CVE-2026-21509

Analyzed

Published: 26 Jan 2026, 17:06

Last modified:30 Jan 2026, 03:40

Vulnerability Summary

Overall Risk (default)

medium

32/100

CVSS Score

7.8 HIGH

v3.1 (cve.org)

EPSS Score

2.91% LOW

3% probability 0.00%

KEV

Listed

CISA

1 listing

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

26 Jan 2026, 17:06

Published

Vulnerability first disclosed

26 Jan 2026, 00:00

Added to CISA KEV

Microsoft Office Security Feature Bypass Vulnerability

30 Jan 2026, 03:40

Last Modified

Vulnerability information updated

16 Feb 2026, 00:00

CISA Remediation Due

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Description

CVSS Metrics

EPSS Trends

Weaknesses (CWE)

KEV Details

Affected Systems

References (2)