7.8
CVE-2026-21509
- EPSS 72.15%
- Veröffentlicht 26.01.2026 17:06:35
- Zuletzt bearbeitet 25.06.2026 05:16:53
- Quelle secure@microsoft.com
- CVE-Watchlists
- Unerledigt
Microsoft Office Security Feature Bypass Vulnerability
Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft ≫ Office Long Term Servicing Channel Version2021 SwPlatform- HwPlatformx64
Microsoft ≫ Office Long Term Servicing Channel Version2021 SwPlatform- HwPlatformx86
Microsoft ≫ Office Long Term Servicing Channel Version2024 SwPlatform- HwPlatformx64
Microsoft ≫ Office Long Term Servicing Channel Version2024 SwPlatform- HwPlatformx86
VulnDex Vulnerability Enrichment
26.01.2026: CISA Known Exploited Vulnerabilities (KEV) Catalog
Microsoft Office Security Feature Bypass Vulnerability
SchwachstelleMicrosoft Office contains a security feature bypass vulnerability in which reliance on untrusted inputs in a security decision in Microsoft Office could allow an unauthorized attacker to bypass a security feature locally.
BeschreibungApply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 72.15% | 0.994 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| secure@microsoft.com | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
CWE-807 Reliance on Untrusted Inputs in a Security Decision
The product uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21509
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21509
https://www.vicarius.io/vsociety/posts/cve-2026-21509-detection-script-microsoft-office-security-feature-bypass-vulnerability
https://www.vicarius.io/vsociety/posts/cve-2026-21509-mitigation-script-microsoft-office-security-feature-bypass-vulnerability