CVE-2021-40442

ENISA EUVD: EUVD-2021-27619 ↗

✓ Confirmed 0-Day

Triaged: March 20, 2026 2 articles Published: 2021-11-10

VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗

EPSS Score

Source: FIRST.org · 2026-05-23

6.17%

probability

This CVE has a 6.17% probability of being exploited in the next 30 days.

0% Top 90.9th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)

7.8

HIGH

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Temporal

Exploit Code Maturity

Unproven

Remediation Level

Official Fix

Report Confidence

Confirmed

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CVSS v2 (legacy)

6.8

MEDIUM

Access Vector

Network

Access Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Description

NVD

Microsoft Excel Remote Code Execution Vulnerability

Affected Products

Microsoft

Microsoft SharePoint Enterprise Server 2013 Service Pack 1

15.0.0

Microsoft

Microsoft Office 2019

19.0.0

Microsoft

Microsoft Office 2019 for Mac

16.0.0

Microsoft

Microsoft Office Online Server

16.0.1

Microsoft

Microsoft 365 Apps for Enterprise

16.0.1

microsoft

365 apps

microsoft

excel

microsoft

office

microsoft

office long term servicing channel

microsoft

office online server

Microsoft

Microsoft Office LTSC for Mac 2021

16.0.1 <16.55.21111400

Microsoft

Microsoft SharePoint Enterprise Server 2013 Service Pack 1

15.0.0 <15.0.5397.1001

Microsoft

Microsoft Office LTSC 2021

16.0.1 <https://aka.ms/OfficeSecurityReleases

Microsoft

Microsoft Excel 2016

16.0.0.0 <16.0.5239.1001

Microsoft

Microsoft Excel 2013 Service Pack 1

15.0.0.0 <15.0.5397.1001

Microsoft

Microsoft Office 2019

19.0.0 <https://aka.ms/OfficeSecurityReleases

Microsoft

Microsoft Office 2019 for Mac

16.0.0 <16.55.21111400

Microsoft

Microsoft Office Online Server

16.0.1 <16.0.10380.20000

Microsoft

Microsoft Office Web Apps Server 2013 Service Pack 1

15.0.1 <15.0.5397.1001

Microsoft

Microsoft 365 Apps for Enterprise

16.0.1 <https://aka.ms/OfficeSecurityReleases

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40442

x_refsource_MISC

Signal Intelligence

Confidenceⓘ

75%

EPSS 6.17%

CVSS v3.1 7.8

Mentions 2

Last Seen Nov 10, 2021

CNA Information

CNA Assigner

microsoft

CNA Title

Microsoft Excel Remote Code Execution Vulnerability

Analyst Note

CVE-2021-40442 is explicitly named as an Excel zero-day in the first article title ('Microsoft patches Excel zero-day used in attacks'), confirming active exploitation before patch availability. The second article's November 2021 Patch Tuesday batch further corroborates the 2021 timeline and vendor response to exploitation.

Triage Info

Decided atMar 20, 2026

Published DateNov 10, 2021