CVE-2026-21511

HIGH
2026-02-10 [email protected]
7.5
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 22:02 vuln.today
CVE Published
Feb 10, 2026 - 18:16 nvd
HIGH 7.5

Tags

Microsoft Outlook Deserialization 365 Apps Word Sharepoint Server Office Long Term Servicing Channel Office

Description

Deserialization of untrusted data in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network.

Analysis

Microsoft Outlook's unsafe deserialization of untrusted data enables remote attackers to spoof messages and identities without authentication over the network. This vulnerability affects Outlook, Word, and Microsoft 365 Apps, allowing attackers to impersonate legitimate senders and deceive users. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Remediation

Within 24 hours: Identify all Outlook deployments and users, assess email traffic for suspicious deserialization patterns, and notify security teams to monitor for active exploitation. Within 7 days: Implement email gateway filtering rules to block malicious serialized objects, restrict Outlook's ability to process untrusted file attachments, and disable legacy protocols if not business-critical. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

38
Low Medium High Critical
KEV: 0
EPSS: +0.2
CVSS: +38
POC: 0

Share

CVE-2026-21511 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy