支持本站 — 捐款将帮助我们持续运营

目标: 1000 元,已筹: 1000

100.0%
立即捐款
获取后续新漏洞提醒登录后订阅
一、 漏洞 CVE-2026-21509 基础信息
漏洞信息
对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗

尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。

Vulnerability Title
Microsoft Office Security Feature Bypass Vulnerability
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally.
来源: 美国国家漏洞数据库 NVD
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
在安全决策中依赖未经信任的输入
来源: 美国国家漏洞数据库 NVD
Vulnerability Title
Microsoft Office 安全漏洞
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Description
Microsoft Office是美国微软(Microsoft)公司的一款办公软件套件产品。该产品常用组件包括Word、Excel、Access、Powerpoint、FrontPage等。 Microsoft Office存在安全漏洞,该漏洞源于安全决策依赖不可信输入,可能导致本地攻击者绕过安全功能。
来源: 中国国家信息安全漏洞库 CNNVD
CVSS Information
N/A
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Type
N/A
来源: 中国国家信息安全漏洞库 CNNVD
受影响产品
厂商产品影响版本CPE订阅
MicrosoftMicrosoft 365 Apps for Enterprise 16.0.1 ~ https://aka.ms/OfficeSecurityReleases -
MicrosoftMicrosoft Office 2016 16.0.0 ~ 16.0.5539.1001 -
MicrosoftMicrosoft Office 2019 19.0.0 ~ 16.0.10417.20095 -
MicrosoftMicrosoft Office LTSC 2021 16.0.1 ~ https://aka.ms/OfficeSecurityReleases -
MicrosoftMicrosoft Office LTSC 2024 16.0.0 ~ https://aka.ms/OfficeSecurityReleases -
二、漏洞 CVE-2026-21509 的公开POC
#POC 描述源链接神龙链接
1CVE-2026-21509https://github.com/kimstars/Ashwesker-CVE-2026-21509POC详情
2Educational PoC for CVE‑2026‑21509 (Microsoft Office security feature bypass). Generates a harmless DOCX with dummy OLE artifacts to study EDR/AV visibility. Not an exploit. For isolated labs only; see README for 7‑Zip inspection steps and mitigation references.https://github.com/gavz/CVE-2026-21509-PoCPOC详情
3Powershell script with Detection and Remediation for CVE-2026-21509https://github.com/ksk-itdk/KSK-ITDK-CVE-2026-21509-MitigationPOC详情
4New Physics Disclosure This repository contains a full weaponized exploit for **CVE-2026-21509**, targeting the Windows Network File System (NFSv4.1) kernel-mode driver (`nfssvr.sys`). https://github.com/SimoesCTT/CTT-NFS-Vortex-RCEPOC详情
5Microsoft just released emergency patches for CVE-2026-21509, a zero-day in the Office Suite that bypasses OLE/COM mitigations when a user simply opens a file. They think their "Service-side change" for Office 2021+ is a solid wall. https://github.com/SimoesCTT/SCTT-2026-33-0007-The-OLE-Vortex-Laminar-Bypass-POC详情
6CVE-2026-21509 is a critical bypass in the Microsoft Office OLE (Object Linking and Embedding) validation engine. While standard "laminar" exploits attempt to manipulate static COM objects, this repository utilizes Theorem 4.2 to achieve a speculative race-condition bypass of the Object Definition Rule (ODR).https://github.com/SimoesCTT/CTT-MICROSOFT-OFFICE-OLE-MANIFOLD-BYPASS-CVE-2026-21509POC详情
7YARA rule and python script to detect potential exploits for the CVE-2026-21509 vulnerability in MS Officehttps://github.com/decalage2/detect_CVE-2026-21509POC详情
8Nonehttps://github.com/kaizensecurity/CVE-2026-21509POC详情
9CVE-2026-21509 Mitigationhttps://github.com/planetoid/cve-2026-21509-mitigationPOC详情
AI 生成 POC高级

未找到公开 POC。

登录以生成 AI POC
三、漏洞 CVE-2026-21509 的情报信息
Please 登录 to view more intelligence information
四、漏洞 CVE-2026-21509 的评论

暂无评论

发表评论