Unrated severityCISA KEVNVD Advisory· Published Jan 26, 2026· Updated Apr 1, 2026
Microsoft Office Security Feature Bypass Vulnerability
CVE-2026-21509
Description
Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally.
Affected products
6- Microsoft/Microsoft 365 Apps for Enterprisev5Range: 16.0.1
16.0.0+ 1 more
- (no CPE)range: 16.0.0
- (no CPE)range: 19.0.0
Patches
Vulnerability mechanics
References
1- msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21509mitrevendor-advisorypatch
News mentions
4- Gamaredon Exploits WinRAR to Deliver GammaWorm and GammaSteel Against UkraineThe Hacker News · Jun 2, 2026
- Exploits and vulnerabilities in Q1 2026Securelist · May 7, 2026
- Pawn Storm Campaign Deploys PRISMEX, Targets Government and Critical Infrastructure EntitiesTrend Micro Research · Mar 26, 2026
- Sednit reloaded: Back in the trenchesESET WeLiveSecurity · Mar 10, 2026