Vulnerability-Lookup

CVE-2026-21514 (GCVE-0-2026-21514)

Vulnerability from cvelistv5 – Published: 2026-02-10 17:51 – Updated: 2026-05-11 21:25

CISA KEV KEVintel KEV

Title

Microsoft Word Security Feature Bypass Vulnerability

Summary

Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally.

Severity

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C

SSVC

Exploitation: active Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-807 - Reliance on Untrusted Inputs in a Security Decision

Assigner

microsoft

References

2 references

URL	Tags
https://msrc.microsoft.com/update-guide/vulnerabi…	vendor-advisorypatch
https://www.cisa.gov/known-exploited-vulnerabilit…	government-resource

Impacted products

5 products

Vendor	Product	Version
Microsoft	Microsoft 365 Apps for Enterprise	Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
Microsoft	Microsoft Office LTSC 2021	Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
Microsoft	Microsoft Office LTSC 2024	Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
Microsoft	Microsoft Office LTSC for Mac 2021	Affected: 16.0.1 , < 16.106.26020821 (custom)
Microsoft	Microsoft Office LTSC for Mac 2024	Affected: 16.0.0 , < 16.106.26020821 (custom)

Date Public

2026-02-10 16:00

CISA KEV

Known Exploited Vulnerability - GCVE BCP-07 Compliant

KEV entry ID: ce6a01c5-06b3-4a88-879e-291082c9b83a

Vulnerability ID: CVE-2026-21514

Status: Confirmed

Status Updated: 2026-02-10 00:00 UTC

Exploited: Yes

Timestamps

First Seen: 2026-02-10

Asserted: 2026-02-10

Scope

Notes: KEV entry: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability | Affected: Microsoft / Office | Description: Microsoft Office Word contains a reliance on untrusted inputs in a security decision vulnerability that could allow an authorized attacker to elevate privileges locally. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-03-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21514 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21514

Evidence

Type: Vendor Report

Signal: Successful Exploitation

Confidence: 80%

Source: cisa-kev

Details

Cwes	CWE-807
Feed	CISA Known Exploited Vulnerabilities Catalog
Product	Office
Due Date	2026-03-03
Date Added	2026-02-10
Vendorproject	Microsoft
Vulnerabilityname	Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability
Knownransomwarecampaignuse	Unknown

References

CVE-2026-21514

Created: 2026-02-11 06:19 UTC | Updated: 2026-02-11 06:19 UTC

KEVintel KEV

Known Exploited Vulnerability - GCVE BCP-07 Compliant

KEV entry ID: a9690fd6-f296-41f6-95d7-dc50d39f7d73

Vulnerability ID: CVE-2026-21514

Status: Confirmed

Status Updated: 2026-06-01 10:50 UTC

Exploited: Yes

Timestamps

First Seen: 2026-06-01

Asserted: 2026-06-01

Scope

Notes: KEVIntel entry: Microsoft Word Security Feature Bypass Vulnerability | Affected: Microsoft / Microsoft 365 Apps for Enterprise, Microsoft Office LTSC 2021, Microsoft Office LTSC 2024, Microsoft Office LTSC for Mac 2021, Microsoft Office LTSC for Mac 2024 | CVSS: 7.8 (HIGH) | EPSS: 0.01517 | Used in malware: unknown | Not yet in CISA KEV: False

Evidence

Type: Public Report

Signal: Successful Exploitation

Confidence: 70%

Source: kevintel

Details

Feed	KEVIntel (kevintel.com)
Title	Microsoft Word Security Feature Bypass Vulnerability
Vendor	Microsoft
Product	Microsoft 365 Apps for Enterprise, Microsoft Office LTSC 2021, Microsoft Office LTSC 2024, Microsoft Office LTSC for Mac 2021, Microsoft Office LTSC for Mac 2024
Added Date	2026-06-01T10:50:47.655Z
Cvss Score	7.8
Epss Score	0.01517
Cvss Severity	HIGH
Epss Percentile	0.7126
Used In Malware	unknown
Ahead Of Cisa Kev	`{ "count": 1, "unit": "day" }`
Not Yet In Cisa Kev	False

References

Created: 2026-06-19 12:45 UTC | Updated: 2026-06-19 12:45 UTC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-21514",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-11T04:56:01.104546Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2026-02-10",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21514"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T14:44:45.208Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21514"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2026-02-10T00:00:00.000Z",
            "value": "CVE-2026-21514 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft 365 Apps for Enterprise",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Office LTSC 2021",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Office LTSC 2024",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Microsoft Office LTSC for Mac 2021",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.106.26020821",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Microsoft Office LTSC for Mac 2024",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.106.26020821",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
                  "versionEndExcluding": "16.106.26020821",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
                  "versionEndExcluding": "16.106.26020821",
                  "versionStartIncluding": "16.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2026-02-10T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-807",
              "description": "CWE-807: Reliance on Untrusted Inputs in a Security Decision",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T21:25:35.049Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft Word Security Feature Bypass Vulnerability",
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21514"
        }
      ],
      "title": "Microsoft Word Security Feature Bypass Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2026-21514",
    "datePublished": "2026-02-10T17:51:34.153Z",
    "dateReserved": "2025-12-30T18:10:54.845Z",
    "dateUpdated": "2026-05-11T21:25:35.049Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2026-21514",
      "cwes": "[\"CWE-807\"]",
      "dateAdded": "2026-02-10",
      "dueDate": "2026-03-03",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21514 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21514",
      "product": "Office",
      "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
      "shortDescription": "Microsoft Office Word contains a reliance on untrusted inputs in a security decision vulnerability that could allow an authorized attacker to elevate privileges locally.",
      "vendorProject": "Microsoft",
      "vulnerabilityName": "Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability"
    },
    "epss": {
      "cve": "CVE-2026-21514",
      "date": "2026-06-19",
      "epss": "0.01517",
      "percentile": "0.71256"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-21514\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2026-02-10T18:16:33.803\",\"lastModified\":\"2026-02-11T15:47:04.413\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"cisaExploitAdd\":\"2026-02-10\",\"cisaActionDue\":\"2026-03-03\",\"cisaRequiredAction\":\"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.\",\"cisaVulnerabilityName\":\"Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability\",\"weaknesses\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-807\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*\",\"matchCriteriaId\":\"3259EBFE-AE2D-48B8-BE9A-E22BBDB31378\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*\",\"matchCriteriaId\":\"CD25F492-9272-4836-832C-8439EBE64CCF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:-:x64:*\",\"matchCriteriaId\":\"851BAC4E-9965-4F40-9A6C-B73D9004F4C1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:-:x86:*\",\"matchCriteriaId\":\"23B2FA23-76F4-4D83-A718-B8D04D7EA37B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:macos:*:*\",\"matchCriteriaId\":\"BF0E8112-5B6F-4E55-8E40-38ADCF6FC654\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:-:x64:*\",\"matchCriteriaId\":\"D31E509A-0B2E-4B41-88C4-0099E800AFE6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:-:x86:*\",\"matchCriteriaId\":\"017A7041-BEF1-4E4E-AC8A-EFC6AFEB01FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:macos:*:*\",\"matchCriteriaId\":\"EF3E56B5-E6A6-4061-9380-D421E52B9199\"}]}]}],\"references\":[{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21514\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21514\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-21514\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-02-11T04:56:01.104546Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2026-02-10\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21514\"}}}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2026-02-10T00:00:00.000Z\", \"value\": \"CVE-2026-21514 added to CISA KEV\"}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21514\", \"tags\": [\"government-resource\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-02-10T18:24:47.129Z\"}}], \"cna\": {\"title\": \"Microsoft Word Security Feature Bypass Vulnerability\", \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C\"}, \"scenarios\": [{\"lang\": \"en-US\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Microsoft\", \"product\": \"Microsoft 365 Apps for Enterprise\", \"versions\": [{\"status\": \"affected\", \"version\": \"16.0.1\", \"lessThan\": \"https://aka.ms/OfficeSecurityReleases\", \"versionType\": \"custom\"}], \"platforms\": [\"32-bit Systems\", \"x64-based Systems\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft Office LTSC 2021\", \"versions\": [{\"status\": \"affected\", \"version\": \"16.0.1\", \"lessThan\": \"https://aka.ms/OfficeSecurityReleases\", \"versionType\": \"custom\"}], \"platforms\": [\"32-bit Systems\", \"x64-based Systems\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft Office LTSC 2024\", \"versions\": [{\"status\": \"affected\", \"version\": \"16.0.0\", \"lessThan\": \"https://aka.ms/OfficeSecurityReleases\", \"versionType\": \"custom\"}], \"platforms\": [\"32-bit Systems\", \"x64-based Systems\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft Office LTSC for Mac 2021\", \"versions\": [{\"status\": \"affected\", \"version\": \"16.0.1\", \"lessThan\": \"16.106.26020821\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft Office LTSC for Mac 2024\", \"versions\": [{\"status\": \"affected\", \"version\": \"16.0.0\", \"lessThan\": \"16.106.26020821\", \"versionType\": \"custom\"}]}], \"datePublic\": \"2026-02-10T16:00:00.000Z\", \"references\": [{\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21514\", \"name\": \"Microsoft Word Security Feature Bypass Vulnerability\", \"tags\": [\"vendor-advisory\", \"patch\"]}], \"descriptions\": [{\"lang\": \"en-US\", \"value\": \"Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en-US\", \"type\": \"CWE\", \"cweId\": \"CWE-807\", \"description\": \"CWE-807: Reliance on Untrusted Inputs in a Security Decision\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"https://aka.ms/OfficeSecurityReleases\", \"versionStartIncluding\": \"16.0.1\"}, {\"criteria\": \"cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"16.106.26020821\", \"versionStartIncluding\": \"16.0.1\"}, {\"criteria\": \"cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"https://aka.ms/OfficeSecurityReleases\", \"versionStartIncluding\": \"16.0.1\"}, {\"criteria\": \"cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"https://aka.ms/OfficeSecurityReleases\", \"versionStartIncluding\": \"16.0.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"16.106.26020821\", \"versionStartIncluding\": \"16.0.0\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"shortName\": \"microsoft\", \"dateUpdated\": \"2026-05-11T18:10:13.985Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-21514\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-11T18:10:13.985Z\", \"dateReserved\": \"2025-12-30T18:10:54.845Z\", \"assignerOrgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"datePublished\": \"2026-02-10T17:51:34.153Z\", \"assignerShortName\": \"microsoft\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

CERTFR-2026-AVI-0149

Vulnerability from certfr_avis - Published: 2026-02-11 - Updated: 2026-02-11

De multiples vulnérabilités ont été découvertes dans Microsoft Office. Elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et un contournement de la politique de sécurité.

Microsoft indique que la vulnérabilité CVE-2026-21514 est activement exploitée.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	Microsoft Excel 2016 (édition 64 bits) versions antérieures à 16.0.5539.1002
Microsoft	N/A	Microsoft Excel 2016 (édition 32 bits) versions antérieures à 16.0.5539.1002
Microsoft	N/A	Microsoft Office LTSC 2024 pour éditions 64 bits
Microsoft	N/A	Microsoft Outlook 2016 (édition 64 bits) versions antérieures à 16.0.5539.1002
Microsoft	N/A	Microsoft Office LTSC 2021 pour éditions 32 bits
Microsoft	N/A	Microsoft Office 2019 pour éditions 32 bits
Microsoft	N/A	Microsoft 365 Apps pour Enterprise pour systèmes 32 bits
Microsoft	N/A	Microsoft Office 2019 pour éditions 64 bits
Microsoft	N/A	Microsoft Office LTSC 2024 pour éditions 32 bits
Microsoft	N/A	Microsoft Outlook 2016 (édition 32 bits) versions antérieures à 16.0.5539.1002
Microsoft	N/A	Microsoft Word 2016 (édition 32 bits) versions antérieures à 16.0.5539.1002
Microsoft	N/A	Microsoft Word 2016 (édition 64 bits) versions antérieures à 16.0.5539.1002
Microsoft	N/A	Microsoft Office LTSC 2021 pour éditions 64 bits
Microsoft	N/A	Microsoft Office LTSC pour Mac 2021 versions antérieures à 16.106.26020821
Microsoft	N/A	Microsoft 365 Apps pour Enterprise pour systèmes 64 bits
Microsoft	N/A	Microsoft Office LTSC pour Mac 2024 versions antérieures à 16.106.26020821
Microsoft	N/A	Office Online Server versions antérieures à 16.0.10417.20097

References

Title

Publication Time

CERTFR-2026-AVI-0149

Vulnerability from certfr_avis - Published: 2026-02-11 - Updated: 2026-02-11

Microsoft indique que la vulnérabilité CVE-2026-21514 est activement exploitée.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	Microsoft Excel 2016 (édition 64 bits) versions antérieures à 16.0.5539.1002
Microsoft	N/A	Microsoft Excel 2016 (édition 32 bits) versions antérieures à 16.0.5539.1002
Microsoft	N/A	Microsoft Office LTSC 2024 pour éditions 64 bits
Microsoft	N/A	Microsoft Outlook 2016 (édition 64 bits) versions antérieures à 16.0.5539.1002
Microsoft	N/A	Microsoft Office LTSC 2021 pour éditions 32 bits
Microsoft	N/A	Microsoft Office 2019 pour éditions 32 bits
Microsoft	N/A	Microsoft 365 Apps pour Enterprise pour systèmes 32 bits
Microsoft	N/A	Microsoft Office 2019 pour éditions 64 bits
Microsoft	N/A	Microsoft Office LTSC 2024 pour éditions 32 bits
Microsoft	N/A	Microsoft Outlook 2016 (édition 32 bits) versions antérieures à 16.0.5539.1002
Microsoft	N/A	Microsoft Word 2016 (édition 32 bits) versions antérieures à 16.0.5539.1002
Microsoft	N/A	Microsoft Word 2016 (édition 64 bits) versions antérieures à 16.0.5539.1002
Microsoft	N/A	Microsoft Office LTSC 2021 pour éditions 64 bits
Microsoft	N/A	Microsoft Office LTSC pour Mac 2021 versions antérieures à 16.106.26020821
Microsoft	N/A	Microsoft 365 Apps pour Enterprise pour systèmes 64 bits
Microsoft	N/A	Microsoft Office LTSC pour Mac 2024 versions antérieures à 16.106.26020821
Microsoft	N/A	Office Online Server versions antérieures à 16.0.10417.20097

References

Title

Publication Time

BDU:2026-01699

Vulnerability from fstec - Published: 10.02.2026

Title

Уязвимость пакета программ Microsoft Office, связанная с использованием ненадежных входных данных при принятии решений по безопасности, позволяющая нарушителю обойти существующие ограничения безопасности

Description

Уязвимость пакета программ Microsoft Office связана с использованием ненадежных входных данных при принятии решений по безопасности. Эксплуатация уязвимости может позволить нарушителю обойти существующие ограничения безопасности

Severity


                    
                      AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vendor

Microsoft Corp

Software Name

Microsoft 365 Apps for Enterprise, Microsoft Office LTSC 2021, Microsoft Office LTSC 2024

Software Version

- (Microsoft 365 Apps for Enterprise), - (Microsoft Office LTSC 2021), - (Microsoft Office LTSC 2024), до 16.106.26020821 (Microsoft Office LTSC 2024), до 16.106.26020821 (Microsoft Office LTSC 2021)

Possible Mitigations

Использование рекомендаций: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21514

Reference

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21514 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21514 https://www.cisa.gov/sites/default/files/csv/known_exploited_vulnerabilities.csv

