CVE-2026-21511

high Microsoft
CVSS v3 Base Score
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Published: February 10, 2026
Last Modified: March 13, 2026
Vendor: Microsoft
Source: MITRE

Description

Deserialization of untrusted data in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network.

CWE

CWE-502

Affected Products

Microsoft Microsoft 365 Apps for EnterpriseMicrosoft Microsoft Office 2019Microsoft Microsoft Office LTSC 2021Microsoft Microsoft Office LTSC 2024Microsoft Microsoft Office LTSC for Mac 2021Microsoft Microsoft Office LTSC for Mac 2024Microsoft Microsoft SharePoint Enterprise Server 2016Microsoft Microsoft SharePoint Server 2019Microsoft Microsoft SharePoint Server Subscription EditionMicrosoft Microsoft Word 2016

References

🔗 msrc.microsoft.com