CVE-2026-21509

Published Jan 26, 2026

Last updated 13 days ago

Exploit knownCVSS high 7.8
Microsoft Office

Overview

Description
Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally.
Source
secure@microsoft.com
NVD status
Analyzed
Products
365_apps, office, office_long_term_servicing_channel

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.8
Impact score
5.9
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity
HIGH

Known exploits

Data from CISA

Vulnerability name
Microsoft Office Security Feature Bypass Vulnerability
Exploit added on
Jan 26, 2026
Exploit action due
Feb 16, 2026
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

secure@microsoft.com
CWE-807

Social media

Hype score
Not currently trending

  1. Top 5 Trending CVEs: 1 - CVE-2025-43300 2 - CVE-2026-20952 3 - CVE-2026-25253 4 - CVE-2025-26399 5 - CVE-2026-21509 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    9 Feb 2026

    54 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 【情シス必読】Officeファイルは「見るだけ」で感染します。 SolarWindsとOfficeの脆弱性(CVE-2025-40551、CVE-2026-21509)が悪用されAD乗っ取りの危機です。「マクロ無効化」では防げません。👇 https://t.co/CvTYL87kX6 #Mb_S

    @sec_mb

    8 Feb 2026

    72 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Top 5 Trending CVEs: 1 - CVE-2025-55241 2 - CVE-2022-26766 3 - CVE-2026-1731 4 - CVE-2026-20817 5 - CVE-2026-21509 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    8 Feb 2026

    130 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. Top 5 Trending CVEs: 1 - CVE-2026-21509 2 - CVE-2025-55182 3 - CVE-2025-6978 4 - CVE-2025-8088 5 - CVE-2025-62203 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    6 Feb 2026

    128 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Top 5 Trending CVEs: 1 - CVE-2026-21509 2 - CVE-2026-20805 3 - CVE-2024-3094 4 - CVE-2024-1234 5 - CVE-2010-5139 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    3 Feb 2026

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. Top 5 Trending CVEs: 1 - CVE-2026-21509 2 - CVE-2026-22812 3 - CVE-2026-0755 4 - CVE-2025-43529 5 - CVE-2026-1281 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    2 Feb 2026

    192 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  7. 🚨 CISA Adds Exploited Microsoft Office, Linux Kernel, Telnetd, and SmarterMail Flaws to KEV — Feb 16 Patch Deadline CISA added five vulnerabilities (CVE-2026-21509, CVE-2018-14634, CVE-2026-24061, CVE-2025-52691, CVE-2026-23760) to the KEV catalog, requiring U.S. federal

    @ThreatSynop

    29 Jan 2026

    155 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. SIGNALS WEEKLY: KEV speedrun of the week 🏁: Office CVE-2026-21509 + WinRAR CVE-2025-8088. Patch anyway… then protect sessions 🍪 (Teams QR/callback lures 📱, SSO/SAML token abuse). Read/subscribe: https://t.co/0CAdwlm8Fb #AlphaHunt #KEV #WinRAR #Office https://t.co

    @alphahunt_io

    28 Jan 2026

    96 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

Configurations

References

Sources include official advisories and independent security research.