CWE

CWE-807

JSON

To clipboard

{
  "CVSS 2.0": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
  "CVSS 3.0": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Microsoft Corp",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "- (Microsoft 365 Apps for Enterprise), - (Microsoft Office LTSC 2021), - (Microsoft Office LTSC 2024), \u0434\u043e 16.106.26020821 (Microsoft Office LTSC 2024), \u0434\u043e 16.106.26020821 (Microsoft Office LTSC 2021)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21514",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "10.02.2026",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "11.02.2026",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "11.02.2026",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2026-01699",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2026-21514",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Microsoft 365 Apps for Enterprise, Microsoft Office LTSC 2021, Microsoft Office LTSC 2024",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0430\u043a\u0435\u0442\u0430 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c Microsoft Office, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043d\u0435\u043d\u0430\u0434\u0435\u0436\u043d\u044b\u0445 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u043f\u0440\u0438 \u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0438 \u0440\u0435\u0448\u0435\u043d\u0438\u0439 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u0431\u043e\u0439\u0442\u0438 \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0435 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0417\u0430\u0432\u0438\u0441\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0442 \u043d\u0435\u043d\u0430\u0434\u0435\u0436\u043d\u044b\u0445 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u043f\u0440\u0438 \u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0438 \u0440\u0435\u0448\u0435\u043d\u0438\u044f \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (CWE-807)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0430\u043a\u0435\u0442\u0430 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c Microsoft Office \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043d\u0435\u043d\u0430\u0434\u0435\u0436\u043d\u044b\u0445 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u043f\u0440\u0438 \u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0438 \u0440\u0435\u0448\u0435\u043d\u0438\u0439 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u0431\u043e\u0439\u0442\u0438 \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0435 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041f\u043e\u0434\u043c\u0435\u043d\u0430 \u043f\u0440\u0438 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21514\nhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21514\n\nhttps://www.cisa.gov/sites/default/files/csv/known_exploited_vulnerabilities.csv",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-807",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,2)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)"
}

FKIE_CVE-2026-21514

Vulnerability from fkie_nvd - Published: 2026-02-10 18:16 - Updated: 2026-06-17 10:18

CISA KEV KEVintel KEV

Severity

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally.

References

	URL	Tags
	secure@microsoft.com	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21514	Vendor Advisory
	134c704f-9b21-4f2e-91b3-4a467353bcc0	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21514	US Government Resource

Impacted products

Vendor	Product	Version
microsoft	365_apps	-
microsoft	365_apps	-
microsoft	office_long_term_servicing_channel	2021
microsoft	office_long_term_servicing_channel	2021
microsoft	office_long_term_servicing_channel	2021
microsoft	office_long_term_servicing_channel	2024
microsoft	office_long_term_servicing_channel	2024
microsoft	office_long_term_servicing_channel	2024

JSON

To clipboard

{
  "affected": [
    {
      "affectedData": [
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft 365 Apps for Enterprise",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Office LTSC 2021",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Office LTSC 2024",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Microsoft Office LTSC for Mac 2021",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.106.26020821",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Microsoft Office LTSC for Mac 2024",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.106.26020821",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "source": "secure@microsoft.com"
    }
  ],
  "cisaActionDue": "2026-03-03",
  "cisaExploitAdd": "2026-02-10",
  "cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
  "cisaVulnerabilityName": "Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*",
              "matchCriteriaId": "3259EBFE-AE2D-48B8-BE9A-E22BBDB31378",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*",
              "matchCriteriaId": "CD25F492-9272-4836-832C-8439EBE64CCF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:-:x64:*",
              "matchCriteriaId": "851BAC4E-9965-4F40-9A6C-B73D9004F4C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:-:x86:*",
              "matchCriteriaId": "23B2FA23-76F4-4D83-A718-B8D04D7EA37B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:macos:*:*",
              "matchCriteriaId": "BF0E8112-5B6F-4E55-8E40-38ADCF6FC654",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:-:x64:*",
              "matchCriteriaId": "D31E509A-0B2E-4B41-88C4-0099E800AFE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:-:x86:*",
              "matchCriteriaId": "017A7041-BEF1-4E4E-AC8A-EFC6AFEB01FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:macos:*:*",
              "matchCriteriaId": "EF3E56B5-E6A6-4061-9380-D421E52B9199",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally."
    },
    {
      "lang": "es",
      "value": "Dependencia de entradas no confiables en una decisi\u00f3n de seguridad en Microsoft Office Word permite a un atacante no autorizado eludir una caracter\u00edstica de seguridad localmente."
    }
  ],
  "id": "CVE-2026-21514",
  "lastModified": "2026-06-17T10:18:45.733",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "secure@microsoft.com",
        "type": "Secondary"
      }
    ],
    "ssvcV203": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "ssvcData": {
          "id": "CVE-2026-21514",
          "options": [
            {
              "exploitation": "active"
            },
            {
              "automatable": "no"
            },
            {
              "technicalImpact": "total"
            }
          ],
          "role": "CISA Coordinator",
          "timestamp": "2026-02-11T04:56:01.104546Z",
          "version": "2.0.3"
        }
      }
    ]
  },
  "published": "2026-02-10T18:16:33.803",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21514"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21514"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-807"
        }
      ],
      "source": "secure@microsoft.com",
      "type": "Secondary"
    }
  ]
}

GHSA-CJJ3-M869-748G

Vulnerability from github – Published: 2026-02-10 18:30 – Updated: 2026-02-10 21:31

Details

Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally.

Severity

7.8 (High)


                  
                    CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2026-21514"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-807"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-10T18:16:33Z",
    "severity": "HIGH"
  },
  "details": "Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally.",
  "id": "GHSA-cjj3-m869-748g",
  "modified": "2026-02-10T21:31:29Z",
  "published": "2026-02-10T18:30:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21514"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21514"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21514"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

MSRC_CVE-2026-21514

Vulnerability from csaf_microsoft - Published: 2026-02-10 08:00 - Updated: 2026-02-10 08:00

Summary

Microsoft Word Security Feature Bypass Vulnerability

Severity

Important

Notes

Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

Customer Action: Required. The vulnerability documented by this CVE requires customer action to resolve.

CVE-2026-21514

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C

CWE-807 - Reliance on Untrusted Inputs in a Security Decision

Affected products

Fixed 8 products

Product	Identifier	Version	Remediation
Microsoft 365 Apps for Enterprise for 32-bit Systems https://aka.ms/OfficeSecurityReleases Microsoft 365 Apps for Enterprise for 32-bit Systems		https://aka.ms/OfficeSecurityReleases
Microsoft 365 Apps for Enterprise for 64-bit Systems https://aka.ms/OfficeSecurityReleases Microsoft 365 Apps for Enterprise for 64-bit Systems		https://aka.ms/OfficeSecurityReleases
Microsoft Office LTSC for Mac 2021 16.106.26020821 Microsoft Office LTSC for Mac 2021		16.106.26020821
Microsoft Office LTSC 2021 for 64-bit editions https://aka.ms/OfficeSecurityReleases Microsoft Office LTSC 2021 for 64-bit editions		https://aka.ms/OfficeSecurityReleases
Microsoft Office LTSC 2021 for 32-bit editions https://aka.ms/OfficeSecurityReleases Microsoft Office LTSC 2021 for 32-bit editions		https://aka.ms/OfficeSecurityReleases
Microsoft Office LTSC 2024 for 32-bit editions https://aka.ms/OfficeSecurityReleases Microsoft Office LTSC 2024 for 32-bit editions		https://aka.ms/OfficeSecurityReleases
Microsoft Office LTSC 2024 for 64-bit editions https://aka.ms/OfficeSecurityReleases Microsoft Office LTSC 2024 for 64-bit editions		https://aka.ms/OfficeSecurityReleases
Microsoft Office LTSC for Mac 2024 16.106.26020821 Microsoft Office LTSC for Mac 2024		16.106.26020821

