A remote code execution vulnerability (CVE-2026-44823) has been identified in Microsoft Excel for Mac. An attacker exploiting this flaw could execute arbitrary code on an affected system, potentially gaining full control. Only users running Microsoft Office on macOS are affected; other Office platforms do not require action.

Security Architect’s Take: Ensure all macOS endpoints in your organisation running Microsoft Office are patched immediately via your MDM or patch management tooling. Verify compliance through your endpoint management platform and confirm no exemptions exist for privileged users or developer machines running Office for Mac.

Original advisory: CVE-2026-44823 Microsoft Excel Remote Code Execution Vulnerability