Vulnerability-Lookup

CVE-2026-21261 (GCVE-0-2026-21261)

Vulnerability from cvelistv5 – Published: 2026-02-10 17:51 – Updated: 2026-05-11 21:25

Title

Microsoft Excel Information Disclosure Vulnerability

Summary

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

Severity

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

CWE

CWE-125 - Out-of-bounds Read

Assigner

microsoft

References

1 reference

URL	Tags
https://msrc.microsoft.com/update-guide/vulnerabi…	vendor-advisorypatch

Impacted products

8 products

Vendor	Product	Version
Microsoft	Microsoft 365 Apps for Enterprise	Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
Microsoft	Microsoft Excel 2016	Affected: 16.0.0.0 , < 16.0.5539.1002 (custom)
Microsoft	Microsoft Office 2019	Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
Microsoft	Microsoft Office LTSC 2021	Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
Microsoft	Microsoft Office LTSC 2024	Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
Microsoft	Microsoft Office LTSC for Mac 2021	Affected: 16.0.1 , < 16.106.26020821 (custom)
Microsoft	Microsoft Office LTSC for Mac 2024	Affected: 16.0.0 , < 16.106.26020821 (custom)
Microsoft	Office Online Server	Affected: 16.0.0.0 , < 16.0.10417.20097 (custom)

Date Public

2026-02-10 16:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-21261",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-11T16:07:46.518765Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-11T16:09:03.084Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft 365 Apps for Enterprise",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Excel 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.5539.1002",
              "status": "affected",
              "version": "16.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Office 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "19.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Office LTSC 2021",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Office LTSC 2024",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Microsoft Office LTSC for Mac 2021",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.106.26020821",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Microsoft Office LTSC for Mac 2024",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.106.26020821",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Office Online Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.10417.20097",
              "status": "affected",
              "version": "16.0.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:ltsc:*:*:*",
                  "versionEndExcluding": "16.0.10417.20097",
                  "versionStartIncluding": "16.0.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "19.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
                  "versionEndExcluding": "16.106.26020821",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
                  "versionEndExcluding": "16.106.26020821",
                  "versionStartIncluding": "16.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:excel_2016:*:*:*:*:*:*:x86:*",
                  "versionEndExcluding": "16.0.5539.1002",
                  "versionStartIncluding": "16.0.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2026-02-10T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125: Out-of-bounds Read",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T21:25:38.274Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft Excel Information Disclosure Vulnerability",
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21261"
        }
      ],
      "title": "Microsoft Excel Information Disclosure Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2026-21261",
    "datePublished": "2026-02-10T17:51:37.088Z",
    "dateReserved": "2025-12-11T21:02:05.737Z",
    "dateUpdated": "2026-05-11T21:25:38.274Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-21261",
      "date": "2026-05-25",
      "epss": "0.00031",
      "percentile": "0.09324"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-21261\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2026-02-10T18:16:28.107\",\"lastModified\":\"2026-02-11T19:08:10.653\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*\",\"matchCriteriaId\":\"3259EBFE-AE2D-48B8-BE9A-E22BBDB31378\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*\",\"matchCriteriaId\":\"CD25F492-9272-4836-832C-8439EBE64CCF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x64:*\",\"matchCriteriaId\":\"CD88F667-6773-4DB7-B6C3-9C7B769C0808\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x86:*\",\"matchCriteriaId\":\"B342EF98-B414-44D0-BAFB-FCA24294EECE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x64:*\",\"matchCriteriaId\":\"CF5DDD09-902E-4881-98D0-CB896333B4AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x86:*\",\"matchCriteriaId\":\"26A3B226-5D7C-4556-9350-5222DC8EFC2C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:macos:*:*\",\"matchCriteriaId\":\"BF0E8112-5B6F-4E55-8E40-38ADCF6FC654\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:*:x64:*\",\"matchCriteriaId\":\"C461C8D7-D6DC-47E2-BF64-0872A4D24E43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:*:x86:*\",\"matchCriteriaId\":\"875BEC9A-6123-48A9-8B89-88AEA8422B89\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:-:x64:*\",\"matchCriteriaId\":\"D31E509A-0B2E-4B41-88C4-0099E800AFE6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:-:x86:*\",\"matchCriteriaId\":\"017A7041-BEF1-4E4E-AC8A-EFC6AFEB01FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:macos:*:*\",\"matchCriteriaId\":\"EF3E56B5-E6A6-4061-9380-D421E52B9199\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office_online_server:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"16.0.10417.20097\",\"matchCriteriaId\":\"0213E443-C4CD-41DC-9C07-B2D85B284389\"}]}]}],\"references\":[{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21261\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-21261\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-02-11T16:07:46.518765Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-02-11T16:08:48.683Z\"}}], \"cna\": {\"title\": \"Microsoft Excel Information Disclosure Vulnerability\", \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C\"}, \"scenarios\": [{\"lang\": \"en-US\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Microsoft\", \"product\": \"Microsoft 365 Apps for Enterprise\", \"versions\": [{\"status\": \"affected\", \"version\": \"16.0.1\", \"lessThan\": \"https://aka.ms/OfficeSecurityReleases\", \"versionType\": \"custom\"}], \"platforms\": [\"32-bit Systems\", \"x64-based Systems\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft Excel 2016\", \"versions\": [{\"status\": \"affected\", \"version\": \"16.0.0.0\", \"lessThan\": \"16.0.5539.1002\", \"versionType\": \"custom\"}], \"platforms\": [\"32-bit Systems\", \"x64-based Systems\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft Office 2019\", \"versions\": [{\"status\": \"affected\", \"version\": \"19.0.0\", \"lessThan\": \"https://aka.ms/OfficeSecurityReleases\", \"versionType\": \"custom\"}], \"platforms\": [\"32-bit Systems\", \"x64-based Systems\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft Office LTSC 2021\", \"versions\": [{\"status\": \"affected\", \"version\": \"16.0.1\", \"lessThan\": \"https://aka.ms/OfficeSecurityReleases\", \"versionType\": \"custom\"}], \"platforms\": [\"32-bit Systems\", \"x64-based Systems\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft Office LTSC 2024\", \"versions\": [{\"status\": \"affected\", \"version\": \"16.0.0\", \"lessThan\": \"https://aka.ms/OfficeSecurityReleases\", \"versionType\": \"custom\"}], \"platforms\": [\"32-bit Systems\", \"x64-based Systems\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft Office LTSC for Mac 2021\", \"versions\": [{\"status\": \"affected\", \"version\": \"16.0.1\", \"lessThan\": \"16.106.26020821\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft Office LTSC for Mac 2024\", \"versions\": [{\"status\": \"affected\", \"version\": \"16.0.0\", \"lessThan\": \"16.106.26020821\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Microsoft\", \"product\": \"Office Online Server\", \"versions\": [{\"status\": \"affected\", \"version\": \"16.0.0.0\", \"lessThan\": \"16.0.10417.20097\", \"versionType\": \"custom\"}]}], \"datePublic\": \"2026-02-10T16:00:00.000Z\", \"references\": [{\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21261\", \"name\": \"Microsoft Excel Information Disclosure Vulnerability\", \"tags\": [\"vendor-advisory\", \"patch\"]}], \"descriptions\": [{\"lang\": \"en-US\", \"value\": \"Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en-US\", \"type\": \"CWE\", \"cweId\": \"CWE-125\", \"description\": \"CWE-125: Out-of-bounds Read\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:microsoft:office_2021:*:*:*:*:ltsc:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"16.0.10417.20097\", \"versionStartIncluding\": \"16.0.0.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"https://aka.ms/OfficeSecurityReleases\", \"versionStartIncluding\": \"19.0.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"https://aka.ms/OfficeSecurityReleases\", \"versionStartIncluding\": \"16.0.1\"}, {\"criteria\": \"cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"16.106.26020821\", \"versionStartIncluding\": \"16.0.1\"}, {\"criteria\": \"cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"https://aka.ms/OfficeSecurityReleases\", \"versionStartIncluding\": \"16.0.1\"}, {\"criteria\": \"cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"https://aka.ms/OfficeSecurityReleases\", \"versionStartIncluding\": \"16.0.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"16.106.26020821\", \"versionStartIncluding\": \"16.0.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:excel_2016:*:*:*:*:*:*:x86:*\", \"vulnerable\": true, \"versionEndExcluding\": \"16.0.5539.1002\", \"versionStartIncluding\": \"16.0.0.0\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"shortName\": \"microsoft\", \"dateUpdated\": \"2026-05-11T18:10:17.060Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-21261\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-11T18:10:17.060Z\", \"dateReserved\": \"2025-12-11T21:02:05.737Z\", \"assignerOrgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"datePublished\": \"2026-02-10T17:51:37.088Z\", \"assignerShortName\": \"microsoft\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