Known affected 8 products

Product	Version	Remediation
Microsoft Office LTSC for Mac 2024 <16.106.26020821 Microsoft Office LTSC for Mac 2024	<16.106.26020821	Vendor Fix fix
Microsoft Office LTSC 2024 for 64-bit editions <https://aka.ms/OfficeSecurityReleases Microsoft Office LTSC 2024 for 64-bit editions	<https://aka.ms/OfficeSecurityReleases	Vendor Fix fix
Microsoft Office LTSC 2024 for 32-bit editions <https://aka.ms/OfficeSecurityReleases Microsoft Office LTSC 2024 for 32-bit editions	<https://aka.ms/OfficeSecurityReleases	Vendor Fix fix
Microsoft Office LTSC 2021 for 32-bit editions <https://aka.ms/OfficeSecurityReleases Microsoft Office LTSC 2021 for 32-bit editions	<https://aka.ms/OfficeSecurityReleases	Vendor Fix fix
Microsoft Office LTSC 2021 for 64-bit editions <https://aka.ms/OfficeSecurityReleases Microsoft Office LTSC 2021 for 64-bit editions	<https://aka.ms/OfficeSecurityReleases	Vendor Fix fix
Microsoft Office LTSC for Mac 2021 <16.106.26020821 Microsoft Office LTSC for Mac 2021	<16.106.26020821	Vendor Fix fix
Microsoft 365 Apps for Enterprise for 64-bit Systems <https://aka.ms/OfficeSecurityReleases Microsoft 365 Apps for Enterprise for 64-bit Systems	<https://aka.ms/OfficeSecurityReleases	Vendor Fix fix
Microsoft 365 Apps for Enterprise for 32-bit Systems <https://aka.ms/OfficeSecurityReleases Microsoft 365 Apps for Enterprise for 32-bit Systems	<https://aka.ms/OfficeSecurityReleases	Vendor Fix fix

Threats

Impact Security Feature Bypass

Exploit Status Publicly Disclosed:Yes;Exploited:Yes;Latest Software Release:Exploitation Detected

References

7 references

URL	Category
https://msrc.microsoft.com/update-guide/vulnerabi…	self
https://msrc.microsoft.com/csaf/advisories/2026/m…	self
https://www.microsoft.com/en-us/msrc/exploitabili…	external
https://support.microsoft.com/lifecycle	external
https://www.first.org/cvss	external
https://msrc.microsoft.com/update-guide/vulnerabi…	self
https://msrc.microsoft.com/csaf/advisories/2026/m…	self

Acknowledgments

Anonymous

Microsoft Threat Intelligence Center (MSTIC), Microsoft Security Response Center (MSRC), and Office Product Group Security Team

Google Threat Intelligence Group

Anonymous

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "Anonymous"
        ]
      },
      {
        "names": [
          "Microsoft Threat Intelligence Center (MSTIC), Microsoft Security Response Center (MSRC), and Office Product Group Security Team"
        ]
      },
      {
        "names": [
          "Google Threat Intelligence Group"
        ]
      },
      {
        "names": [
          "Anonymous"
        ]
      }
    ],
    "aggregate_severity": {
      "namespace": "https://www.microsoft.com/en-us/msrc/security-update-severity-rating-system",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      },
      {
        "category": "general",
        "text": "Required. The vulnerability documented by this CVE requires customer action to resolve.",
        "title": "Customer Action"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2026-21514 Microsoft Word Security Feature Bypass Vulnerability - HTML",
        "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21514"
      },
      {
        "category": "self",
        "summary": "CVE-2026-21514 Microsoft Word Security Feature Bypass Vulnerability - CSAF",
        "url": "https://msrc.microsoft.com/csaf/advisories/2026/msrc_cve-2026-21514.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Exploitability Index",
        "url": "https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "Microsoft Word Security Feature Bypass Vulnerability",
    "tracking": {
      "current_release_date": "2026-02-10T08:00:00.000Z",
      "generator": {
        "date": "2026-02-17T19:25:44.030Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2026-21514",
      "initial_release_date": "2026-02-10T08:00:00.000Z",
      "revision_history": [
        {
          "date": "2026-02-10T08:00:00.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003chttps://aka.ms/OfficeSecurityReleases",
            "product": {
              "name": "Microsoft 365 Apps for Enterprise for 32-bit Systems \u003chttps://aka.ms/OfficeSecurityReleases",
              "product_id": "8"
            }
          },
          {
            "category": "product_version",
            "name": "https://aka.ms/OfficeSecurityReleases",
            "product": {
              "name": "Microsoft 365 Apps for Enterprise for 32-bit Systems https://aka.ms/OfficeSecurityReleases",
              "product_id": "11762"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft 365 Apps for Enterprise for 32-bit Systems"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003chttps://aka.ms/OfficeSecurityReleases",
            "product": {
              "name": "Microsoft 365 Apps for Enterprise for 64-bit Systems \u003chttps://aka.ms/OfficeSecurityReleases",
              "product_id": "7"
            }
          },
          {
            "category": "product_version",
            "name": "https://aka.ms/OfficeSecurityReleases",
            "product": {
              "name": "Microsoft 365 Apps for Enterprise for 64-bit Systems https://aka.ms/OfficeSecurityReleases",
              "product_id": "11763"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft 365 Apps for Enterprise for 64-bit Systems"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c16.106.26020821",
            "product": {
              "name": "Microsoft Office LTSC for Mac 2021 \u003c16.106.26020821",
              "product_id": "6"
            }
          },
          {
            "category": "product_version",
            "name": "16.106.26020821",
            "product": {
              "name": "Microsoft Office LTSC for Mac 2021 16.106.26020821",
              "product_id": "11951"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft Office LTSC for Mac 2021"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003chttps://aka.ms/OfficeSecurityReleases",
            "product": {
              "name": "Microsoft Office LTSC 2021 for 64-bit editions \u003chttps://aka.ms/OfficeSecurityReleases",
              "product_id": "5"
            }
          },
          {
            "category": "product_version",
            "name": "https://aka.ms/OfficeSecurityReleases",
            "product": {
              "name": "Microsoft Office LTSC 2021 for 64-bit editions https://aka.ms/OfficeSecurityReleases",
              "product_id": "11952"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft Office LTSC 2021 for 64-bit editions"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003chttps://aka.ms/OfficeSecurityReleases",
            "product": {
              "name": "Microsoft Office LTSC 2021 for 32-bit editions \u003chttps://aka.ms/OfficeSecurityReleases",
              "product_id": "4"
            }
          },
          {
            "category": "product_version",
            "name": "https://aka.ms/OfficeSecurityReleases",
            "product": {
              "name": "Microsoft Office LTSC 2021 for 32-bit editions https://aka.ms/OfficeSecurityReleases",
              "product_id": "11953"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft Office LTSC 2021 for 32-bit editions"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003chttps://aka.ms/OfficeSecurityReleases",
            "product": {
              "name": "Microsoft Office LTSC 2024 for 32-bit editions \u003chttps://aka.ms/OfficeSecurityReleases",
              "product_id": "3"
            }
          },
          {
            "category": "product_version",
            "name": "https://aka.ms/OfficeSecurityReleases",
            "product": {
              "name": "Microsoft Office LTSC 2024 for 32-bit editions https://aka.ms/OfficeSecurityReleases",
              "product_id": "12420"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft Office LTSC 2024 for 32-bit editions"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003chttps://aka.ms/OfficeSecurityReleases",
            "product": {
              "name": "Microsoft Office LTSC 2024 for 64-bit editions \u003chttps://aka.ms/OfficeSecurityReleases",
              "product_id": "2"
            }
          },
          {
            "category": "product_version",
            "name": "https://aka.ms/OfficeSecurityReleases",
            "product": {
              "name": "Microsoft Office LTSC 2024 for 64-bit editions https://aka.ms/OfficeSecurityReleases",
              "product_id": "12421"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft Office LTSC 2024 for 64-bit editions"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c16.106.26020821",
            "product": {
              "name": "Microsoft Office LTSC for Mac 2024 \u003c16.106.26020821",
              "product_id": "1"
            }
          },
          {
            "category": "product_version",
            "name": "16.106.26020821",
            "product": {
              "name": "Microsoft Office LTSC for Mac 2024 16.106.26020821",
              "product_id": "12440"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft Office LTSC for Mac 2024"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-21514",
      "cwe": {
        "id": "CWE-807",
        "name": "Reliance on Untrusted Inputs in a Security Decision"
      },
      "notes": [
        {
          "category": "general",
          "text": "Microsoft",
          "title": "Assigning CNA"
        },
        {
          "category": "faq",
          "text": "An attacker must send a user a malicious Office file and convince them to open it.",
          "title": "According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?"
        },
        {
          "category": "faq",
          "text": "This update addresses a vulnerability that bypasses OLE mitigations in Microsoft 365 and Microsoft Office which protect users from vulnerable COM/OLE controls.",
          "title": "What kind of security feature could be bypassed by successfully exploiting this vulnerability?"
        },
        {
          "category": "faq",
          "text": "No, the Preview Pane is not an attack vector.",
          "title": "Is the Preview Pane an attack vector for this vulnerability?"
        }
      ],
      "product_status": {
        "fixed": [
          "11762",
          "11763",
          "11951",
          "11952",
          "11953",
          "12420",
          "12421",
          "12440"
        ],
        "known_affected": [
          "1",
          "2",
          "3",
          "4",
          "5",
          "6",
          "7",
          "8"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-21514 Microsoft Word Security Feature Bypass Vulnerability - HTML",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21514"
        },
        {
          "category": "self",
          "summary": "CVE-2026-21514 Microsoft Word Security Feature Bypass Vulnerability - CSAF",
          "url": "https://msrc.microsoft.com/csaf/advisories/2026/msrc_cve-2026-21514.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-02-10T08:00:00.000Z",
          "details": "https://aka.ms/OfficeSecurityReleases:Security Update:https://docs.microsoft.com/en-us/officeupdates/office365-proplus-security-updates",
          "product_ids": [
            "8",
            "7",
            "5",
            "4",
            "3",
            "2"
          ],
          "url": "https://docs.microsoft.com/en-us/officeupdates/office365-proplus-security-updates"
        },
        {
          "category": "vendor_fix",
          "date": "2026-02-10T08:00:00.000Z",
          "details": "16.106.26020821:Security Update:https://go.microsoft.com/fwlink/p/?linkid=831049",
          "product_ids": [
            "6",
            "1"
          ],
          "url": "https://go.microsoft.com/fwlink/p/?linkid=831049"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalsScore": 0.0,
            "exploitCodeMaturity": "FUNCTIONAL",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 7.2,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Security Feature Bypass"
        },
        {
          "category": "exploit_status",
          "details": "Publicly Disclosed:Yes;Exploited:Yes;Latest Software Release:Exploitation Detected"
        }
      ],
      "title": "Microsoft Word Security Feature Bypass Vulnerability"
    }
  ]
}

