cbcvebase.
CVE-2026-21260
published 2026-02-10

CVE-2026-21260: Exposure of sensitive information to an unauthorized actor in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network.

high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
Exposure of sensitive information to an unauthorized actor in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network.

Affected

27 ranges· showing 25
VendorProductVersion rangeFixed in
microsoftmicrosoft_365_apps_for_enterprise>= 16.0.1 < https://aka.ms/OfficeSecurityReleaseshttps://aka.ms/OfficeSecurityReleases
microsoftmicrosoft_office_2019>= 19.0.0 < https://aka.ms/OfficeSecurityReleaseshttps://aka.ms/OfficeSecurityReleases
microsoftmicrosoft_office_ltsc_2021>= 16.0.1 < https://aka.ms/OfficeSecurityReleaseshttps://aka.ms/OfficeSecurityReleases
microsoftmicrosoft_office_ltsc_2024>= 16.0.0 < https://aka.ms/OfficeSecurityReleaseshttps://aka.ms/OfficeSecurityReleases
microsoftmicrosoft_outlook_2016>= 16.0.0.0 < 16.0.5539.100216.0.5539.1002
microsoftmicrosoft_sharepoint_enterprise_server_2016>= 16.0.0 < 16.0.5539.100216.0.5539.1002
microsoftmicrosoft_sharepoint_server_2019>= 16.0.0 < 16.0.10417.2009716.0.10417.20097
microsoftmicrosoft_sharepoint_server_subscription_edition>= 16.0.0 < 16.0.19127.2051816.0.19127.20518
microsoftoffice
microsoftoffice_long_term_servicing_channel
microsoftoffice_long_term_servicing_channel
microsoftoutlook
microsoftsharepoint_server< 16.0.19127.2051816.0.19127.20518
microsoftsharepoint_server
microsoftsharepoint_server
msrcmicrosoft_365_apps_for_enterprise_for_32-bit_systems
msrcmicrosoft_365_apps_for_enterprise_for_64-bit_systems
msrcmicrosoft_office_2019_for_32-bit_editions
msrcmicrosoft_office_2019_for_64-bit_editions
msrcmicrosoft_office_ltsc_2021_for_32-bit_editions
msrcmicrosoft_office_ltsc_2021_for_64-bit_editions
msrcmicrosoft_office_ltsc_2024_for_32-bit_editions
msrcmicrosoft_office_ltsc_2024_for_64-bit_editions
msrcmicrosoft_outlook_2016
msrcmicrosoft_sharepoint_enterprise_server_2016