Skip to content
Threat Feed
medium advisory

CVE-2026-40360: Microsoft Excel Out-of-Bounds Read Information Disclosure

CVE-2026-40360 is an out-of-bounds read vulnerability in Microsoft Office Excel that allows an unauthorized attacker to disclose sensitive information locally.

CVE-2026-40360 is a security vulnerability affecting Microsoft Office Excel. This out-of-bounds read vulnerability allows an unauthorized attacker to potentially disclose sensitive information locally. Exploitation of this vulnerability requires local access and user interaction as a prerequisite. This vulnerability was reported to Microsoft and assigned a CVSS base score of 7.8, indicating a high severity level. Successful exploitation results in information disclosure, though the scope of disclosure and potential impact on confidentiality is not detailed in the advisory.

Attack Chain

  1. The attacker crafts a malicious Excel file containing specific data structures designed to trigger the out-of-bounds read condition.
  2. The attacker delivers the crafted Excel file to the victim through social engineering.
  3. The victim opens the malicious Excel file using a vulnerable version of Microsoft Office Excel.
  4. Excel attempts to read data from a memory location outside the intended buffer due to the crafted file.
  5. The out-of-bounds read occurs, potentially disclosing sensitive data from adjacent memory regions.
  6. The disclosed data is then accessible to the attacker, who can analyze it for sensitive information.

Impact

Successful exploitation of CVE-2026-40360 allows an attacker to disclose information locally. The CVSS score of 7.8 suggests that, while local access and user interaction are required, the potential impact on confidentiality is high. The advisory does not specify the type or amount of information that can be disclosed or the number of potential victims, but the impact could include exposure of sensitive data within the Excel file or from other memory locations accessible to the Excel process.

Recommendation

  • Apply the security update released by Microsoft to address CVE-2026-40360 as referenced in the advisory URL.
  • Deploy the Sigma rule “Detect Excel Out-of-Bounds Read via Formula” to identify potential exploitation attempts based on formula patterns in Excel files.
  • Enable process creation logging to monitor for suspicious Excel processes as detected by the “Detect Suspicious Excel Process Creation” Sigma rule.

Detection coverage 2

Detect Excel Out-of-Bounds Read via Formula

medium

Detects CVE-2026-40360 exploitation - Suspicious Excel formula indicating potential out-of-bounds read attempt

sigma tactics: discovery techniques: T1005 sources: file_event, windows

Detect Suspicious Excel Process Creation

low

Detects CVE-2026-40360 exploitation - Excel process creation with unusual parent processes or command-line arguments suggesting malicious activity

sigma tactics: discovery techniques: T1005 sources: process_creation, windows

Detection queries are available on the platform. Get full rules →