cbcvebase.
CVE-2026-21258
published 2026-02-10

CVE-2026-21258: Improper input validation in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

medium5.5CVSS 3.1
AVLACLPRNUIRSUCHINAN
Improper input validation in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

Affected

25 ranges
VendorProductVersion rangeFixed in
microsoftexcel
microsoftmicrosoft_365_apps_for_enterprise>= 16.0.1 < https://aka.ms/OfficeSecurityReleaseshttps://aka.ms/OfficeSecurityReleases
microsoftmicrosoft_excel_2016>= 16.0.0.0 < 16.0.5539.100216.0.5539.1002
microsoftmicrosoft_office_2019>= 19.0.0 < https://aka.ms/OfficeSecurityReleaseshttps://aka.ms/OfficeSecurityReleases
microsoftmicrosoft_office_ltsc_2021>= 16.0.1 < https://aka.ms/OfficeSecurityReleaseshttps://aka.ms/OfficeSecurityReleases
microsoftmicrosoft_office_ltsc_2024>= 16.0.0 < https://aka.ms/OfficeSecurityReleaseshttps://aka.ms/OfficeSecurityReleases
microsoftmicrosoft_office_ltsc_for_mac_2021>= 16.0.1 < 16.106.2602082116.106.26020821
microsoftmicrosoft_office_ltsc_for_mac_2024>= 16.0.0 < 16.106.2602082116.106.26020821
microsoftoffice
microsoftoffice_long_term_servicing_channel
microsoftoffice_long_term_servicing_channel
microsoftoffice_online_server< 16.0.10417.2009716.0.10417.20097
microsoftoffice_online_server>= 16.0.0.0 < 16.0.10417.2009716.0.10417.20097
msrcmicrosoft_365_apps_for_enterprise_for_32-bit_systems
msrcmicrosoft_365_apps_for_enterprise_for_64-bit_systems
msrcmicrosoft_excel_2016
msrcmicrosoft_office_2019_for_32-bit_editions
msrcmicrosoft_office_2019_for_64-bit_editions
msrcmicrosoft_office_ltsc_2021_for_32-bit_editions
msrcmicrosoft_office_ltsc_2021_for_64-bit_editions
msrcmicrosoft_office_ltsc_2024_for_32-bit_editions
msrcmicrosoft_office_ltsc_2024_for_64-bit_editions
msrcmicrosoft_office_ltsc_for_mac_2021
msrcmicrosoft_office_ltsc_for_mac_2024
msrcoffice_online_server