BDU:2026-01810

Vulnerability from fstec - Published: 10.02.2026

Title

Уязвимость редактора электронных таблиц Microsoft Excel пакетов программ Microsoft Office и Microsoft 365 Apps for Enterprise, позволяющая нарушителю раскрыть защищаемую информацию

Description

Уязвимость редактора электронных таблиц Microsoft Excel пакетов программ Microsoft Office и Microsoft 365 Apps for Enterprise связана с чтением за границами буфера в памяти. Эксплуатация уязвимости может позволить нарушителю раскрыть защищаемую информацию

Severity


                    
                      AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Vendor

Microsoft Corp

Software Name

Microsoft Office 2019, Microsoft 365 Apps for Enterprise, Microsoft Office LTSC 2021, Microsoft Office LTSC 2024, Microsoft Excel 2016, Office Online Server

Software Version

- (Microsoft Office 2019), - (Microsoft 365 Apps for Enterprise), - (Microsoft Office LTSC 2021), - (Microsoft Office LTSC 2024), до 16.106.26020821 (Microsoft Office LTSC 2024), до 16.106.26020821 (Microsoft Office LTSC 2021), до 16.0.5539.1002 (Microsoft Excel 2016), до 16.0.10417.20097 (Office Online Server)

Possible Mitigations

Использование рекомендаций производителя: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21261

Reference

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21261

CWE

CWE-125

JSON

To clipboard

{
  "CVSS 2.0": "AV:L/AC:L/Au:N/C:C/I:N/A:N",
  "CVSS 3.0": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Microsoft Corp",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "- (Microsoft Office 2019), - (Microsoft 365 Apps for Enterprise), - (Microsoft Office LTSC 2021), - (Microsoft Office LTSC 2024), \u0434\u043e 16.106.26020821 (Microsoft Office LTSC 2024), \u0434\u043e 16.106.26020821 (Microsoft Office LTSC 2021), \u0434\u043e 16.0.5539.1002 (Microsoft Excel 2016), \u0434\u043e 16.0.10417.20097 (Office Online Server)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21261",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "10.02.2026",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "16.02.2026",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "16.02.2026",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2026-01810",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2026-21261",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Microsoft Office 2019, Microsoft 365 Apps for Enterprise, Microsoft Office LTSC 2021, Microsoft Office LTSC 2024, Microsoft Excel 2016, Office Online Server",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0440\u0435\u0434\u0430\u043a\u0442\u043e\u0440\u0430 \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u044b\u0445 \u0442\u0430\u0431\u043b\u0438\u0446 Microsoft Excel \u043f\u0430\u043a\u0435\u0442\u043e\u0432 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c Microsoft Office \u0438 Microsoft 365 Apps for Enterprise, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0427\u0442\u0435\u043d\u0438\u0435 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 (CWE-125)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0440\u0435\u0434\u0430\u043a\u0442\u043e\u0440\u0430 \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u044b\u0445 \u0442\u0430\u0431\u043b\u0438\u0446 Microsoft Excel \u043f\u0430\u043a\u0435\u0442\u043e\u0432 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c Microsoft Office \u0438 Microsoft 365 Apps for Enterprise \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0447\u0442\u0435\u043d\u0438\u0435\u043c \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21261",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-125",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,9)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,5)"
}

CERTFR-2026-AVI-0149

Vulnerability from certfr_avis - Published: 2026-02-11 - Updated: 2026-02-11

De multiples vulnérabilités ont été découvertes dans Microsoft Office. Elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et un contournement de la politique de sécurité.