NCSC-2026-0058

Vulnerability from csaf_ncscnl - Published: 2026-02-10 19:11 - Updated: 2026-02-10 19:11

Summary

Kwetsbaarheden verholpen in Microsoft Office

Notes

The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions: NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein. NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory. This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.

Feiten: Microsoft heeft kwetsbaarheden verholpen in Office componenten.

Interpretaties: Een kwaadwillende kan de kwetsbaarheden misbruiken om beveiligingsmaatregelen te omzeilen, zoch voor te doen als andere gebruiker en zich zo verhoogde rechten toe te kennen en toegang te krijgen tot gevoelige gegevens. Voor succesvol misbruik moet de kwaadwillende het slachtoffer misleiden en malafide bestand te openen of link te volgen. Van de kwetsbaarheid met kenmerk CVE-2026-21511 meldt Microsoft informatie te hebben dat deze besproken wordt op fora. De kwetsbaarheid stelt een kwaadwillende in staat om middels een malafide bericht een NTLM-authenticatie te initiëren naar een server onder controle van de kwaadwillende, waarmee de kwaadwillende authenticatiegegevens kan bemachtigen. Er is (nog) geen publieke Proof-of-Concept-code beschikbaar en misbruik vereist een speciaal ingerichte server. Grootschalig misbruik is hiermee niet waarschijnlijk. ``` Microsoft Office Word: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-21514 | 7.80 | Omzeilen van beveiligingsmaatregel | |----------------|------|-------------------------------------| Microsoft Office Excel: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-21259 | 7.30 | Verkrijgen van verhoogde rechten | | CVE-2026-21258 | 5.50 | Toegang tot gevoelige gegevens | | CVE-2026-21261 | 5.50 | Toegang tot gevoelige gegevens | |----------------|------|-------------------------------------| Microsoft Office Outlook: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-21260 | 7.50 | Voordoen als andere gebruiker | | CVE-2026-21511 | 7.50 | Voordoen als andere gebruiker | |----------------|------|-------------------------------------| ```

Oplossingen: Microsoft heeft updates beschikbaar gesteld waarmee de beschreven kwetsbaarheden worden verholpen. We raden u aan om deze updates te installeren. Meer informatie over de kwetsbaarheden, de installatie van de updates en eventuele work-arounds vindt u op: https://portal.msrc.microsoft.com/en-us/security-guidance

Kans: medium

Schade: high

CWE-20: Improper Input Validation

CWE-122: Heap-based Buffer Overflow

CWE-125: Out-of-bounds Read

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CWE-502: Deserialization of Untrusted Data

CWE-807: Reliance on Untrusted Inputs in a Security Decision

CVE-2026-21259

A heap-based buffer overflow vulnerability in Microsoft Office Excel allows unauthorized attackers to locally elevate their privileges.

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE-122 - Heap-based Buffer Overflow

Affected products

Known affected 25 products

Product	Identifier	Version	Remediation
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Outlook 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Outlook 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Outlook 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Enterprise Server 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server Subscription Edition		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Word 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Word 2016 (32-bit edition)		vers:unknown/*

CVE-2026-21258

Improper input validation in Microsoft Office Excel can allow unauthorized attackers to locally disclose sensitive information.

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

CWE-125 - Out-of-bounds Read

Affected products

Known affected 25 products

Product	Identifier	Version	Remediation
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Outlook 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Outlook 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Outlook 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Enterprise Server 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server Subscription Edition		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Word 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Word 2016 (32-bit edition)		vers:unknown/*

CVE-2026-21261

An out-of-bounds read vulnerability in Microsoft Office Excel allows unauthorized attackers to locally disclose sensitive information.

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

CWE-125 - Out-of-bounds Read

Affected products

Known affected 25 products

Product	Identifier	Version	Remediation
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Outlook 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Outlook 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Outlook 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Enterprise Server 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server Subscription Edition		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Word 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Word 2016 (32-bit edition)		vers:unknown/*

CVE-2026-21260

A vulnerability in Microsoft Office Outlook allows unauthorized attackers to exploit sensitive information, facilitating spoofing attacks over a network.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Known affected 25 products

Product	Identifier	Version	Remediation
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Outlook 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Outlook 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Outlook 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Enterprise Server 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server Subscription Edition		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Word 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Word 2016 (32-bit edition)		vers:unknown/*

CVE-2026-21511

Deserialization of untrusted data in Microsoft Office Outlook can allow attackers to execute spoofing attacks over a network.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

CWE-502 - Deserialization of Untrusted Data

Affected products

Known affected 25 products

Product	Identifier	Version	Remediation
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Outlook 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Outlook 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Outlook 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Enterprise Server 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server Subscription Edition		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Word 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Word 2016 (32-bit edition)		vers:unknown/*

CVE-2026-21514

Microsoft Office Word contains a vulnerability that allows unauthorized attackers to elevate privileges locally by exploiting untrusted inputs in security decisions.

