CVE-2026-21509
Published Jan 26, 2026
Last updated 4 months ago
AI description
CVE-2026-21509 is a security feature bypass vulnerability affecting various versions of Microsoft Office, including Office 2016, Office 2019, Office LTSC 2021, Office LTSC 2024, and Microsoft 365 Apps for Enterprise. This flaw allows attackers to circumvent built-in Object Linking and Embedding (OLE) security protections by exploiting how Office processes untrusted inputs during security decisions. The vulnerability enables malicious embedded objects to evade safeguards designed to prevent unsafe content processing or execution. Exploitation of CVE-2026-21509 typically occurs when a user opens a specially crafted Office document, often delivered via phishing emails. This can lead to the bypass of OLE mitigations, allowing for the execution of vulnerable COM/OLE controls that would otherwise be restricted. The vulnerability was actively exploited as a zero-day prior to the release of emergency out-of-band patches by Microsoft.
- Description
- Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally.
- Source
- secure@microsoft.com
- NVD status
- Analyzed
- Products
- 365_apps, office, office_long_term_servicing_channel
CVSS 3.1
- Type
- Secondary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Microsoft Office Security Feature Bypass Vulnerability
- Exploit added on
- Jan 26, 2026
- Exploit action due
- Feb 16, 2026
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- secure@microsoft.com
- CWE-807
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
4
Malicious RTF + CVE-2026-21509. Sample was seen at VT from Bangladesh. MD5: CE372134D65709FD83596F411AF5F88B C2: freefoodaid[.]com https://t.co/pKwTJ1TXBf
@askardyuss
24 May 2026
1903 Impressions
4 Retweets
29 Likes
15 Bookmarks
0 Replies
0 Quotes
The following vulnerabilities have been added to our feed: - CVE-2026-21509: Microsoft Office Word RCE - CVE-2025-38352: Linux Kernel LPE - 0DAY-2026-0004: SmarterMail LPE https://t.co/Nw6eZdt4CA
@crowdfense
16 Apr 2026
455 Impressions
1 Retweet
4 Likes
1 Bookmark
0 Replies
0 Quotes
🚨 Threat Alert: Pawn Storm PRISMEX Offensive Against NATO Logistics 📅 Date: Report date: 2026-04-01 (campaign activity observed since Sept 2025; escalation Jan 2026) 📆 Timeline: Active since Sept 2025; infra staged ~2 weeks before CVE-2026-21509 disclosure (domains
@syedaquib77
1 Apr 2026
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2025-27363 2 - CVE-2026-21509 3 - CVE-2026-25253 4 - CVE-2025-10891 5 - CVE-2025-64328 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
2 Mar 2026
157 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2026-0625 2 - CVE-2016-4655 3 - CVE-2025-27363 4 - CVE-2026-28515 5 - CVE-2026-21509 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
1 Mar 2026
195 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2026-2441 2 - CVE-2026-25253 3 - CVE-2026-1731 4 - CVE-2026-21509 5 - CVE-2025-32756 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
22 Feb 2026
142 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2025-6218 2 - CVE-2025-52464 3 - CVE-2026-21509 4 - CVE-2026-20817 5 - CVE-2026-1731 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
20 Feb 2026
104 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2025-43300 2 - CVE-2026-20952 3 - CVE-2026-25253 4 - CVE-2025-26399 5 - CVE-2026-21509 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
9 Feb 2026
134 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
【情シス必読】Officeファイルは「見るだけ」で感染します。 SolarWindsとOfficeの脆弱性(CVE-2025-40551、CVE-2026-21509)が悪用されAD乗っ取りの危機です。「マクロ無効化」では防げません。👇 https://t.co/CvTYL87kX6 #Mb_S
@sec_mb
8 Feb 2026
93 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2025-55241 2 - CVE-2022-26766 3 - CVE-2026-1731 4 - CVE-2026-20817 5 - CVE-2026-21509 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
8 Feb 2026
130 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2026-21509 2 - CVE-2025-55182 3 - CVE-2025-6978 4 - CVE-2025-8088 5 - CVE-2025-62203 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
6 Feb 2026
128 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2026-21509 2 - CVE-2026-20805 3 - CVE-2024-3094 4 - CVE-2024-1234 5 - CVE-2010-5139 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
3 Feb 2026
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2026-21509 2 - CVE-2026-22812 3 - CVE-2026-0755 4 - CVE-2025-43529 5 - CVE-2026-1281 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
2 Feb 2026
192 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 CISA Adds Exploited Microsoft Office, Linux Kernel, Telnetd, and SmarterMail Flaws to KEV — Feb 16 Patch Deadline CISA added five vulnerabilities (CVE-2026-21509, CVE-2018-14634, CVE-2026-24061, CVE-2025-52691, CVE-2026-23760) to the KEV catalog, requiring U.S. federal
@ThreatSynop
29 Jan 2026
155 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SIGNALS WEEKLY: KEV speedrun of the week 🏁: Office CVE-2026-21509 + WinRAR CVE-2025-8088. Patch anyway… then protect sessions 🍪 (Teams QR/callback lures 📱, SSO/SAML token abuse). Read/subscribe: https://t.co/0CAdwlm8Fb #AlphaHunt #KEV #WinRAR #Office https://t.co
@alphahunt_io
28 Jan 2026
96 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*",
"matchCriteriaId": "3259EBFE-AE2D-48B8-BE9A-E22BBDB31378",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*",
"matchCriteriaId": "CD25F492-9272-4836-832C-8439EBE64CCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x64:*",
"matchCriteriaId": "72324216-4EB3-4243-A007-FEF3133C7DF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x86:*",
"matchCriteriaId": "0FBB0E61-7997-4F26-9C07-54912D3F1C10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x64:*",
"matchCriteriaId": "CF5DDD09-902E-4881-98D0-CB896333B4AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x86:*",
"matchCriteriaId": "26A3B226-5D7C-4556-9350-5222DC8EFC2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:-:x64:*",
"matchCriteriaId": "851BAC4E-9965-4F40-9A6C-B73D9004F4C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:-:x86:*",
"matchCriteriaId": "23B2FA23-76F4-4D83-A718-B8D04D7EA37B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:-:x64:*",
"matchCriteriaId": "D31E509A-0B2E-4B41-88C4-0099E800AFE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:-:x86:*",
"matchCriteriaId": "017A7041-BEF1-4E4E-AC8A-EFC6AFEB01FE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]