Microsoft indique que la vulnérabilité CVE-2026-21514 est activement exploitée.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	Microsoft Excel 2016 (édition 64 bits) versions antérieures à 16.0.5539.1002
Microsoft	N/A	Microsoft Excel 2016 (édition 32 bits) versions antérieures à 16.0.5539.1002
Microsoft	N/A	Microsoft Office LTSC 2024 pour éditions 64 bits
Microsoft	N/A	Microsoft Outlook 2016 (édition 64 bits) versions antérieures à 16.0.5539.1002
Microsoft	N/A	Microsoft Office LTSC 2021 pour éditions 32 bits
Microsoft	N/A	Microsoft Office 2019 pour éditions 32 bits
Microsoft	N/A	Microsoft 365 Apps pour Enterprise pour systèmes 32 bits
Microsoft	N/A	Microsoft Office 2019 pour éditions 64 bits
Microsoft	N/A	Microsoft Office LTSC 2024 pour éditions 32 bits
Microsoft	N/A	Microsoft Outlook 2016 (édition 32 bits) versions antérieures à 16.0.5539.1002
Microsoft	N/A	Microsoft Word 2016 (édition 32 bits) versions antérieures à 16.0.5539.1002
Microsoft	N/A	Microsoft Word 2016 (édition 64 bits) versions antérieures à 16.0.5539.1002
Microsoft	N/A	Microsoft Office LTSC 2021 pour éditions 64 bits
Microsoft	N/A	Microsoft Office LTSC pour Mac 2021 versions antérieures à 16.106.26020821
Microsoft	N/A	Microsoft 365 Apps pour Enterprise pour systèmes 64 bits
Microsoft	N/A	Microsoft Office LTSC pour Mac 2024 versions antérieures à 16.106.26020821
Microsoft	N/A	Office Online Server versions antérieures à 16.0.10417.20097

References

Title

Publication Time

CNVD-2026-12553

Vulnerability from cnvd - Published: 2026-03-04

Title

Microsoft Excel缓冲区溢出漏洞（CNVD-2026-12553）

Description

Microsoft Excel是美国微软（Microsoft）公司的一款Office套件中的电子表格处理软件。 Microsoft Excel存在缓冲区溢出漏洞。该漏洞源于程序未能正确验证输入数据的长度大小，攻击者可利用该漏洞获取敏感信息。

Severity

中

Patch Name

Microsoft Excel缓冲区溢出漏洞（CNVD-2026-12553）的补丁

Patch Description

Microsoft Excel是美国微软（Microsoft）公司的一款Office套件中的电子表格处理软件。 Microsoft Excel存在缓冲区溢出漏洞。该漏洞源于程序未能正确验证输入数据的长度大小，攻击者可利用该漏洞获取敏感信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21261

Reference

https://nvd.nist.gov/vuln/detail/CVE-2026-21261

Impacted products

Name
['Microsoft Excel 2016', 'Microsoft Office Online Server', 'Microsoft Office 2019', 'Microsoft 365 Apps for Enterprise', 'Microsoft Office LTSC 2021', 'Microsoft Office LTSC for Mac 2021', 'Microsoft Microsoft Office LTSC 2024', 'Microsoft Office LTSC for Mac 2024']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2026-21261",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2026-21261"
    }
  },
  "description": "Microsoft Excel\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4e00\u6b3eOffice\u5957\u4ef6\u4e2d\u7684\u7535\u5b50\u8868\u683c\u5904\u7406\u8f6f\u4ef6\u3002\n\nMicrosoft Excel\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u9a8c\u8bc1\u8f93\u5165\u6570\u636e\u7684\u957f\u5ea6\u5927\u5c0f\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21261",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2026-12553",
  "openTime": "2026-03-04",
  "patchDescription": "Microsoft Excel\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4e00\u6b3eOffice\u5957\u4ef6\u4e2d\u7684\u7535\u5b50\u8868\u683c\u5904\u7406\u8f6f\u4ef6\u3002\r\n\r\nMicrosoft Excel\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u9a8c\u8bc1\u8f93\u5165\u6570\u636e\u7684\u957f\u5ea6\u5927\u5c0f\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Microsoft Excel\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff08CNVD-2026-12553\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Microsoft Excel 2016",
      "Microsoft Office Online Server",
      "Microsoft Office 2019",
      "Microsoft 365 Apps for Enterprise",
      "Microsoft Office LTSC 2021",
      "Microsoft Office LTSC for Mac 2021",
      "Microsoft Microsoft Office LTSC 2024",
      "Microsoft Office LTSC for Mac 2024"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2026-21261",
  "serverity": "\u4e2d",
  "submitTime": "2026-03-02",
  "title": "Microsoft Excel\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff08CNVD-2026-12553\uff09"
}

FKIE_CVE-2026-21261

Vulnerability from fkie_nvd - Published: 2026-02-10 18:16 - Updated: 2026-02-11 19:08

Severity

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Summary

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

References

	URL	Tags
	secure@microsoft.com	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21261	Vendor Advisory

Impacted products

Vendor	Product	Version
microsoft	365_apps	-
microsoft	365_apps	-
microsoft	excel	2016
microsoft	excel	2016
microsoft	office	2019
microsoft	office	2019
microsoft	office_long_term_servicing_channel	2021
microsoft	office_long_term_servicing_channel	2024
microsoft	office_long_term_servicing_channel	2024
microsoft	office_long_term_servicing_channel	2024
microsoft	office_long_term_servicing_channel	2024
microsoft	office_long_term_servicing_channel	2024
microsoft	office_online_server	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*",
              "matchCriteriaId": "3259EBFE-AE2D-48B8-BE9A-E22BBDB31378",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*",
              "matchCriteriaId": "CD25F492-9272-4836-832C-8439EBE64CCF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x64:*",
              "matchCriteriaId": "CD88F667-6773-4DB7-B6C3-9C7B769C0808",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x86:*",
              "matchCriteriaId": "B342EF98-B414-44D0-BAFB-FCA24294EECE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x64:*",
              "matchCriteriaId": "CF5DDD09-902E-4881-98D0-CB896333B4AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x86:*",
              "matchCriteriaId": "26A3B226-5D7C-4556-9350-5222DC8EFC2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:macos:*:*",
              "matchCriteriaId": "BF0E8112-5B6F-4E55-8E40-38ADCF6FC654",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:*:x64:*",
              "matchCriteriaId": "C461C8D7-D6DC-47E2-BF64-0872A4D24E43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:*:x86:*",
              "matchCriteriaId": "875BEC9A-6123-48A9-8B89-88AEA8422B89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:-:x64:*",
              "matchCriteriaId": "D31E509A-0B2E-4B41-88C4-0099E800AFE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:-:x86:*",
              "matchCriteriaId": "017A7041-BEF1-4E4E-AC8A-EFC6AFEB01FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:macos:*:*",
              "matchCriteriaId": "EF3E56B5-E6A6-4061-9380-D421E52B9199",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_online_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0213E443-C4CD-41DC-9C07-B2D85B284389",
              "versionEndExcluding": "16.0.10417.20097",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally."
    },
    {
      "lang": "es",
      "value": "Lectura fuera de l\u00edmites en Microsoft Office Excel permite a un atacante no autorizado divulgar informaci\u00f3n localmente."
    }
  ],
  "id": "CVE-2026-21261",
  "lastModified": "2026-02-11T19:08:10.653",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "secure@microsoft.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-02-10T18:16:28.107",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21261"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "secure@microsoft.com",
      "type": "Secondary"
    }
  ]
}

