cve 2026 21509

CVE-2026-21509 is a security-feature-bypass vulnerability affecting Microsoft Office. Microsoft has published guidance and an immediate mitigation for this issue, which administrators should apply while patches are rolled out. The vulnerability allows an attacker to cause Office to load or activate a COM/ActiveX control, bypassing security features. The recommended mitigation involves applying a registry kill bit to disable the vulnerable component. This tag covers discussions about the vulnerability, its impact, and step-by-step instructions for implementing the registry-based fix to protect Office installations until an official patch is available.