer
Microsoft Excel / Microsoft 365 Apps should be reviewed and updated if it matches the affected versions. The recommended fix is to apply the vendor-supported patched version or the mitigation steps below, then retest the public website with Fixnx.
Who is affected
Affected versions
- Microsoft 365 Apps and supported Microsoft Office / Excel versions listed by Microsoft for this CVE
Fixed versions
- Apply the July 2026 Microsoft Office security update for Microsoft 365 Apps, Office, or Excel
How to fix it
Install the July 2026 Microsoft Office security update. The old Excel build can run attacker code when a user opens a malicious file.
- Update Microsoft 365 Apps or Office on all affected devices.
- Restart Office apps after the update.
- Block old Office builds in device management.
- Warn users not to open unknown spreadsheet files.
Scan now. Google sign-in is only needed to unlock fix guidance.
Verify the fix
- Confirm Office or Excel is on the July 2026 security update build or later.
- Run the vulnerability scan again and confirm this CVE is gone.
Related categories
Trusted references
FAQ
What is affected by CVE-2026-55947?
Microsoft Excel / Microsoft 365 Apps versions listed as affected should be reviewed: Microsoft 365 Apps and supported Microsoft Office / Excel versions listed by Microsoft for this CVE.
What should I fix first?
Start with internet-facing sites, admin panels, login flows, plugins, themes, modules, packages, and systems that process user-controlled input or sensitive data.
How do I confirm the fix worked?
Apply the patched version or mitigation, clear caches where relevant, retest the affected workflow, and run a new Fixnx scan to verify public website exposure signals.
How are Fixnx security risk categories chosen?
Fixnx keeps one canonical risk page and assigns only broad, relevant categories such as ecosystem, technology area, or vulnerability class.
