CVE-2026-26144 is a critical-severity information disclosure vulnerability in Microsoft Excel that exploits a cross-site scripting flaw to cause Copilot Agent to exfiltrate data via unintended network egress, enabling a zero-click information disclosure attack. This is not a theoretical concern buried in fine print; it is a practical pathway for attackers to steal sensitive corporate data without any user clicking, opening, or interacting with a malicious file.
The mechanics reveal why security teams should treat this seriously. The bug requires network access to exploit, but no user interaction or privilege escalation. An attacker simply needs to craft a spreadsheet containing a cross-site scripting payload, position it where Copilot can access it, and the AI agent does the work automatically, pulling confidential information across the network.
Information disclosure vulnerabilities are especially dangerous in corporate environments where Excel files often contain financial data, intellectual property, or operational records; if exploited, attackers could silently extract confidential information from internal systems without triggering obvious alerts. For organisations storing sensitive strategic or financial details in spreadsheets, the risk is not hypothetical.
A Symptom of Deeper Vulnerabilities
The Excel flaw is not the only critical threat in this month's security patch. Two critical Office remote code execution bugs (CVE-2026-26110 and CVE-2026-26113) can be triggered via the Preview Pane, meaning a user may not need to fully open a malicious file for an attacker to exploit the system; CVE-2026-26110 is a type confusion flaw in Microsoft Office that allows a remote attacker to execute code locally. An employee glancing at a document preview, a normal part of modern email workflows, could hand an attacker control of their system.
CVE-2026-26113 is caused by an untrusted pointer dereference flaw in Microsoft Office, which allows remote attackers to execute code locally; the issue occurs when Microsoft Office improperly handles memory pointers, potentially allowing an attacker to manipulate how the application accesses memory.
What makes these vulnerabilities particularly concerning is that they represent a broader pattern: as traditional security boundaries grow stronger, attackers are finding new angles. AI-integrated tools like Copilot have expanded Microsoft Office's functionality, but they have also introduced new data pathways that security teams are still learning to defend.
A Quiet Patch Tuesday, But Not Without Urgency
Microsoft patched 83 CVEs in its March 2026 Patch Tuesday release, with eight rated critical and 75 rated as important. By recent standards, this is a relatively calm month. Two Microsoft bugs listed as publicly known but not exploited at the time of disclosure include CVE-2026-26127, an out-of-bounds read issue in .NET that allows an unauthorized attacker to deny service over a network; despite being publicly disclosed, Microsoft deems exploitation unlikely; CVE-2026-21262, also publicly known, is due to improper access control in SQL Server that allows an authorized attacker to elevate privileges over a network; Microsoft said this one is less likely to be exploited in the wild.
None of the vulnerabilities are under active exploitation. This is the first Patch Tuesday in six months without known active zero-day attacks, a relief for IT teams who have faced relentless pressure since February's release of six exploited zero-days.
However, the absence of active exploitation should not breed complacency. Security researchers are explicit about where the danger lies. The Excel-Copilot vulnerability and the Preview Pane code execution flaws represent attack vectors that attackers will weaponise when the time is right. The sooner organisations patch, the narrower the window for adversaries to prepare exploits.
The Broader Conversation About AI Security
The CVE-2026-26144 disclosure highlights a tension at the heart of modern enterprise software. Organisations demand AI features to boost productivity. They want Copilot to analyse data, draft documents, and run intelligent workflows. But every new capability introduces new security surface. One of the primary concerns with Microsoft Copilot is its potential for over-permissioning, which can lead to unintended data access across an organisation; as a generative AI tool, Copilot aggregates data from Microsoft 365, potentially creating vulnerabilities if permissions aren't carefully restricted.
Earlier this year, researchers discovered a previous zero-click vulnerability in Microsoft 365 Copilot, called EchoLeak, that exploited the same fundamental design pattern: AI agents with broad access to enterprise data and the ability to take autonomous action. That flaw was patched server-side in May 2025 without requiring customer action. This month's Excel flaw follows a similar playbook.
The pattern suggests that as AI agents become more autonomous and integrated into enterprise workflows, the security industry is still playing catch-up. Vendors are responding to discovered vulnerabilities, but the underlying design choices that enable these flaws are baked into how modern AI tools operate.
What Organisations Should Do Now
The Microsoft Security Response Centre has released official guidance. The most pragmatic approach is methodical deployment: test patches in non-production environments first, prioritise the critical flaws (especially the Excel and Office Preview Pane bugs), and monitor for any compatibility issues before rolling out enterprise-wide.
For organisations concerned about the Copilot-specific risk, restricting outbound network traffic from Office applications, monitoring unusual network requests generated by Excel processes, and disabling or limiting Copilot Agent until applying the fix are interim measures. These are not permanent solutions, but they reduce exposure in the window between patch release and full deployment.
The fact that this month's Patch Tuesday includes no actively exploited vulnerabilities is genuinely valuable. It gives security teams time to plan, test, and deploy carefully rather than scrambling in crisis mode. The cost of that preparedness is discipline; the cost of skipping it is potential compromise of sensitive data or system control.
For Australian organisations especially, where data sovereignty and privacy regulations carry serious penalties, the stakes of inaction are concrete. A successful exploitation of CVE-2026-26144 could mean the silent exfiltration of confidential client data, intellectual property, or financial information, with regulatory consequences that far exceed the cost and effort of timely patching.