A remote code execution vulnerability (CVE-2026-44818) has been identified in Microsoft Excel for Mac. An attacker who successfully exploits this flaw could execute arbitrary code on a victim’s machine, typically by convincing a user to open a malicious Excel file. Only users running Microsoft Office for Mac are affected; other Office platforms do not require action.

Security Architect’s Take: Ensure all macOS endpoints running Microsoft Office are patched immediately via the update released by Microsoft. If you manage a fleet of Macs through Intune or a third-party MDM solution, prioritise deploying this update and validate compliance reporting to confirm coverage before threat actors can weaponise a public proof-of-concept.

Original advisory: CVE-2026-44818 Microsoft Excel Remote Code Execution Vulnerability