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C

CWE-807 - Reliance on Untrusted Inputs in a Security Decision

Affected products

Known affected 25 products

Product	Identifier	Version	Remediation
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Outlook 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Outlook 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Outlook 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Enterprise Server 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server Subscription Edition		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Word 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Word 2016 (32-bit edition)		vers:unknown/*

References

6 references

URL	Category
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "Microsoft heeft kwetsbaarheden verholpen in Office componenten.",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "Een kwaadwillende kan de kwetsbaarheden misbruiken om beveiligingsmaatregelen te omzeilen, zoch voor te doen als andere gebruiker en zich zo verhoogde rechten toe te kennen en toegang te krijgen tot gevoelige gegevens.\n\nVoor succesvol misbruik moet de kwaadwillende het slachtoffer misleiden en malafide bestand te openen of link te volgen.\n\nVan de kwetsbaarheid met kenmerk CVE-2026-21511 meldt Microsoft informatie te hebben dat deze besproken wordt op fora. De kwetsbaarheid stelt een kwaadwillende in staat om middels een malafide bericht een NTLM-authenticatie te initi\u00ebren naar een server onder controle van de kwaadwillende, waarmee de kwaadwillende authenticatiegegevens kan bemachtigen. Er is (nog) geen publieke Proof-of-Concept-code beschikbaar en misbruik vereist een speciaal ingerichte server. Grootschalig misbruik is hiermee niet waarschijnlijk.\n\n```\nMicrosoft Office Word: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-21514 | 7.80 | Omzeilen van beveiligingsmaatregel  | \n|----------------|------|-------------------------------------|\n\nMicrosoft Office Excel: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-21259 | 7.30 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-21258 | 5.50 | Toegang tot gevoelige gegevens      | \n| CVE-2026-21261 | 5.50 | Toegang tot gevoelige gegevens      | \n|----------------|------|-------------------------------------|\n\nMicrosoft Office Outlook: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-21260 | 7.50 | Voordoen als andere gebruiker       | \n| CVE-2026-21511 | 7.50 | Voordoen als andere gebruiker       | \n|----------------|------|-------------------------------------|\n```",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "Microsoft heeft updates beschikbaar gesteld waarmee de beschreven kwetsbaarheden worden verholpen. We raden u aan om deze updates te installeren. Meer informatie over de kwetsbaarheden, de installatie van de updates en eventuele work-arounds vindt u op:\n\nhttps://portal.msrc.microsoft.com/en-us/security-guidance",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Improper Input Validation",
        "title": "CWE-20"
      },
      {
        "category": "general",
        "text": "Heap-based Buffer Overflow",
        "title": "CWE-122"
      },
      {
        "category": "general",
        "text": "Out-of-bounds Read",
        "title": "CWE-125"
      },
      {
        "category": "general",
        "text": "Exposure of Sensitive Information to an Unauthorized Actor",
        "title": "CWE-200"
      },
      {
        "category": "general",
        "text": "Deserialization of Untrusted Data",
        "title": "CWE-502"
      },
      {
        "category": "general",
        "text": "Reliance on Untrusted Inputs in a Security Decision",
        "title": "CWE-807"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "title": "Kwetsbaarheden verholpen in Microsoft Office",
    "tracking": {
      "current_release_date": "2026-02-10T19:11:42.825147Z",
      "generator": {
        "date": "2025-08-04T16:30:00Z",
        "engine": {
          "name": "V.A.",
          "version": "1.3"
        }
      },
      "id": "NCSC-2026-0058",
      "initial_release_date": "2026-02-10T19:11:42.825147Z",
      "revision_history": [
        {
          "date": "2026-02-10T19:11:42.825147Z",
          "number": "1.0.0",
          "summary": "Initiele versie"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-1"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft 365 Apps for Enterprise"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-2"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft 365 Apps for Enterprise for 32-bit Systems"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-3"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft 365 Apps for Enterprise for 64-bit Systems"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-4"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Excel 2016"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-5"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Excel 2016 (32-bit edition)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-6"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Excel 2016 (64-bit edition)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-7"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Office 2019"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-8"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Office 2019 for 32-bit editions"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-9"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Office 2019 for 64-bit editions"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-10"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Office LTSC 2021"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-11"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Office LTSC 2021 for 32-bit editions"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-12"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Office LTSC 2021 for 64-bit editions"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-13"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Office LTSC 2024"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-14"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Office LTSC 2024 for 32-bit editions"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-15"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Office LTSC 2024 for 64-bit editions"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-16"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Office LTSC for Mac 2021"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-17"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Office LTSC for Mac 2024"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-18"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Outlook 2016"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-19"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Outlook 2016 (32-bit edition)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-20"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Outlook 2016 (64-bit edition)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-21"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft SharePoint Enterprise Server 2016"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-22"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft SharePoint Server 2019"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-23"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft SharePoint Server Subscription Edition"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-24"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Word 2016"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-25"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Word 2016 (32-bit edition)"
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-21259",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "other",
          "text": "Heap-based Buffer Overflow",
          "title": "CWE-122"
        },
        {
          "category": "description",
          "text": "A heap-based buffer overflow vulnerability in Microsoft Office Excel allows unauthorized attackers to locally elevate their privileges.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-21259 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21259.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25"
          ]
        }
      ],
      "title": "CVE-2026-21259"
    },
    {
      "cve": "CVE-2026-21258",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Read",
          "title": "CWE-125"
        },
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        },
        {
          "category": "description",
          "text": "Improper input validation in Microsoft Office Excel can allow unauthorized attackers to locally disclose sensitive information.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-21258 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21258.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25"
          ]
        }
      ],
      "title": "CVE-2026-21258"
    },
    {
      "cve": "CVE-2026-21261",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Read",
          "title": "CWE-125"
        },
        {
          "category": "description",
          "text": "An out-of-bounds read vulnerability in Microsoft Office Excel allows unauthorized attackers to locally disclose sensitive information.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-21261 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21261.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25"
          ]
        }
      ],
      "title": "CVE-2026-21261"
    },
    {
      "cve": "CVE-2026-21260",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "other",
          "text": "Exposure of Sensitive Information to an Unauthorized Actor",
          "title": "CWE-200"
        },
        {
          "category": "description",
          "text": "A vulnerability in Microsoft Office Outlook allows unauthorized attackers to exploit sensitive information, facilitating spoofing attacks over a network.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-21260 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21260.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25"
          ]
        }
      ],
      "title": "CVE-2026-21260"
    },
    {
      "cve": "CVE-2026-21511",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "notes": [
        {
          "category": "other",
          "text": "Deserialization of Untrusted Data",
          "title": "CWE-502"
        },
        {
          "category": "description",
          "text": "Deserialization of untrusted data in Microsoft Office Outlook can allow attackers to execute spoofing attacks over a network.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-21511 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21511.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25"
          ]
        }
      ],
      "title": "CVE-2026-21511"
    },
    {
      "cve": "CVE-2026-21514",
      "cwe": {
        "id": "CWE-807",
        "name": "Reliance on Untrusted Inputs in a Security Decision"
      },
      "notes": [
        {
          "category": "other",
          "text": "Reliance on Untrusted Inputs in a Security Decision",
          "title": "CWE-807"
        },
        {
          "category": "description",
          "text": "Microsoft Office Word contains a vulnerability that allows unauthorized attackers to elevate privileges locally by exploiting untrusted inputs in security decisions.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-21514 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21514.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25"
          ]
        }
      ],
      "title": "CVE-2026-21514"
    }
  ]
}

WID-SEC-W-2026-0371

Vulnerability from csaf_certbund - Published: 2026-02-10 23:00 - Updated: 2026-02-10 23:00

Summary

Microsoft Office: Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Excel ist ein Tabellenkalkulationsprogramm der Microsoft Office Suite und ist sowohl für Microsoft Windows als auch für Mac OS verfügbar. Microsoft Word ist ein Textverarbeitungsprogramm der Firma Microsoft für die Windows-Betriebssysteme und Mac OS. Outlook ist ein Personal Information Manager von Microsoft und ist Bestandteil der Office Suite. Microsoft Office Online Server ist ein Serverprodukt, das browserbasierte Versionen von Word, PowerPoint, Excel und OneNote bereitstellt. Microsoft Sharepoint Services ist ein Portalsystem für die zentrale Verwaltung von Dokumenten und Anwendungen. Die Inhalte werden u.a. über Webseiten zur Verfügung gestellt. Die Microsoft Office Suite beinhaltet zahlreiche Büroanwendungen wie Textverarbeitung, Tabellenkalkulation, Datenbank und weitere Applikationen. Microsoft Sharepoint ist ein Portalsystem für die zentrale Verwaltung von Dokumenten und Anwendungen. Die Inhalte werden u. a. über Webseiten zur Verfügung gestellt. Microsoft 365 Apps ist eine Office Suite für zahlreiche Büroanwendungen.

