365 Apps
CVE-2026-21509
HIGH
Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from Vendor (microsoft) · only source for this CVE.
CVSS VectorVendor: microsoft
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionCVE.org
Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally.
AnalysisAI
Microsoft Office contains a security feature bypass (CVE-2026-21509, CVSS 7.8) where reliance on untrusted inputs in security decisions allows local attackers to bypass protections designed to prevent execution of malicious content. KEV-listed with EPSS 9.3%, this vulnerability enables attackers to circumvent Office security features like Protected View or macro restrictions through crafted documents.
Technical ContextAI
Office's security model uses metadata and file attributes to determine whether to apply security restrictions (Protected View, macro blocking, etc.). This vulnerability allows attackers to manipulate these inputs so that Office treats malicious documents as trusted, bypassing security features that would normally prevent code execution. This is a common technique in the attack chain: first bypass protections, then exploit a separate vulnerability for code execution.
RemediationAI
Apply Microsoft security update immediately. Enforce Attack Surface Reduction (ASR) rules for Office. Block macros from internet-sourced documents via Group Policy. Enable Protected View for all external documents. User awareness training on document-based threats.
Microsoft Office Word contains a security decision bypass (CVE-2026-21514, CVSS 7.8) through reliance on untrusted input
Microsoft Outlook Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotel
Use-after-free vulnerability in Microsoft Office Word that allows local, unauthenticated attackers to execute arbitrary
Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely expl
Microsoft Office Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (C
Use-after-free vulnerability in Microsoft Office Excel that allows local code execution with high severity (CVSS 7.8). A
Use-after-free vulnerability in Microsoft Office PowerPoint that allows an unauthenticated local attacker to execute arb
Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentica
Microsoft Word Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authenticat
Microsoft Office Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentic
Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentica
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today