Changeflow GovPing Vulnerability Alerts Microsoft Office Vulnerability Advisory CVE-202...
Priority review Notice Added Final

Microsoft Office Vulnerability Advisory CVE-2026-26133

Favicon for www.cert.ssi.gouv.fr CERT-FR Security Advisories
Published March 13th, 2026
Detected March 13th, 2026
Email

Summary

The French National Cybersecurity Agency (ANSSI) has issued an advisory regarding a vulnerability (CVE-2026-26133) in Microsoft Office applications. The vulnerability could lead to data confidentiality breaches.

View original document View source feed page

What changed

The French National Cybersecurity Agency (ANSSI) has released an advisory (CERTFR-2026-AVI-0294) detailing a vulnerability, CVE-2026-26133, affecting various versions of Microsoft Office applications on Android, iOS, and Mac platforms. This vulnerability poses a risk of data confidentiality breaches.

Affected entities, primarily technology companies and their users, are advised to refer to Microsoft's security bulletin for patch information. While no specific compliance deadline is provided, prompt application of security updates is crucial to mitigate the risk of data compromise.

What to do next

  1. Review affected Microsoft Office applications for installed versions.
  2. Apply security patches and updates provided by Microsoft as per CVE-2026-26133.
  3. Monitor for further guidance from Microsoft and ANSSI regarding this vulnerability.

Source document (simplified)

Premier Ministre S.G.D.S.N

Agence nationale
de la sécurité des
systèmes d'information

Paris, le 13 mars 2026 N° CERTFR-2026-AVI-0294 Affaire suivie par: CERT-FR

Avis du CERT-FR

Objet: Vulnérabilité dans Microsoft Office

Gestion du document

| Référence | CERTFR-2026-AVI-0294 |
| Titre | Vulnérabilité dans Microsoft Office |
| Date de la première version | 13 mars 2026 |
| Date de la dernière version | 13 mars 2026 |
| Source(s) | Bulletin de sécurité Microsoft Office CVE-2026-26133 du 12 mars 2026 |
Une gestion de version détaillée se trouve à la fin de ce document.

Risque

  • Atteinte à la confidentialité des données

Systèmes affectés

  • Microsoft 365 Copilot pour Android versions antérieures à 16.0.19815.10000
  • Microsoft 365 Copilot pour iOS versions antérieures à 2.107.2
  • Microsoft Excel pour Android versions antérieures à 16.0.19822.20038
  • Microsoft Excel pour iOS versions antérieures à 2.106.26020617
  • Microsoft OneNote pour Android versions antérieures à 16.0.19725.20142
  • Microsoft OneNote pour iOS versions antérieures à 2.106.26020617
  • Microsoft Outlook pour Android versions antérieures à 5.2605
  • Microsoft Outlook pour iOS versions antérieures à 5.2605
  • Microsoft Outlook pour Mac versions antérieures à 5.2605
  • Microsoft PowerPoint pour Android versions antérieures à 16.0.19822.20038
  • Microsoft PowerPoint pour iOS versions antérieures à 2.106.26020617
  • Microsoft Word pour Android versions antérieures à 16.0.19822.20038
  • Microsoft Word pour iOS versions antérieures à 2.106.26020617

Résumé

Une vulnérabilité a été découverte dans Microsoft Office. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Documentation

Gestion détaillée du document

  1. le 13 mars 2026 Version initiale

Related changes

Favicon for www.gov.uk Export Licence Transmission Issue Resolved
Routine Mar 14, 2026 ECJU Notices to Exporters Trade & Export
Favicon for www.gov.uk Humanitarian Assistance Exception Notification for Petroleum Products
Priority review Mar 13, 2026 OFSI All Publications Trade & Export
Favicon for www.apra.gov.au APRA Releases Quarterly ADI Statistics for December 2025
Routine Mar 13, 2026 news-and-publications Government
Favicon for www.cisa.gov CISA Adds Two Exploited Vulnerabilities to KEV Catalog
Priority review Mar 13, 2026 CISA ICS-CERT Advisories Government
Favicon for www.cisa.gov CISA: Ignition Software Vulnerable to Code Execution
Priority review Mar 13, 2026 CISA ICS-CERT Advisories Government
Favicon for www.gao.gov GAO Report on DOD Cybersecurity Maturity Model Certification Program
Priority review Mar 13, 2026 GAO Reports & Testimonies Government Accountability

Source

Favicon for www.cert.ssi.gouv.fr
CERT-FR Security Advisories cert.ssi.gouv.fr/avis
Vulnerability Alerts
Analysis generated by AI. Source diff and links are from the original.

Classification

Agency
Various
Published
March 13th, 2026
Instrument
Notice
Legal weight
Non-binding
Stage
Final
Change scope
Substantive

Who this affects

Applies to
Technology companies
Geographic scope
INT

Taxonomy

Primary area
Cybersecurity
Operational domain
IT Security
Topics
Product Safety Data Privacy

Browse Categories

Federal Courts 26 State Courts 91 Securities Regulation 6 Financial Regulation 43 Consumer Protection 5 Drug Safety 45 Data Protection 21 Competition 2 Attorneys General 3 Insurance Regulation 5 Trade & Export 36 Legislation 42 Energy Regulation 13 Environment 3 Labor & Employment 2 Tax 1

Get Vulnerability Alerts alerts

Weekly digest. AI-summarized, no noise.

Free. Unsubscribe anytime.

Get alerts for this source

We'll email you when CERT-FR Security Advisories publishes new changes.

Free. Unsubscribe anytime.