Microsoft Releases Emergency Patch for Actively Exploited Zero-Day Vulnerability in Office
Microsoftzero-dayvulnerabilitysecurity patchOfficeCVE-2026-21509CVSScybersecurityexploit
Microsoft released out-of-band security patches on Monday for a high-severity zero-day vulnerability in Microsoft Office that is being actively exploited. The vulnerability, identified as CVE-2026-21509, has a CVSS score of 7.8 out of 10.0. It is described as a security feature bypass in Microsoft Office, caused by reliance on untrusted inputs in a security decision, allowing unauthorized actions.