Angriff: Ein Angreifer kann mehrere Schwachstellen in Microsoft Excel, Microsoft Word, Microsoft Outlook, Microsoft Office Online Server, Microsoft SharePoint, Microsoft Office, Microsoft SharePoint Server 2019 und Microsoft 365 Apps ausnutzen, um Administratorrechte zu erlangen, Spoofing-Angriffe durchzuführen, Sicherheitsmaßnahmen zu umgehen und vertrauliche Informationen offenzulegen.

Betroffene Betriebssysteme: - Windows

CVE-2026-21258

Affected products

Known affected 13 products

Product	Identifier	Version
Microsoft SharePoint Server 2019 Microsoft	`cpe:/a:microsoft:sharepoint_server_2019:-`	—
Microsoft Office 2019 Microsoft / Office	`cpe:/a:microsoft:office:2019`	2019
Microsoft Office LTSC for Mac 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2021`	LTSC for Mac 2021
Microsoft 365 Apps Microsoft	`cpe:/a:microsoft:365_apps:-`	—
Microsoft SharePoint Enterprise Server 2016 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2016`	Enterprise Server 2016
Microsoft Office Online Server Microsoft	`cpe:/a:microsoft:office_online_server:-`	—
Microsoft Outlook 2016 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2016`	2016
Microsoft SharePoint Server Subscription Edition Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition`	Server Subscription Edition
Microsoft Office LTSC 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2021`	LTSC 2021
Microsoft Word 2016 Microsoft / Word	`cpe:/a:microsoft:word:2016`	2016
Microsoft Office LTSC for Mac 2024 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2024`	LTSC for Mac 2024
Microsoft Excel 2016 Microsoft / Excel	`cpe:/a:microsoft:excel:2016`	2016
Microsoft Office LTSC 2024 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2024`	LTSC 2024

CVE-2026-21259

Affected products

Known affected 13 products

Product	Identifier	Version
Microsoft SharePoint Server 2019 Microsoft	`cpe:/a:microsoft:sharepoint_server_2019:-`	—
Microsoft Office 2019 Microsoft / Office	`cpe:/a:microsoft:office:2019`	2019
Microsoft Office LTSC for Mac 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2021`	LTSC for Mac 2021
Microsoft 365 Apps Microsoft	`cpe:/a:microsoft:365_apps:-`	—
Microsoft SharePoint Enterprise Server 2016 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2016`	Enterprise Server 2016
Microsoft Office Online Server Microsoft	`cpe:/a:microsoft:office_online_server:-`	—
Microsoft Outlook 2016 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2016`	2016
Microsoft SharePoint Server Subscription Edition Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition`	Server Subscription Edition
Microsoft Office LTSC 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2021`	LTSC 2021
Microsoft Word 2016 Microsoft / Word	`cpe:/a:microsoft:word:2016`	2016
Microsoft Office LTSC for Mac 2024 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2024`	LTSC for Mac 2024
Microsoft Excel 2016 Microsoft / Excel	`cpe:/a:microsoft:excel:2016`	2016
Microsoft Office LTSC 2024 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2024`	LTSC 2024

CVE-2026-21260

Affected products

Known affected 13 products

Product	Identifier	Version
Microsoft SharePoint Server 2019 Microsoft	`cpe:/a:microsoft:sharepoint_server_2019:-`	—
Microsoft Office 2019 Microsoft / Office	`cpe:/a:microsoft:office:2019`	2019
Microsoft Office LTSC for Mac 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2021`	LTSC for Mac 2021
Microsoft 365 Apps Microsoft	`cpe:/a:microsoft:365_apps:-`	—
Microsoft SharePoint Enterprise Server 2016 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2016`	Enterprise Server 2016
Microsoft Office Online Server Microsoft	`cpe:/a:microsoft:office_online_server:-`	—
Microsoft Outlook 2016 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2016`	2016
Microsoft SharePoint Server Subscription Edition Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition`	Server Subscription Edition
Microsoft Office LTSC 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2021`	LTSC 2021
Microsoft Word 2016 Microsoft / Word	`cpe:/a:microsoft:word:2016`	2016
Microsoft Office LTSC for Mac 2024 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2024`	LTSC for Mac 2024
Microsoft Excel 2016 Microsoft / Excel	`cpe:/a:microsoft:excel:2016`	2016
Microsoft Office LTSC 2024 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2024`	LTSC 2024

CVE-2026-21261

Affected products

Known affected 13 products

Product	Identifier	Version
Microsoft SharePoint Server 2019 Microsoft	`cpe:/a:microsoft:sharepoint_server_2019:-`	—
Microsoft Office 2019 Microsoft / Office	`cpe:/a:microsoft:office:2019`	2019
Microsoft Office LTSC for Mac 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2021`	LTSC for Mac 2021
Microsoft 365 Apps Microsoft	`cpe:/a:microsoft:365_apps:-`	—
Microsoft SharePoint Enterprise Server 2016 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2016`	Enterprise Server 2016
Microsoft Office Online Server Microsoft	`cpe:/a:microsoft:office_online_server:-`	—
Microsoft Outlook 2016 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2016`	2016
Microsoft SharePoint Server Subscription Edition Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition`	Server Subscription Edition
Microsoft Office LTSC 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2021`	LTSC 2021
Microsoft Word 2016 Microsoft / Word	`cpe:/a:microsoft:word:2016`	2016
Microsoft Office LTSC for Mac 2024 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2024`	LTSC for Mac 2024
Microsoft Excel 2016 Microsoft / Excel	`cpe:/a:microsoft:excel:2016`	2016
Microsoft Office LTSC 2024 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2024`	LTSC 2024

CVE-2026-21511

Affected products

Known affected 13 products

Product	Identifier	Version
Microsoft SharePoint Server 2019 Microsoft	`cpe:/a:microsoft:sharepoint_server_2019:-`	—
Microsoft Office 2019 Microsoft / Office	`cpe:/a:microsoft:office:2019`	2019
Microsoft Office LTSC for Mac 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2021`	LTSC for Mac 2021
Microsoft 365 Apps Microsoft	`cpe:/a:microsoft:365_apps:-`	—
Microsoft SharePoint Enterprise Server 2016 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2016`	Enterprise Server 2016
Microsoft Office Online Server Microsoft	`cpe:/a:microsoft:office_online_server:-`	—
Microsoft Outlook 2016 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2016`	2016
Microsoft SharePoint Server Subscription Edition Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition`	Server Subscription Edition
Microsoft Office LTSC 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2021`	LTSC 2021
Microsoft Word 2016 Microsoft / Word	`cpe:/a:microsoft:word:2016`	2016
Microsoft Office LTSC for Mac 2024 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2024`	LTSC for Mac 2024
Microsoft Excel 2016 Microsoft / Excel	`cpe:/a:microsoft:excel:2016`	2016
Microsoft Office LTSC 2024 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2024`	LTSC 2024

CVE-2026-21514

Affected products

Known affected 13 products

Product	Identifier	Version
Microsoft SharePoint Server 2019 Microsoft	`cpe:/a:microsoft:sharepoint_server_2019:-`	—
Microsoft Office 2019 Microsoft / Office	`cpe:/a:microsoft:office:2019`	2019
Microsoft Office LTSC for Mac 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2021`	LTSC for Mac 2021
Microsoft 365 Apps Microsoft	`cpe:/a:microsoft:365_apps:-`	—
Microsoft SharePoint Enterprise Server 2016 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2016`	Enterprise Server 2016
Microsoft Office Online Server Microsoft	`cpe:/a:microsoft:office_online_server:-`	—
Microsoft Outlook 2016 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2016`	2016
Microsoft SharePoint Server Subscription Edition Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition`	Server Subscription Edition
Microsoft Office LTSC 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2021`	LTSC 2021
Microsoft Word 2016 Microsoft / Word	`cpe:/a:microsoft:word:2016`	2016
Microsoft Office LTSC for Mac 2024 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2024`	LTSC for Mac 2024
Microsoft Excel 2016 Microsoft / Excel	`cpe:/a:microsoft:excel:2016`	2016
Microsoft Office LTSC 2024 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2024`	LTSC 2024

