VDB

CVE-2026-21261

CVE-2026-21261 PUBLISHED CVSS 5.5 MEDIUM

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

EPSS 0.03% · 9.5th percentile

Risk Scores

CVSS v3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
EPSS Score
0.03%
9.5th percentile

Affected Products

VendorProductVersions
microsoft365_apps16.0.1, 16.0.1
microsoftoffice_long_term_servicing_channel2021, 2021, 2024
microsoftoffice_online_server0, 0, 0
MicrosoftMicrosoft 365 Apps for Enterprise16.0.1, 16.0.1
MicrosoftOffice Online Server16.0.0.0, 16.0.0.0
MicrosoftMicrosoft Office 201919.0.0, 19.0.0
MicrosoftMicrosoft Office LTSC for Mac 202116.0.1, 16.0.1
MicrosoftMicrosoft Office LTSC 202116.0.1, 16.0.1
microsoftoffice2019, 2019, 2019
microsoftexcel2016, 2016, 2016
MicrosoftMicrosoft Office LTSC for Mac 202416.0.0, 16.0.0
microsoftoffice_201919.0.0, 19.0.0
microsoftoffice_202116.0.1, 16.0.0.0, 16.0.1
MicrosoftMicrosoft Excel 201616.0.0.0, 16.0.0.0
microsoftexcel_201616.0.0.0, 16.0.0.0
microsoftoffice_202416.0.0, 16.0.0
microsoftoffice_macos_202116.0.1, 16.0.1
MicrosoftMicrosoft Office LTSC 202416.0.0, 16.0.0
microsoftoffice_macos_202416.0.0, 16.0.0

Timeline

  • Feb 10, 2026 CVE Published
  • Feb 10, 2026 PoC Published
  • Feb 10, 2026 PoC Published
  • Feb 11, 2026 EPSS Score
  • Feb 11, 2026 PoC Published
  • Feb 11, 2026 CVE Updated
  • Feb 13, 2026 EPSS Score
  • Feb 13, 2026 PoC Published
  • Feb 13, 2026 PoC Published
  • Feb 13, 2026 PoC Published
  • Feb 15, 2026 EPSS Score
  • Feb 17, 2026 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›