GHSA-4J53-HJH6-2XW6

Vulnerability from github – Published: 2026-02-10 18:30 – Updated: 2026-02-10 18:30

Details

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

Severity

5.5 (Medium)


                  
                    CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2026-21261"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-10T18:16:28Z",
    "severity": "MODERATE"
  },
  "details": "Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.",
  "id": "GHSA-4j53-hjh6-2xw6",
  "modified": "2026-02-10T18:30:41Z",
  "published": "2026-02-10T18:30:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21261"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21261"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

MSRC_CVE-2026-21261

Vulnerability from csaf_microsoft - Published: 2026-02-10 08:00 - Updated: 2026-02-10 08:00

Summary

Microsoft Excel Information Disclosure Vulnerability

Severity

Important

Notes

Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

Customer Action: Required. The vulnerability documented by this CVE requires customer action to resolve.

CVE-2026-21261

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

CWE-125 - Out-of-bounds Read

Affected products

Fixed 13 products

Product	Identifier	Version	Remediation
Microsoft Excel 2016 (32-bit edition) 16.0.5539.1002 Microsoft Excel 2016 (32-bit edition)		16.0.5539.1002
Microsoft Excel 2016 (64-bit edition) 16.0.5539.1002 Microsoft Excel 2016 (64-bit edition)		16.0.5539.1002
Office Online Server 16.0.10417.20097 Office Online Server		16.0.10417.20097
Microsoft Office 2019 for 32-bit editions https://aka.ms/OfficeSecurityReleases Microsoft Office 2019 for 32-bit editions		https://aka.ms/OfficeSecurityReleases
Microsoft Office 2019 for 64-bit editions https://aka.ms/OfficeSecurityReleases Microsoft Office 2019 for 64-bit editions		https://aka.ms/OfficeSecurityReleases
Microsoft 365 Apps for Enterprise for 32-bit Systems https://aka.ms/OfficeSecurityReleases Microsoft 365 Apps for Enterprise for 32-bit Systems		https://aka.ms/OfficeSecurityReleases
Microsoft 365 Apps for Enterprise for 64-bit Systems https://aka.ms/OfficeSecurityReleases Microsoft 365 Apps for Enterprise for 64-bit Systems		https://aka.ms/OfficeSecurityReleases
Microsoft Office LTSC for Mac 2021 16.106.26020821 Microsoft Office LTSC for Mac 2021		16.106.26020821
Microsoft Office LTSC 2021 for 64-bit editions https://aka.ms/OfficeSecurityReleases Microsoft Office LTSC 2021 for 64-bit editions		https://aka.ms/OfficeSecurityReleases
Microsoft Office LTSC 2021 for 32-bit editions https://aka.ms/OfficeSecurityReleases Microsoft Office LTSC 2021 for 32-bit editions		https://aka.ms/OfficeSecurityReleases
Microsoft Office LTSC 2024 for 32-bit editions https://aka.ms/OfficeSecurityReleases Microsoft Office LTSC 2024 for 32-bit editions		https://aka.ms/OfficeSecurityReleases
Microsoft Office LTSC 2024 for 64-bit editions https://aka.ms/OfficeSecurityReleases Microsoft Office LTSC 2024 for 64-bit editions		https://aka.ms/OfficeSecurityReleases
Microsoft Office LTSC for Mac 2024 16.106.26020821 Microsoft Office LTSC for Mac 2024		16.106.26020821

Known affected 13 products

Product	Version	Remediation
Microsoft Office LTSC for Mac 2024 <16.106.26020821 Microsoft Office LTSC for Mac 2024	<16.106.26020821	Vendor Fix fix
Microsoft Office LTSC 2024 for 64-bit editions <https://aka.ms/OfficeSecurityReleases Microsoft Office LTSC 2024 for 64-bit editions	<https://aka.ms/OfficeSecurityReleases	Vendor Fix fix
Microsoft Office LTSC 2024 for 32-bit editions <https://aka.ms/OfficeSecurityReleases Microsoft Office LTSC 2024 for 32-bit editions	<https://aka.ms/OfficeSecurityReleases	Vendor Fix fix
Microsoft Office LTSC 2021 for 32-bit editions <https://aka.ms/OfficeSecurityReleases Microsoft Office LTSC 2021 for 32-bit editions	<https://aka.ms/OfficeSecurityReleases	Vendor Fix fix
Microsoft Office LTSC 2021 for 64-bit editions <https://aka.ms/OfficeSecurityReleases Microsoft Office LTSC 2021 for 64-bit editions	<https://aka.ms/OfficeSecurityReleases	Vendor Fix fix
Microsoft Office LTSC for Mac 2021 <16.106.26020821 Microsoft Office LTSC for Mac 2021	<16.106.26020821	Vendor Fix fix
Microsoft 365 Apps for Enterprise for 64-bit Systems <https://aka.ms/OfficeSecurityReleases Microsoft 365 Apps for Enterprise for 64-bit Systems	<https://aka.ms/OfficeSecurityReleases	Vendor Fix fix
Microsoft 365 Apps for Enterprise for 32-bit Systems <https://aka.ms/OfficeSecurityReleases Microsoft 365 Apps for Enterprise for 32-bit Systems	<https://aka.ms/OfficeSecurityReleases	Vendor Fix fix
Microsoft Office 2019 for 64-bit editions <https://aka.ms/OfficeSecurityReleases Microsoft Office 2019 for 64-bit editions	<https://aka.ms/OfficeSecurityReleases	Vendor Fix fix
Microsoft Office 2019 for 32-bit editions <https://aka.ms/OfficeSecurityReleases Microsoft Office 2019 for 32-bit editions	<https://aka.ms/OfficeSecurityReleases	Vendor Fix fix
Office Online Server <16.0.10417.20097 Office Online Server	<16.0.10417.20097	Vendor Fix fix
Microsoft Excel 2016 (64-bit edition) <16.0.5539.1002 Microsoft Excel 2016 (64-bit edition)	<16.0.5539.1002	Vendor Fix fix
Microsoft Excel 2016 (32-bit edition) <16.0.5539.1002 Microsoft Excel 2016 (32-bit edition)	<16.0.5539.1002	Vendor Fix fix

