{"cve_id":"CVE-2026-21509","summary":"Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.06578,"ranking_epss":0.91108,"kev":true,"propose_action":"Microsoft Office contains a security feature bypass vulnerability in which reliance on untrusted inputs in a security decision in Microsoft Office could allow an unauthorized attacker to bypass a security feature locally. Some of the impacted product(s) could be end-of-life (EoL) and/or end-of-service (EoS). Users are advised to discontinue use and/or transition to a supported version.","ransomware_campaign":"Unknown","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21509","https://www.vicarius.io/vsociety/posts/cve-2026-21509-detection-script-microsoft-office-security-feature-bypass-vulnerability","https://www.vicarius.io/vsociety/posts/cve-2026-21509-mitigation-script-microsoft-office-security-feature-bypass-vulnerability","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21509"],"published_time":"2026-01-26T18:16:38","cpes":["cpe:2.3:a:microsoft:365_apps:-","cpe:2.3:a:microsoft:office:2016","cpe:2.3:a:microsoft:office:2019","cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021","cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024"]}