VDB

CVE-2026-45649

CVE-2026-45649 PUBLISHED CVSS 7.1 HIGH

Reported by microsoft · Published June 9, 2026

Improper access control in Office for Android allows an unauthorized attacker to perform spoofing locally.

Risk Scores

CVSS 3.1
7.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C

Affected Products

VendorProductVersions
MicrosoftMicrosoft Excel for Android16.0.0.0
MicrosoftMicrosoft PowerPoint for Android16.0.0.0
MicrosoftMicrosoft Word for Android16.0.0.0
microsoftpowerpoint16.0.0.0, -, -
MicrosoftMicrosoft PowerPoint for Android-, -, -
microsoftexcel16.0.0.0, -, -
microsoftword-, 16.0.0.0, 16.0.0.0
MicrosoftMicrosoft Word for Android16.0.0.0, -, -
MicrosoftMicrosoft Excel for Android-, 16.0.0.0, 16.0.0.0

Timeline

  • Jun 9, 2026 CVE Published
  • Jun 10, 2026 Coalition ESS Score
  • Jun 10, 2026 Security Advisory
  • Jun 17, 2026 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›