CVE-2026-21260

high

Microsoft

CVSS v3 Base Score

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

Published: February 10, 2026

Last Modified: March 13, 2026

Vendor: Microsoft

Source: MITRE

Description

Exposure of sensitive information to an unauthorized actor in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network.

CWE

CWE-200

Affected Products

Microsoft Microsoft 365 Apps for EnterpriseMicrosoft Microsoft Office 2019Microsoft Microsoft Office LTSC 2021Microsoft Microsoft Office LTSC 2024Microsoft Microsoft Outlook 2016Microsoft Microsoft SharePoint Enterprise Server 2016Microsoft Microsoft SharePoint Server 2019Microsoft Microsoft SharePoint Server Subscription Edition

References

🔗 msrc.microsoft.com

CVE-2026-21260

Vulnerability Report

Description

CWE

Affected Products

References