A reported vulnerability in Microsoft Excel allows attackers to exfiltrate sensitive data by weaponizing Excel’s Copilot integration when a malicious spreadsheet file is opened; no user interaction within Excel is required beyond opening the file. Organizations using Microsoft 365 with Copilot enabled in Excel may be potentially exposed to silent data theft from spreadsheets containing confidential business, financial, or personnel data. **CRITICAL: As of 2026-03-11, this vulnerability has not been officially confirmed by Microsoft, listed in NIST NVD, or assigned a CVE identifier. The information below is sourced from technology news outlets and has not been independently verified against official vendor advisories.** Organizations should monitor the Microsoft Security Response Center (https://msrc.microsoft.com) for official confirmation before operational escalation. Treat this as a preliminary alert pending verification.