Threats

Impact Information Disclosure

Exploit Status Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely

References

7 references

URL	Category
https://msrc.microsoft.com/update-guide/vulnerabi…	self
https://msrc.microsoft.com/csaf/advisories/2026/m…	self
https://www.microsoft.com/en-us/msrc/exploitabili…	external
https://support.microsoft.com/lifecycle	external
https://www.first.org/cvss	external
https://msrc.microsoft.com/update-guide/vulnerabi…	self
https://msrc.microsoft.com/csaf/advisories/2026/m…	self

Acknowledgments

0ccbbf129444eb66344ccafb92b00df4

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "0ccbbf129444eb66344ccafb92b00df4"
        ]
      }
    ],
    "aggregate_severity": {
      "namespace": "https://www.microsoft.com/en-us/msrc/security-update-severity-rating-system",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      },
      {
        "category": "general",
        "text": "Required. The vulnerability documented by this CVE requires customer action to resolve.",
        "title": "Customer Action"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2026-21261 Microsoft Excel Information Disclosure Vulnerability - HTML",
        "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21261"
      },
      {
        "category": "self",
        "summary": "CVE-2026-21261 Microsoft Excel Information Disclosure Vulnerability - CSAF",
        "url": "https://msrc.microsoft.com/csaf/advisories/2026/msrc_cve-2026-21261.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Exploitability Index",
        "url": "https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "Microsoft Excel Information Disclosure Vulnerability",
    "tracking": {
      "current_release_date": "2026-02-10T08:00:00.000Z",
      "generator": {
        "date": "2026-02-17T19:14:15.353Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2026-21261",
      "initial_release_date": "2026-02-10T08:00:00.000Z",
      "revision_history": [
        {
          "date": "2026-02-10T08:00:00.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c16.0.10417.20097",
            "product": {
              "name": "Office Online Server \u003c16.0.10417.20097",
              "product_id": "11"
            }
          },
          {
            "category": "product_version",
            "name": "16.0.10417.20097",
            "product": {
              "name": "Office Online Server 16.0.10417.20097",
              "product_id": "10836"
            }
          }
        ],
        "category": "product_name",
        "name": "Office Online Server"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003chttps://aka.ms/OfficeSecurityReleases",
            "product": {
              "name": "Microsoft Office 2019 for 32-bit editions \u003chttps://aka.ms/OfficeSecurityReleases",
              "product_id": "10"
            }
          },
          {
            "category": "product_version",
            "name": "https://aka.ms/OfficeSecurityReleases",
            "product": {
              "name": "Microsoft Office 2019 for 32-bit editions https://aka.ms/OfficeSecurityReleases",
              "product_id": "11573"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft Office 2019 for 32-bit editions"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003chttps://aka.ms/OfficeSecurityReleases",
            "product": {
              "name": "Microsoft Office 2019 for 64-bit editions \u003chttps://aka.ms/OfficeSecurityReleases",
              "product_id": "9"
            }
          },
          {
            "category": "product_version",
            "name": "https://aka.ms/OfficeSecurityReleases",
            "product": {
              "name": "Microsoft Office 2019 for 64-bit editions https://aka.ms/OfficeSecurityReleases",
              "product_id": "11574"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft Office 2019 for 64-bit editions"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003chttps://aka.ms/OfficeSecurityReleases",
            "product": {
              "name": "Microsoft 365 Apps for Enterprise for 32-bit Systems \u003chttps://aka.ms/OfficeSecurityReleases",
              "product_id": "8"
            }
          },
          {
            "category": "product_version",
            "name": "https://aka.ms/OfficeSecurityReleases",
            "product": {
              "name": "Microsoft 365 Apps for Enterprise for 32-bit Systems https://aka.ms/OfficeSecurityReleases",
              "product_id": "11762"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft 365 Apps for Enterprise for 32-bit Systems"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003chttps://aka.ms/OfficeSecurityReleases",
            "product": {
              "name": "Microsoft 365 Apps for Enterprise for 64-bit Systems \u003chttps://aka.ms/OfficeSecurityReleases",
              "product_id": "7"
            }
          },
          {
            "category": "product_version",
            "name": "https://aka.ms/OfficeSecurityReleases",
            "product": {
              "name": "Microsoft 365 Apps for Enterprise for 64-bit Systems https://aka.ms/OfficeSecurityReleases",
              "product_id": "11763"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft 365 Apps for Enterprise for 64-bit Systems"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c16.106.26020821",
            "product": {
              "name": "Microsoft Office LTSC for Mac 2021 \u003c16.106.26020821",
              "product_id": "6"
            }
          },
          {
            "category": "product_version",
            "name": "16.106.26020821",
            "product": {
              "name": "Microsoft Office LTSC for Mac 2021 16.106.26020821",
              "product_id": "11951"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft Office LTSC for Mac 2021"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003chttps://aka.ms/OfficeSecurityReleases",
            "product": {
              "name": "Microsoft Office LTSC 2021 for 64-bit editions \u003chttps://aka.ms/OfficeSecurityReleases",
              "product_id": "5"
            }
          },
          {
            "category": "product_version",
            "name": "https://aka.ms/OfficeSecurityReleases",
            "product": {
              "name": "Microsoft Office LTSC 2021 for 64-bit editions https://aka.ms/OfficeSecurityReleases",
              "product_id": "11952"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft Office LTSC 2021 for 64-bit editions"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003chttps://aka.ms/OfficeSecurityReleases",
            "product": {
              "name": "Microsoft Office LTSC 2021 for 32-bit editions \u003chttps://aka.ms/OfficeSecurityReleases",
              "product_id": "4"
            }
          },
          {
            "category": "product_version",
            "name": "https://aka.ms/OfficeSecurityReleases",
            "product": {
              "name": "Microsoft Office LTSC 2021 for 32-bit editions https://aka.ms/OfficeSecurityReleases",
              "product_id": "11953"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft Office LTSC 2021 for 32-bit editions"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003chttps://aka.ms/OfficeSecurityReleases",
