CVE-2026-21514 - Vulnerability Details

Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is in the KEV database since yesterday.

No EPSS score available.

Exploitation active

Automatable no

Technical Impact total

Vendors	Products
Microsoft Subscribe	365 Apps Subscribe Office 2021 Subscribe Office 2024 Subscribe Office Macos 2021 Subscribe Office Macos 2024 Subscribe

No data.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21514
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21514

History

Tue, 10 Feb 2026 20:15:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21514
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 10 Feb 2026 19:00:00 +0000

Type	Values Removed	Values Added
Metrics		kev `{'dateAdded': '2026-02-10T00:00:00+00:00', 'dueDate': '2026-03-03T00:00:00+00:00'}`

Tue, 10 Feb 2026 18:15:00 +0000

Type	Values Removed	Values Added
Description		Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally.
Title		Microsoft Word Security Feature Bypass Vulnerability
First Time appeared		Microsoft Microsoft 365 Apps Microsoft office 2021 Microsoft office 2024 Microsoft office Macos 2021 Microsoft office Macos 2024
Weaknesses		CWE-807
CPEs		cpe:2.3:a:microsoft:365_apps:::::enterprise:::* cpe:2.3:a:microsoft:office_2021:::::long_term_servicing_channel:::* cpe:2.3:a:microsoft:office_2024:::::long_term_servicing_channel:::* cpe:2.3:a:microsoft:office_macos_2021::::::long_term_servicing_channel::* cpe:2.3:a:microsoft:office_macos_2024::::::long_term_servicing_channel::*
Vendors & Products		Microsoft Microsoft 365 Apps Microsoft office 2021 Microsoft office 2024 Microsoft office Macos 2021 Microsoft office Macos 2024
References		https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21514
Metrics		cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: microsoft

Published: 2026-02-10T17:51:34.153Z

Updated: 2026-02-11T01:14:59.773Z

Reserved: 2025-12-30T18:10:54.845Z

Link: CVE-2026-21514

Vulnrichment

Updated: 2026-02-10T18:24:47.129Z

NVD

Status : Awaiting Analysis

Published: 2026-02-10T18:16:33.803

Modified: 2026-02-10T21:51:48.077

Link: CVE-2026-21514

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-807

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Exploitation active

Automatable no

Technical Impact total

Affected Vendors & Products

Projects

JSON object

JSON object

JSON object

JSON object

JSON object