VDB
CVE-2026-21258
CVE-2026-21258
PUBLISHED
CVSS 5.5 MEDIUM
Improper input validation in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
EPSS 0.06% · 19.7th percentile
Risk Scores
CVSS 3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
EPSS Score
0.06%
19.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| microsoft | office_online_server | 0, 0, 0 |
| Microsoft | Microsoft Office LTSC 2024 | 16.0.0, 16.0.0 |
| Microsoft | Microsoft Office LTSC for Mac 2021 | 16.0.1, 16.0.1 |
| Microsoft | Microsoft Office 2019 | 19.0.0, 19.0.0 |
| Microsoft | Microsoft Excel 2016 | 16.0.0.0, 16.0.0.0 |
| Microsoft | Microsoft Office LTSC for Mac 2024 | 16.0.0, 16.0.0 |
| Microsoft | Microsoft 365 Apps for Enterprise | 16.0.1, 16.0.1 |
| microsoft | excel_2016 | 16.0.0.0, 16.0.0.0 |
| microsoft | office_2021 | 16.0.1, 16.0.1, 16.0.0.0 |
| microsoft | office | 2019, 2019, 2019 |
| microsoft | office_2024 | 16.0.0, 16.0.0 |
| microsoft | office_long_term_servicing_channel | 2024, 2024, 2021 |
| Microsoft | Microsoft Office LTSC 2021 | 16.0.1, 16.0.1 |
| microsoft | excel | 2016, 2016, 2016 |
| Microsoft | Office Online Server | 16.0.0.0, 16.0.0.0 |
| microsoft | office_2019 | 19.0.0, 19.0.0 |
| microsoft | 365_apps | 16.0.1, 16.0.1 |
| microsoft | office_macos_2021 | 16.0.1, 16.0.1 |
| microsoft | office_macos_2024 | 16.0.0, 16.0.0 |
Exploit Intelligence
- https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1 (msrc)
- CIRCL seen: CVE-2026-21258 (circl-sighting)
- CIRCL seen: CVE-2026-21258 (circl-sighting)
- CIRCL seen: CVE-2026-21258 (circl-sighting)
- CIRCL seen: CVE-2026-21258 (circl-sighting)
- CIRCL seen: CVE-2026-21258 (circl-sighting)
- CIRCL seen: CVE-2026-21258 (circl-sighting)
- Microsoft Excel Information Disclosure Vulnerability (circl)
Timeline
- Feb 10, 2026 CVE Published
- Feb 10, 2026 PoC Published
- Feb 10, 2026 PoC Published
- Feb 11, 2026 EPSS Score
- Feb 11, 2026 PoC Published
- Feb 11, 2026 CVE Updated
- Feb 13, 2026 EPSS Score
- Feb 13, 2026 PoC Published
- Feb 13, 2026 PoC Published
- Feb 13, 2026 PoC Published
- Feb 15, 2026 EPSS Score
- Feb 17, 2026 EPSS Score
References
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21259 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21261 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21258 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21514 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21260 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21511 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-21258 advisory