            "product": {
              "name": "Microsoft Office LTSC 2024 for 32-bit editions \u003chttps://aka.ms/OfficeSecurityReleases",
              "product_id": "3"
            }
          },
          {
            "category": "product_version",
            "name": "https://aka.ms/OfficeSecurityReleases",
            "product": {
              "name": "Microsoft Office LTSC 2024 for 32-bit editions https://aka.ms/OfficeSecurityReleases",
              "product_id": "12420"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft Office LTSC 2024 for 32-bit editions"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003chttps://aka.ms/OfficeSecurityReleases",
            "product": {
              "name": "Microsoft Office LTSC 2024 for 64-bit editions \u003chttps://aka.ms/OfficeSecurityReleases",
              "product_id": "2"
            }
          },
          {
            "category": "product_version",
            "name": "https://aka.ms/OfficeSecurityReleases",
            "product": {
              "name": "Microsoft Office LTSC 2024 for 64-bit editions https://aka.ms/OfficeSecurityReleases",
              "product_id": "12421"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft Office LTSC 2024 for 64-bit editions"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c16.106.26020821",
            "product": {
              "name": "Microsoft Office LTSC for Mac 2024 \u003c16.106.26020821",
              "product_id": "1"
            }
          },
          {
            "category": "product_version",
            "name": "16.106.26020821",
            "product": {
              "name": "Microsoft Office LTSC for Mac 2024 16.106.26020821",
              "product_id": "12440"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft Office LTSC for Mac 2024"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c16.0.5539.1002",
            "product": {
              "name": "Microsoft Excel 2016 (32-bit edition) \u003c16.0.5539.1002",
              "product_id": "13"
            }
          },
          {
            "category": "product_version",
            "name": "16.0.5539.1002",
            "product": {
              "name": "Microsoft Excel 2016 (32-bit edition) 16.0.5539.1002",
              "product_id": "10739"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft Excel 2016 (32-bit edition)"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c16.0.5539.1002",
            "product": {
              "name": "Microsoft Excel 2016 (64-bit edition) \u003c16.0.5539.1002",
              "product_id": "12"
            }
          },
          {
            "category": "product_version",
            "name": "16.0.5539.1002",
            "product": {
              "name": "Microsoft Excel 2016 (64-bit edition) 16.0.5539.1002",
              "product_id": "10740"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft Excel 2016 (64-bit edition)"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-21261",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "general",
          "text": "Microsoft",
          "title": "Assigning CNA"
        },
        {
          "category": "faq",
          "text": "No, the Preview Pane is not an attack vector.",
          "title": "Is the Preview Pane an attack vector for this vulnerability?"
        },
        {
          "category": "faq",
          "text": "An attacker must send a user a malicious Office file and convince them to open it.",
          "title": "According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?"
        },
        {
          "category": "faq",
          "text": "An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.",
          "title": "What type of information could be disclosed by this vulnerability?"
        }
      ],
      "product_status": {
        "fixed": [
          "10739",
          "10740",
          "10836",
          "11573",
          "11574",
          "11762",
          "11763",
          "11951",
          "11952",
          "11953",
          "12420",
          "12421",
          "12440"
        ],
        "known_affected": [
          "1",
          "2",
          "3",
          "4",
          "5",
          "6",
          "7",
          "8",
          "9",
          "10",
          "11",
          "12",
          "13"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-21261 Microsoft Excel Information Disclosure Vulnerability - HTML",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21261"
        },
        {
          "category": "self",
          "summary": "CVE-2026-21261 Microsoft Excel Information Disclosure Vulnerability - CSAF",
          "url": "https://msrc.microsoft.com/csaf/advisories/2026/msrc_cve-2026-21261.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-02-10T08:00:00.000Z",
          "details": "16.0.10417.20097:Security Update:https://support.microsoft.com/help/5002835",
          "product_ids": [
            "11"
          ],
          "url": "https://support.microsoft.com/help/5002835"
        },
        {
          "category": "vendor_fix",
          "date": "2026-02-10T08:00:00.000Z",
          "details": "https://aka.ms/OfficeSecurityReleases:Security Update:https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates",
          "product_ids": [
            "10",
            "9",
            "8",
            "7",
            "5",
            "4",
            "3",
            "2"
          ],
          "url": "https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates"
        },
        {
          "category": "vendor_fix",
          "date": "2026-02-10T08:00:00.000Z",
          "details": "16.106.26020821:Security Update:https://go.microsoft.com/fwlink/p/?linkid=831049",
          "product_ids": [
            "6",
            "1"
          ],
          "url": "https://go.microsoft.com/fwlink/p/?linkid=831049"
        },
        {
          "category": "vendor_fix",
          "date": "2026-02-10T08:00:00.000Z",
          "details": "16.0.5539.1002:Security Update:https://support.microsoft.com/help/5002837",
          "product_ids": [
            "13",
            "12"
          ],
          "url": "https://support.microsoft.com/help/5002837"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "environmentalsScore": 0.0,
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 4.8,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8",
            "9",
            "10",
            "11",
            "12",
            "13"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Information Disclosure"
        },
        {
          "category": "exploit_status",
          "details": "Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely"
        }
      ],
      "title": "Microsoft Excel Information Disclosure Vulnerability"
    }
  ]
}

NCSC-2026-0058

Vulnerability from csaf_ncscnl - Published: 2026-02-10 19:11 - Updated: 2026-02-10 19:11

Summary

Kwetsbaarheden verholpen in Microsoft Office

Notes

The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions: NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein. NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory. This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.

