CVE-2026-21509

🗓️ 26 Jan 2026 17:06:35Reported by microsoftType

cve🔗 web.nvd.nist.gov📰️ 47 Media mentions👁 472 Views

CVE-2026-21509 is a Microsoft Office security feature bypass vulnerability.

Reporter	Title	Published	Views	Family All 45
GithubExploit	Exploit for CVE-2026-21509	27 Jan 202609:26	–	githubexploit
GithubExploit	Exploit for CVE-2026-21509	27 Jan 202613:56	–	githubexploit
GithubExploit	Exploit for Reliance on Untrusted Inputs in a Security Decision in Microsoft	4 Feb 202614:13	–	githubexploit
GithubExploit	Exploit for Reliance on Untrusted Inputs in a Security Decision in Microsoft	29 Jan 202600:51	–	githubexploit
GithubExploit	Exploit for Reliance on Untrusted Inputs in a Security Decision in Microsoft	31 Jan 202604:52	–	githubexploit
GithubExploit	Exploit for Reliance on Untrusted Inputs in a Security Decision in Microsoft	12 Mar 202618:59	–	githubexploit
GithubExploit	Exploit for Reliance on Untrusted Inputs in a Security Decision in Microsoft	1 Feb 202617:31	–	githubexploit
GithubExploit	cve-2026-poc-collection	21 May 202615:15	–	githubexploit
GithubExploit	Exploit for Reliance on Untrusted Inputs in a Security Decision in Microsoft	1 Mar 202617:00	–	githubexploit
GithubExploit	Exploit for Reliance on Untrusted Inputs in a Security Decision in Microsoft	28 Jan 202620:23	–	githubexploit

NVD

Vulners

CNA

Node

microsoft 365_appsMatch-enterprisex64

microsoft 365_appsMatch-enterprisex86

microsoft officeMatch2016x64

microsoft officeMatch2016x86

microsoft officeMatch2019x64

microsoft officeMatch2019x86

microsoft office_long_term_servicing_channelMatch2021-x64

microsoft office_long_term_servicing_channelMatch2021-x86

microsoft office_long_term_servicing_channelMatch2024-x64

microsoft office_long_term_servicing_channelMatch2024-x86

[
  {
    "vendor": "Microsoft",
    "product": "Microsoft 365 Apps for Enterprise",
    "platforms": [
      "32-bit Systems",
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "16.0.1",
        "lessThan": "https://aka.ms/OfficeSecurityReleases",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft Office 2016",
    "platforms": [
      "32-bit Systems",
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "16.0.0",
        "lessThan": "16.0.5539.1001",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft Office 2019",
    "platforms": [
      "32-bit Systems",
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "19.0.0",
        "lessThan": "16.0.10417.20095",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft Office LTSC 2021",
    "platforms": [
      "32-bit Systems",
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "16.0.1",
        "lessThan": "https://aka.ms/OfficeSecurityReleases",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft Office LTSC 2024",
    "platforms": [
      "32-bit Systems",
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "16.0.0",
        "lessThan": "https://aka.ms/OfficeSecurityReleases",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  }
]

Source	Link
msrc	www.msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21509
cisa	www.cisa.gov/known-exploited-vulnerabilities-catalog
vicarius	www.vicarius.io/vsociety/posts/cve-2026-21509-detection-script-microsoft-office-security-feature-bypass-vulnerability
vicarius	www.vicarius.io/vsociety/posts/cve-2026-21509-mitigation-script-microsoft-office-security-feature-bypass-vulnerability

17 Jun 2026 10:18Current

5.9Medium risk

Vulners AI Score5.9

CVSS 3.17.8

EPSS0.72152

SSVC