From ec10260989dbc48b9109e3d05d22beee19cf2333 Mon Sep 17 00:00:00 2001
From: decalage2 <decalage@laposte.net>
Date: Mon, 26 Jan 2026 23:51:36 +0100
Subject: [PATCH] feat(clsid): added CLSID related to CVE-2026-21509

---
 oletools/common/clsid.py | 2 ++
 1 file changed, 2 insertions(+), 0 deletions(-)

diff --git a/oletools/common/clsid.py b/oletools/common/clsid.py
index aa758b4..6757707 100644
--- a/oletools/common/clsid.py
+++ b/oletools/common/clsid.py
@@ -192,6 +192,8 @@ KNOWN_CLSIDS = {
     'E5CA59F5-57C4-4DD8-9BD6-1DEEEDD27AF4': 'InkEd.InkEdit',
     'E8CC4CBE-FDFF-11D0-B865-00A0C9081C1D': 'MSDAORA.1 (potential exploit CVE TODO)', # TODO
     'E8CC4CBF-FDFF-11D0-B865-00A0C9081C1D': 'Loads OCI.DLL (Known Related to CVE-2015-6128)',
+    # Referenced in https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21509 :
+    'EAB22AC3-30C1-11CF-A7EB-0000C05BAE0B': 'Shell.Explorer (Known Related to CVE-2026-21509)',
     'ECABAFC6-7F19-11D2-978E-0000F8757E2A': 'New Moniker',
     'ECABAFC9-7F19-11D2-978E-0000F8757E2A': 'Loads MQRT.DLL (Known Related to CVE-2015-6128)',
     'ECABB0C7-7F19-11D2-978E-0000F8757E2A': 'SOAP Moniker (may trigger CVE-2017-8759)',
--
libgit2 0.21.4