CVE-2026-21509
Microsoft Office Security Feature Bypass Vulnerability
CVSS
—
Sin CVSS
EPSS
72.2%
p99
KEV
SÍ
26 ene 2026
Exploit Today
80
0-100
Publicado: — · Última mod.: —
Producto
Microsoft / Office
Vulnerabilidad
Microsoft Office Security Feature Bypass Vulnerability
Añadido a KEV
26 ene 2026
Remediar antes de
16 feb 2026
Uso conocido en ransomware
No
Descripción resumida
Microsoft Office contains a security feature bypass vulnerability in which reliance on untrusted inputs in a security decision in Microsoft Office could allow an unauthorized attacker to bypass a security feature locally. Some of the impacted product(s) could be end-of-life (EoL) and/or end-of-service (EoS). Users are advised to discontinue use and/or transition to a supported version.
Acción requerida
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Notas
Please adhere to Microsoft’s recommended guidelines to address this vulnerability. Implement all final mitigations provided by the vendor for Office 2021, and apply the interim corresponding mitigations for Office 2016 and Office 2019 until the final patch becomes available. For more information please see: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21509 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21509