← Back

CVE-2026-21509

nvd nist
Published: Jan 26, 2026Modified: Feb 11, 2026CISA KEV

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: secure@microsoft.com (Secondary)

Description

Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally.

Affected (10)

Microsoft
3 products
365 Apps
Office
Office Long Term Servicing Channel
Configuration A
10 vulnerable
Vulnerable SoftwareAffected Versions
Microsoft
365 Apps
All versions
365 Apps
All versions
Microsoft
Office
Version 2016
Office
Version 2016
Office
Version 2019
Office
Version 2019
Microsoft
Office Long Term Servicing Channel
Version 2021
Office Long Term Servicing Channel
Version 2021
Office Long Term Servicing Channel
Version 2024
Office Long Term Servicing Channel
Version 2024

Related CWEs

CWE-807
Reliance on Untrusted Inputs in a Security Decision
The product uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism.

References (4)

Source: secure@microsoft.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
MitigationThird Party Advisory
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
US Government Resource

Timeline

No history available yet.