VDB
CVE-2026-21259
CVE-2026-21259
PUBLISHED
CVSS 7.800000190734863 HIGH
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to elevate privileges locally.
EPSS 0.03% · 9.4th percentile
Risk Scores
CVSS 3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
EPSS Score
0.03%
9.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| microsoft | office_online_server | 0, 0, 0 |
| microsoft | office_2021 | 16.0.1, 16.0.1, 16.0.0.0 |
| microsoft | office | 2019, 2019, 2019 |
| Microsoft | Microsoft 365 Apps for Enterprise | 16.0.1, 16.0.1 |
| microsoft | office_2019 | 19.0.0, 19.0.0 |
| Microsoft | Microsoft Excel 2016 | 16.0.0.0, 16.0.0.0 |
| microsoft | office_2024 | 16.0.0, 16.0.0 |
| microsoft | 365_apps | 16.0.1, 16.0.1 |
| microsoft | excel | 2016, 2016, 2016 |
| Microsoft | Microsoft Office LTSC 2024 | 16.0.0, 16.0.0 |
| microsoft | office_long_term_servicing_channel | 2021, 2024, 2024 |
| Microsoft | Office Online Server | 16.0.0.0, 16.0.0.0 |
| microsoft | excel_2016 | 16.0.0.0, 16.0.0.0 |
| Microsoft | Microsoft Office LTSC 2021 | 16.0.1, 16.0.1 |
| Microsoft | Microsoft Office 2019 | 19.0.0, 19.0.0 |
Exploit Intelligence
- https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1 (msrc)
- CIRCL seen: CVE-2026-21259 (circl-sighting)
- CIRCL seen: CVE-2026-21259 (circl-sighting)
- CIRCL seen: CVE-2026-21259 (circl-sighting)
- CIRCL seen: CVE-2026-21259 (circl-sighting)
- CIRCL seen: CVE-2026-21259 (circl-sighting)
- CIRCL seen: CVE-2026-21259 (circl-sighting)
- CIRCL seen: CVE-2026-21259 (circl-sighting)
- Microsoft Excel Elevation of Privilege Vulnerability (circl)
Timeline
- Feb 10, 2026 CVE Published
- Feb 10, 2026 PoC Published
- Feb 10, 2026 PoC Published
- Feb 11, 2026 EPSS Score
- Feb 11, 2026 PoC Published
- Feb 12, 2026 PoC Published
- Feb 13, 2026 EPSS Score
- Feb 13, 2026 PoC Published
- Feb 13, 2026 PoC Published
- Feb 13, 2026 PoC Published
- Feb 15, 2026 EPSS Score
- Feb 17, 2026 EPSS Score
References
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21259 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21261 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21258 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21514 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21260 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21511 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-21259 advisory