CVE-2026-21509HIGH · 7.8TrackedCISA KEV

Microsoft · Office

Microsoft Office contains a security feature bypass vulnerability in which reliance on untrusted inputs in a security decision in Microsoft Office could allow an unauthorized attacker to bypass a security feature locally. Some of the impacted product(s) could be end-of-life (EoL) and/or end-of-service (EoS). Users are advised to discontinue use and/or transition to a supported version.

Disclosed

2026-01-26

134 days ago

Status

no honeypot capture yet

on CISA KEV — watching

7-day events

across 0 distinct IPs

7-day spread

0 ASN · 0 cty

0 active days

Top ASNs

No events captured yet.

Top countries

No events captured yet.

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21509
https://nvd.nist.gov/vuln/detail/CVE-2026-21509

↗ NVD ↗ CISA KEV ↗ Search analyses