CVE-2026-45649

HIGH7.1

JSON export Create alert

Description

Improper access control in Office for Android allows an unauthorized attacker to perform spoofing locally.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

E

Unchanged

RL

O

RC

Changed

Affected products

Microsoft / Microsoft Excel for Android16.0.0.0 – 16.0.20131.20024
Microsoft / Microsoft PowerPoint for Android16.0.0.0 – 16.0.20131.20024
Microsoft / Microsoft Word for Android16.0.0.0 – 16.0.20131.20024

References

VENDOR_ADVISORYhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45649