References

3 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://msrc.microsoft.com/update-guide/	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Excel ist ein Tabellenkalkulationsprogramm der Microsoft Office Suite und ist sowohl f\u00fcr Microsoft Windows als auch f\u00fcr Mac OS verf\u00fcgbar.\r\nMicrosoft Word ist ein Textverarbeitungsprogramm der Firma Microsoft f\u00fcr die Windows-Betriebssysteme und Mac OS.\r\nOutlook ist ein Personal Information Manager von Microsoft und ist Bestandteil der Office Suite.\r\nMicrosoft Office Online Server ist ein Serverprodukt, das browserbasierte Versionen von Word, PowerPoint, Excel und OneNote bereitstellt. \r\nMicrosoft Sharepoint Services ist ein Portalsystem f\u00fcr die zentrale Verwaltung von Dokumenten und Anwendungen. Die Inhalte werden u.a. \u00fcber Webseiten zur Verf\u00fcgung gestellt.\r\nDie Microsoft Office Suite beinhaltet zahlreiche B\u00fcroanwendungen wie Textverarbeitung, Tabellenkalkulation, Datenbank und weitere Applikationen.\r\nMicrosoft Sharepoint ist ein Portalsystem f\u00fcr die zentrale Verwaltung von Dokumenten und Anwendungen. Die Inhalte werden u. a. \u00fcber Webseiten zur Verf\u00fcgung gestellt.\r\nMicrosoft 365 Apps ist eine Office Suite f\u00fcr zahlreiche B\u00fcroanwendungen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Microsoft Excel, Microsoft Word, Microsoft Outlook, Microsoft Office Online Server, Microsoft SharePoint, Microsoft Office, Microsoft SharePoint Server 2019 und Microsoft 365 Apps ausnutzen, um Administratorrechte zu erlangen, Spoofing-Angriffe durchzuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-0371 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0371.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-0371 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0371"
      },
      {
        "category": "external",
        "summary": "Microsoft Leitfaden f\u00fcr Sicherheitsupdates",
        "url": "https://msrc.microsoft.com/update-guide/"
      }
    ],
    "source_lang": "en-US",
    "title": "Microsoft Office: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-02-10T23:00:00.000+00:00",
      "generator": {
        "date": "2026-02-11T09:42:32.084+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2026-0371",
      "initial_release_date": "2026-02-10T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-02-10T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Microsoft 365 Apps",
            "product": {
              "name": "Microsoft 365 Apps",
              "product_id": "T050753",
              "product_identification_helper": {
                "cpe": "cpe:/a:microsoft:365_apps:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "2016",
                "product": {
                  "name": "Microsoft Excel 2016",
                  "product_id": "T050746",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:excel:2016"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Excel"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "2019",
                "product": {
                  "name": "Microsoft Office 2019",
                  "product_id": "T050751",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:office:2019"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "LTSC for Mac 2021",
                "product": {
                  "name": "Microsoft Office LTSC for Mac 2021",
                  "product_id": "T050754",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:office:ltsc_for_mac_2021"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "LTSC 2021",
                "product": {
                  "name": "Microsoft Office LTSC 2021",
                  "product_id": "T050755",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:office:ltsc_2021"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "LTSC 2024",
                "product": {
                  "name": "Microsoft Office LTSC 2024",
                  "product_id": "T050757",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:office:ltsc_2024"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "LTSC for Mac 2024",
                "product": {
                  "name": "Microsoft Office LTSC for Mac 2024",
                  "product_id": "T050758",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:office:ltsc_for_mac_2024"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Office"
          },
          {
            "category": "product_name",
            "name": "Microsoft Office Online Server",
            "product": {
              "name": "Microsoft Office Online Server",
              "product_id": "T050749",
              "product_identification_helper": {
                "cpe": "cpe:/a:microsoft:office_online_server:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "2016",
                "product": {
                  "name": "Microsoft Outlook 2016",
                  "product_id": "T050748",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:outlook:2016"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Outlook"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "Enterprise Server 2016",
                "product": {
                  "name": "Microsoft SharePoint Enterprise Server 2016",
                  "product_id": "T050750",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:sharepoint:enterprise_server_2016"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Server Subscription Edition",
                "product": {
                  "name": "Microsoft SharePoint Server Subscription Edition",
                  "product_id": "T050756",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:sharepoint:server_subscription_edition"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SharePoint"
          },
          {
            "category": "product_name",
            "name": "Microsoft SharePoint Server 2019",
            "product": {
              "name": "Microsoft SharePoint Server 2019",
              "product_id": "T050752",
              "product_identification_helper": {
                "cpe": "cpe:/a:microsoft:sharepoint_server_2019:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "2016",
                "product": {
                  "name": "Microsoft Word 2016",
                  "product_id": "T050747",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:word:2016"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Word"
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-21258",
      "product_status": {
        "known_affected": [
          "T050752",
          "T050751",
          "T050754",
          "T050753",
          "T050750",
          "T050749",
          "T050748",
          "T050756",
          "T050755",
          "T050747",
          "T050758",
          "T050746",
          "T050757"
        ]
      },
      "release_date": "2026-02-10T23:00:00.000+00:00",
      "title": "CVE-2026-21258"
    },
    {
      "cve": "CVE-2026-21259",
      "product_status": {
        "known_affected": [
          "T050752",
          "T050751",
          "T050754",
          "T050753",
          "T050750",
          "T050749",
          "T050748",
          "T050756",
          "T050755",
          "T050747",
          "T050758",
          "T050746",
          "T050757"
        ]
      },
      "release_date": "2026-02-10T23:00:00.000+00:00",
      "title": "CVE-2026-21259"
    },
    {
      "cve": "CVE-2026-21260",
      "product_status": {
        "known_affected": [
          "T050752",
          "T050751",
          "T050754",
          "T050753",
          "T050750",
          "T050749",
          "T050748",
          "T050756",
          "T050755",
          "T050747",
          "T050758",
          "T050746",
          "T050757"
        ]
      },
      "release_date": "2026-02-10T23:00:00.000+00:00",
      "title": "CVE-2026-21260"
    },
    {
      "cve": "CVE-2026-21261",
      "product_status": {
        "known_affected": [
          "T050752",
          "T050751",
          "T050754",
          "T050753",
          "T050750",
          "T050749",
          "T050748",
          "T050756",
          "T050755",
          "T050747",
          "T050758",
          "T050746",
          "T050757"
        ]
      },
      "release_date": "2026-02-10T23:00:00.000+00:00",
      "title": "CVE-2026-21261"
    },
    {
      "cve": "CVE-2026-21511",
      "product_status": {
        "known_affected": [
          "T050752",
          "T050751",
          "T050754",
          "T050753",
          "T050750",
          "T050749",
          "T050748",
          "T050756",
          "T050755",
          "T050747",
          "T050758",
          "T050746",
          "T050757"
        ]
      },
      "release_date": "2026-02-10T23:00:00.000+00:00",
      "title": "CVE-2026-21511"
    },
    {
      "cve": "CVE-2026-21514",
      "product_status": {
        "known_affected": [
          "T050752",
          "T050751",
          "T050754",
          "T050753",
          "T050750",
          "T050749",
          "T050748",
          "T050756",
          "T050755",
          "T050747",
          "T050758",
          "T050746",
          "T050757"
        ]
      },
      "release_date": "2026-02-10T23:00:00.000+00:00",
      "title": "CVE-2026-21514"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-21514 (GCVE-0-2026-21514)

CISA KEV

Known Exploited Vulnerability - GCVE BCP-07 Compliant

Timestamps

Scope

Evidence

Vendor Report Successful Exploitation Confidence: 80% Source: cisa-kev

Details

References

KEVintel KEV

Known Exploited Vulnerability - GCVE BCP-07 Compliant

Timestamps

Scope

Evidence

Public Report Successful Exploitation Confidence: 70% Source: kevintel

Details

References

Solutions

Solutions

Tags

Sightings

Nomenclature