Security Feature Bypass in Microsoft Office
CVE-2026-21509

7.8HIGH

Key Information:

Vendor

Microsoft
Status
Microsoft Office 2019
Microsoft 365 Apps For Enterprise
Microsoft Office Ltsc 2021
Microsoft Office Ltsc 2024
Vendor
CVE Published:
26 January 2026

Badges

🔥 Trending now📈 Trended📈 Score: 11,000👾 Exploit Exists🟡 Public PoC🟣 EPSS 13%🦅 CISA Reported

What is CVE-2026-21509?

CVE-2026-21509 is a significant vulnerability found in Microsoft Office, a widely used productivity suite that facilitates document creation, data analysis, and communication across various organizational settings. This vulnerability arises from the reliance on untrusted inputs within the application’s security mechanisms. Specifically, it allows an unauthorized attacker to bypass certain security features locally, potentially compromising the integrity and confidentiality of the data handled by Microsoft Office applications. Given the prevalent use of Office in business environments, this security flaw could have severe repercussions for organizations, exposing sensitive information and enabling further malicious activities.

Potential impact of CVE-2026-21509

  1. Unauthorized Access: The primary risk associated with this vulnerability is the potential for unauthorized access to restricted functionalities or data within Microsoft Office applications. Attackers could exploit this bypass to gain control over sensitive documents or features, leading to potential data leaks or manipulation.

  2. Data Integrity Compromise: By circumventing security features, an attacker can alter or corrupt documents and data without detection. This could severely impact an organization’s operational effectiveness and the reliability of data-driven decisions.

  3. Increased Vulnerability to Other Attacks: The existence of this security feature bypass can serve as a stepping stone for further attacks on an organization. Once inside the system, an attacker may leverage this initial foothold to deploy additional malicious activities, such as installing malware or attempting to escalate privileges.

CISA has reported CVE-2026-21509

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2026-21509 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Microsoft 365 Apps for Enterprise 32-bit Systems 16.0.1

Microsoft Office 2016 32-bit Systems 16.0.0 < 16.0.5539.1001

Microsoft Office 2019 32-bit Systems 19.0.0 < 16.0.10417.20095

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

Ashwesker-CVE-2026-21509
Created by Ashwesker

CVE-2026-21509-PoC
Created by IncursioHack

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...
vendor-advisorypatch

EPSS Score

13% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • 📈

    Vulnerability started trending

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • 🦅

    CISA Reported

  • Vulnerability published

  • Vulnerability Reserved

JSON
.