Feiten: Microsoft heeft kwetsbaarheden verholpen in Office componenten.

Interpretaties: Een kwaadwillende kan de kwetsbaarheden misbruiken om beveiligingsmaatregelen te omzeilen, zoch voor te doen als andere gebruiker en zich zo verhoogde rechten toe te kennen en toegang te krijgen tot gevoelige gegevens. Voor succesvol misbruik moet de kwaadwillende het slachtoffer misleiden en malafide bestand te openen of link te volgen. Van de kwetsbaarheid met kenmerk CVE-2026-21511 meldt Microsoft informatie te hebben dat deze besproken wordt op fora. De kwetsbaarheid stelt een kwaadwillende in staat om middels een malafide bericht een NTLM-authenticatie te initiëren naar een server onder controle van de kwaadwillende, waarmee de kwaadwillende authenticatiegegevens kan bemachtigen. Er is (nog) geen publieke Proof-of-Concept-code beschikbaar en misbruik vereist een speciaal ingerichte server. Grootschalig misbruik is hiermee niet waarschijnlijk. ``` Microsoft Office Word: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-21514 | 7.80 | Omzeilen van beveiligingsmaatregel | |----------------|------|-------------------------------------| Microsoft Office Excel: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-21259 | 7.30 | Verkrijgen van verhoogde rechten | | CVE-2026-21258 | 5.50 | Toegang tot gevoelige gegevens | | CVE-2026-21261 | 5.50 | Toegang tot gevoelige gegevens | |----------------|------|-------------------------------------| Microsoft Office Outlook: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-21260 | 7.50 | Voordoen als andere gebruiker | | CVE-2026-21511 | 7.50 | Voordoen als andere gebruiker | |----------------|------|-------------------------------------| ```

Oplossingen: Microsoft heeft updates beschikbaar gesteld waarmee de beschreven kwetsbaarheden worden verholpen. We raden u aan om deze updates te installeren. Meer informatie over de kwetsbaarheden, de installatie van de updates en eventuele work-arounds vindt u op: https://portal.msrc.microsoft.com/en-us/security-guidance

Kans: medium

Schade: high

CWE-20: Improper Input Validation

CWE-122: Heap-based Buffer Overflow

CWE-125: Out-of-bounds Read

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CWE-502: Deserialization of Untrusted Data

CWE-807: Reliance on Untrusted Inputs in a Security Decision

CVE-2026-21259

A heap-based buffer overflow vulnerability in Microsoft Office Excel allows unauthorized attackers to locally elevate their privileges.

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE-122 - Heap-based Buffer Overflow

Affected products

Known affected 25 products

Product	Identifier	Version	Remediation
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Outlook 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Outlook 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Outlook 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Enterprise Server 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server Subscription Edition		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Word 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Word 2016 (32-bit edition)		vers:unknown/*

CVE-2026-21258

Improper input validation in Microsoft Office Excel can allow unauthorized attackers to locally disclose sensitive information.

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

CWE-125 - Out-of-bounds Read

Affected products

Known affected 25 products

Product	Identifier	Version	Remediation
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Outlook 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Outlook 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Outlook 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Enterprise Server 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server Subscription Edition		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Word 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Word 2016 (32-bit edition)		vers:unknown/*

CVE-2026-21261

An out-of-bounds read vulnerability in Microsoft Office Excel allows unauthorized attackers to locally disclose sensitive information.

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

CWE-125 - Out-of-bounds Read

Affected products

Known affected 25 products

Product	Identifier	Version	Remediation
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Outlook 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Outlook 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Outlook 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Enterprise Server 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server Subscription Edition		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Word 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Word 2016 (32-bit edition)		vers:unknown/*

CVE-2026-21260

A vulnerability in Microsoft Office Outlook allows unauthorized attackers to exploit sensitive information, facilitating spoofing attacks over a network.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Known affected 25 products

Product	Identifier	Version	Remediation
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Outlook 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Outlook 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Outlook 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Enterprise Server 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server Subscription Edition		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Word 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Word 2016 (32-bit edition)		vers:unknown/*

CVE-2026-21511

Deserialization of untrusted data in Microsoft Office Outlook can allow attackers to execute spoofing attacks over a network.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

CWE-502 - Deserialization of Untrusted Data

Affected products

Known affected 25 products

Product	Identifier	Version	Remediation
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Outlook 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Outlook 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Outlook 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Enterprise Server 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server Subscription Edition		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Word 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Word 2016 (32-bit edition)		vers:unknown/*

CVE-2026-21514

Microsoft Office Word contains a vulnerability that allows unauthorized attackers to elevate privileges locally by exploiting untrusted inputs in security decisions.

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C

CWE-807 - Reliance on Untrusted Inputs in a Security Decision

Affected products

Known affected 25 products

Product	Identifier	Version	Remediation
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Outlook 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Outlook 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Outlook 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Enterprise Server 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server Subscription Edition		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Word 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Word 2016 (32-bit edition)		vers:unknown/*

