Excel repair strips all formulas from large .xlsm after March 2026 security update (KB5002849)

Hi everyone,

I'm a master's student at Karolinska Institutet in Stockholm. My thesis is a health economic cost-effectiveness model built entirely in Excel — a gender-neutral static Markov cohort model with 34 worksheets. The file has become completely unusable after what I believe is the March 2026 security update, and I'm running out of options.

The file:

- .xlsm, ~46.5 MB compressed, ~370 MB uncompressed XML

- 34 worksheets, four of which are 73–92 MB each (Markov trace sheets)

- ~65,000 formulas, ~33,500 shared formulas

- Heavy use of LET, LAMBDA, XLOOKUP, XMATCH, CHOOSECOLS, TAKE, MAP, SWITCH

- 771 defined names including ~147 hidden _xlpm.* LET/LAMBDA variable placeholders

- Stored on OneDrive via KI SharePoint, 34,000+ AutoSave revisions

- Contains VBA (vbaProject.bin)

The problem:

Every time I open the file — on Excel for Mac or Excel Online — the repair engine triggers and strips ALL formulas from every sheet, replacing them with cached values. The file shrinks from ~46.5 MB to ~26 MB. Clicking "No" on the repair dialog just closes the file. There is no way to bypass the repair.

What I've verified:

- Extracted the .xlsm as a ZIP and confirmed all formulas (<f> tags) are fully intact in the raw XML

- Libr€Office Calc can read the formulas but cannot execute them (Err:508 — no LET/LAMBDA support)

- Removed 158 broken named ranges (#REF! and #NAME? entries) from workbook.xml and rebuilt the archive — repair engine still strips all formulas

- The issue reproduces on every OneDrive version history copy (up until I largely used LET formulas in my sheets - but there is still 1,5months of changes lost)

- The issue reproduces on both Excel for Mac and Excel Online

Suspected cause:

The March 10, 2026 security update (KB5002849) patched CVE-2026-26108, a heap overflow in Excel's file parsing during loading. The same patch was applied to Office Online Server (KB5002846). I believe the tightened parsing now rejects or flags my file's large XML structures as potentially malicious, triggering the repair engine to strip all formulas. This is consistent with:

- The known _xlfn. namespace bug on Excel for Mac (reported by multiple users on Microsoft Q&A since late 2024)

- The timing - the file was working before this update flawlessly up until March 16th

- The fact that Excel Online is also affected (same server-side patch)

My questions to the community:

1. Has anyone else experienced formula stripping on large workbooks after the March 2026 update?

2. Is there a way to bypass the repair engine on Mac, or roll back the specific security patch without downgrading all of Office?

3. Would opening this file on Windows Excel (pre-patch or current) preserve the formulas? If anyone with a Windows PC would be willing to try opening and re-saving this file, I would be incredibly grateful.

4. Is there now effectively a size/complexity ceiling for Excel workbooks that makes models like this unviable? If so - should I be migrating this to another environment (R, Python, etc.) going forward?

This file represents six months of thesis work. The formulas are all there in the XML. I just need Excel to stop destroying them on open.

Any help, pointers, or similar experiences would be hugely appreciated.

Thank you,

Florian Boschek