VDB

CVE-2026-21264

CVE-2026-21264 PUBLISHED CVSS 9.300000190734863 CRITICAL

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Account allows an unauthorized attacker to perform spoofing over a network.

EPSS 0.08% · 23.3th percentile

Risk Scores

CVSS 3.1
9.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C
EPSS Score
0.08%
23.3th percentile

Affected Products

VendorProductVersions
microsoftmicrososft_account-, -
MicrosoftMicrosoft Account-, -
microsoftaccount

Timeline

  • Jan 13, 2026 CVE Published
  • Jan 22, 2026 PoC Published
  • Jan 23, 2026 EPSS Score
  • Jan 23, 2026 PoC Published
  • Jan 26, 2026 EPSS Score
  • Jan 28, 2026 EPSS Score
  • Jan 31, 2026 EPSS Score
  • Feb 3, 2026 EPSS Score
  • Feb 5, 2026 EPSS Score
  • Feb 8, 2026 EPSS Score
  • Feb 11, 2026 EPSS Score
  • Feb 13, 2026 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›