References

6 references

URL	Category
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "Microsoft heeft kwetsbaarheden verholpen in Office componenten.",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "Een kwaadwillende kan de kwetsbaarheden misbruiken om beveiligingsmaatregelen te omzeilen, zoch voor te doen als andere gebruiker en zich zo verhoogde rechten toe te kennen en toegang te krijgen tot gevoelige gegevens.\n\nVoor succesvol misbruik moet de kwaadwillende het slachtoffer misleiden en malafide bestand te openen of link te volgen.\n\nVan de kwetsbaarheid met kenmerk CVE-2026-21511 meldt Microsoft informatie te hebben dat deze besproken wordt op fora. De kwetsbaarheid stelt een kwaadwillende in staat om middels een malafide bericht een NTLM-authenticatie te initi\u00ebren naar een server onder controle van de kwaadwillende, waarmee de kwaadwillende authenticatiegegevens kan bemachtigen. Er is (nog) geen publieke Proof-of-Concept-code beschikbaar en misbruik vereist een speciaal ingerichte server. Grootschalig misbruik is hiermee niet waarschijnlijk.\n\n```\nMicrosoft Office Word: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-21514 | 7.80 | Omzeilen van beveiligingsmaatregel  | \n|----------------|------|-------------------------------------|\n\nMicrosoft Office Excel: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-21259 | 7.30 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-21258 | 5.50 | Toegang tot gevoelige gegevens      | \n| CVE-2026-21261 | 5.50 | Toegang tot gevoelige gegevens      | \n|----------------|------|-------------------------------------|\n\nMicrosoft Office Outlook: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-21260 | 7.50 | Voordoen als andere gebruiker       | \n| CVE-2026-21511 | 7.50 | Voordoen als andere gebruiker       | \n|----------------|------|-------------------------------------|\n```",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "Microsoft heeft updates beschikbaar gesteld waarmee de beschreven kwetsbaarheden worden verholpen. We raden u aan om deze updates te installeren. Meer informatie over de kwetsbaarheden, de installatie van de updates en eventuele work-arounds vindt u op:\n\nhttps://portal.msrc.microsoft.com/en-us/security-guidance",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Improper Input Validation",
        "title": "CWE-20"
      },
      {
        "category": "general",
        "text": "Heap-based Buffer Overflow",
        "title": "CWE-122"
      },
      {
        "category": "general",
        "text": "Out-of-bounds Read",
        "title": "CWE-125"
      },
      {
        "category": "general",
        "text": "Exposure of Sensitive Information to an Unauthorized Actor",
        "title": "CWE-200"
      },
      {
        "category": "general",
        "text": "Deserialization of Untrusted Data",
        "title": "CWE-502"
      },
      {
        "category": "general",
        "text": "Reliance on Untrusted Inputs in a Security Decision",
        "title": "CWE-807"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "title": "Kwetsbaarheden verholpen in Microsoft Office",
    "tracking": {
      "current_release_date": "2026-02-10T19:11:42.825147Z",
      "generator": {
        "date": "2025-08-04T16:30:00Z",
        "engine": {
          "name": "V.A.",
          "version": "1.3"
        }
      },
      "id": "NCSC-2026-0058",
      "initial_release_date": "2026-02-10T19:11:42.825147Z",
      "revision_history": [
        {
          "date": "2026-02-10T19:11:42.825147Z",
          "number": "1.0.0",
          "summary": "Initiele versie"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-1"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft 365 Apps for Enterprise"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-2"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft 365 Apps for Enterprise for 32-bit Systems"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-3"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft 365 Apps for Enterprise for 64-bit Systems"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-4"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Excel 2016"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-5"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Excel 2016 (32-bit edition)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-6"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Excel 2016 (64-bit edition)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-7"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Office 2019"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-8"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Office 2019 for 32-bit editions"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-9"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Office 2019 for 64-bit editions"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-10"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Office LTSC 2021"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-11"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Office LTSC 2021 for 32-bit editions"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-12"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Office LTSC 2021 for 64-bit editions"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-13"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Office LTSC 2024"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-14"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Office LTSC 2024 for 32-bit editions"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-15"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Office LTSC 2024 for 64-bit editions"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-16"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Office LTSC for Mac 2021"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-17"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Office LTSC for Mac 2024"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-18"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Outlook 2016"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-19"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Outlook 2016 (32-bit edition)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-20"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Outlook 2016 (64-bit edition)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-21"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft SharePoint Enterprise Server 2016"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-22"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft SharePoint Server 2019"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-23"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft SharePoint Server Subscription Edition"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-24"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Word 2016"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-25"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Word 2016 (32-bit edition)"
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-21259",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "other",
          "text": "Heap-based Buffer Overflow",
          "title": "CWE-122"
        },
        {
          "category": "description",
          "text": "A heap-based buffer overflow vulnerability in Microsoft Office Excel allows unauthorized attackers to locally elevate their privileges.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-21259 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21259.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25"
          ]
        }
      ],
      "title": "CVE-2026-21259"
    },
    {
      "cve": "CVE-2026-21258",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Read",
          "title": "CWE-125"
        },
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        },
        {
          "category": "description",
          "text": "Improper input validation in Microsoft Office Excel can allow unauthorized attackers to locally disclose sensitive information.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-21258 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21258.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25"
          ]
        }
      ],
      "title": "CVE-2026-21258"
    },
    {
      "cve": "CVE-2026-21261",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Read",
          "title": "CWE-125"
        },
        {
          "category": "description",
          "text": "An out-of-bounds read vulnerability in Microsoft Office Excel allows unauthorized attackers to locally disclose sensitive information.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-21261 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21261.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25"
          ]
        }
      ],
      "title": "CVE-2026-21261"
    },
    {
      "cve": "CVE-2026-21260",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "other",
          "text": "Exposure of Sensitive Information to an Unauthorized Actor",
          "title": "CWE-200"
        },
        {
          "category": "description",
          "text": "A vulnerability in Microsoft Office Outlook allows unauthorized attackers to exploit sensitive information, facilitating spoofing attacks over a network.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-21260 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21260.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25"
          ]
        }
      ],
      "title": "CVE-2026-21260"
    },
    {
      "cve": "CVE-2026-21511",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "notes": [
        {
          "category": "other",
          "text": "Deserialization of Untrusted Data",
          "title": "CWE-502"
        },
        {
          "category": "description",
          "text": "Deserialization of untrusted data in Microsoft Office Outlook can allow attackers to execute spoofing attacks over a network.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-21511 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21511.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25"
          ]
        }
      ],
      "title": "CVE-2026-21511"
    },
    {
      "cve": "CVE-2026-21514",
      "cwe": {
        "id": "CWE-807",
        "name": "Reliance on Untrusted Inputs in a Security Decision"
      },
      "notes": [
        {
          "category": "other",
          "text": "Reliance on Untrusted Inputs in a Security Decision",
          "title": "CWE-807"
        },
        {
          "category": "description",
          "text": "Microsoft Office Word contains a vulnerability that allows unauthorized attackers to elevate privileges locally by exploiting untrusted inputs in security decisions.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-21514 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21514.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25"
          ]
        }
      ],
      "title": "CVE-2026-21514"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-21261 (GCVE-0-2026-21261)

BDU:2026-01810

CERTFR-2026-AVI-0149

Solutions

CNVD-2026-12553

FKIE_CVE-2026-21261

GHSA-4J53-HJH6-2XW6

MSRC_CVE-2026-21261

NCSC-2026-0058

Tags

Sightings

Nomenclature