CVE-2026-21509
high
Microsoft
⚠️ CISA KEV — Exploited in the Wild
CVSS v3 Base Score
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
⚠️ CISA Known Exploited Vulnerability
Added to KEV: 2026-01-26
Remediation Due: 2026-02-16
Vulnerability Report
Generated by CyberWatcher
Description
Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally.
CWE
CWE-807Affected Products
microsoft 365 appsmicrosoft officemicrosoft office long term servicing channel