CVE-2026-21509
Published Jan 26, 2026
Last updated a month ago
- Description
- Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally.
- Source
- secure@microsoft.com
- NVD status
- Analyzed
- Products
- 365_apps, office, office_long_term_servicing_channel
CVSS 3.1
- Type
- Secondary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Microsoft Office Security Feature Bypass Vulnerability
- Exploit added on
- Jan 26, 2026
- Exploit action due
- Feb 16, 2026
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- secure@microsoft.com
- CWE-807
- Hype score
- Not currently trending
Top 5 Trending CVEs: 1 - CVE-2025-27363 2 - CVE-2026-21509 3 - CVE-2026-25253 4 - CVE-2025-10891 5 - CVE-2025-64328 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
2 Mar 2026
157 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2026-0625 2 - CVE-2016-4655 3 - CVE-2025-27363 4 - CVE-2026-28515 5 - CVE-2026-21509 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
1 Mar 2026
195 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2026-2441 2 - CVE-2026-25253 3 - CVE-2026-1731 4 - CVE-2026-21509 5 - CVE-2025-32756 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
22 Feb 2026
142 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2025-6218 2 - CVE-2025-52464 3 - CVE-2026-21509 4 - CVE-2026-20817 5 - CVE-2026-1731 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
20 Feb 2026
104 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2025-43300 2 - CVE-2026-20952 3 - CVE-2026-25253 4 - CVE-2025-26399 5 - CVE-2026-21509 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
9 Feb 2026
134 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
【情シス必読】Officeファイルは「見るだけ」で感染します。 SolarWindsとOfficeの脆弱性(CVE-2025-40551、CVE-2026-21509)が悪用されAD乗っ取りの危機です。「マクロ無効化」では防げません。👇 https://t.co/CvTYL87kX6 #Mb_S
@sec_mb
8 Feb 2026
93 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2025-55241 2 - CVE-2022-26766 3 - CVE-2026-1731 4 - CVE-2026-20817 5 - CVE-2026-21509 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
8 Feb 2026
130 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2026-21509 2 - CVE-2025-55182 3 - CVE-2025-6978 4 - CVE-2025-8088 5 - CVE-2025-62203 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
6 Feb 2026
128 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2026-21509 2 - CVE-2026-20805 3 - CVE-2024-3094 4 - CVE-2024-1234 5 - CVE-2010-5139 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
3 Feb 2026
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2026-21509 2 - CVE-2026-22812 3 - CVE-2026-0755 4 - CVE-2025-43529 5 - CVE-2026-1281 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
2 Feb 2026
192 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 CISA Adds Exploited Microsoft Office, Linux Kernel, Telnetd, and SmarterMail Flaws to KEV — Feb 16 Patch Deadline CISA added five vulnerabilities (CVE-2026-21509, CVE-2018-14634, CVE-2026-24061, CVE-2025-52691, CVE-2026-23760) to the KEV catalog, requiring U.S. federal
@ThreatSynop
29 Jan 2026
155 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SIGNALS WEEKLY: KEV speedrun of the week 🏁: Office CVE-2026-21509 + WinRAR CVE-2025-8088. Patch anyway… then protect sessions 🍪 (Teams QR/callback lures 📱, SSO/SAML token abuse). Read/subscribe: https://t.co/0CAdwlm8Fb #AlphaHunt #KEV #WinRAR #Office https://t.co
@alphahunt_io
28 Jan 2026
96 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*",
"matchCriteriaId": "3259EBFE-AE2D-48B8-BE9A-E22BBDB31378",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*",
"matchCriteriaId": "CD25F492-9272-4836-832C-8439EBE64CCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x64:*",
"matchCriteriaId": "72324216-4EB3-4243-A007-FEF3133C7DF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x86:*",
"matchCriteriaId": "0FBB0E61-7997-4F26-9C07-54912D3F1C10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x64:*",
"matchCriteriaId": "CF5DDD09-902E-4881-98D0-CB896333B4AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x86:*",
"matchCriteriaId": "26A3B226-5D7C-4556-9350-5222DC8EFC2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:-:x64:*",
"matchCriteriaId": "851BAC4E-9965-4F40-9A6C-B73D9004F4C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:-:x86:*",
"matchCriteriaId": "23B2FA23-76F4-4D83-A718-B8D04D7EA37B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:-:x64:*",
"matchCriteriaId": "D31E509A-0B2E-4B41-88C4-0099E800AFE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:-:x86:*",
"matchCriteriaId": "017A7041-BEF1-4E4E-AC8A-EFC6AFEB01FE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]