VDB

GCVE-VVD-NCSC-2026-39

GCVE-VVD-NCSC-2026-39
Advisory PublishedCVSS 7.8/10
Vulnetix · Advisory published January 27, 2026
Microsoft Office has a vulnerability that allows unauthorized attackers to locally bypass security features by exploiting untrusted inputs in security decisions.
Download JSON Open in Console

Weaknesses (CWE)

CWE-807Reliance on Untrusted Inputs in a Security Decision

Risk Scores

CVSS 3.1
7.8/10
High · CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Affected Products

VendorProductVersionsPlatforms
Microsoftvers:unknown/*

Aliases

CVE-2026-21509

Transitive aliases

VVD-CISA-2026-21509NCSC-2026-0039BDU:2026-00828MSRC_CVE-2026-21509GHSA-ch84-h92g-mw93CNVD-2026-16161EUVD-2026-4666VVD-CESS-2026-21509

References

advisory
advisory
advisory

Browse GCVE Records

100 records in the GCVE database · Updated April 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

Open in Console Download JSON
$ Console Community · 100/wk Open console ›