CVE-2026-21514 - Vulnerability Details

Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is in the KEV database since yesterday.

No EPSS score available.

Exploitation active

Automatable no

Technical Impact total

Vendors	Products
Microsoft	365 Apps Office 2021 Office 2024 Office Macos 2021 Office Macos 2024

No data.

References

Link	Providers
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21514
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21514

History

Tue, 10 Feb 2026 20:15:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21514
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 10 Feb 2026 19:00:00 +0000

Type	Values Removed	Values Added
Metrics		kev `{'dateAdded': '2026-02-10T00:00:00+00:00', 'dueDate': '2026-03-03T00:00:00+00:00'}`

Tue, 10 Feb 2026 18:15:00 +0000

Type	Values Removed	Values Added
Description		Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally.
Title		Microsoft Word Security Feature Bypass Vulnerability
First Time appeared		Microsoft Microsoft 365 Apps Microsoft office 2021 Microsoft office 2024 Microsoft office Macos 2021 Microsoft office Macos 2024
Weaknesses		CWE-807
CPEs		cpe:2.3:a:microsoft:365_apps:::::enterprise:::* cpe:2.3:a:microsoft:office_2021:::::long_term_servicing_channel:::* cpe:2.3:a:microsoft:office_2024:::::long_term_servicing_channel:::* cpe:2.3:a:microsoft:office_macos_2021::::::long_term_servicing_channel::* cpe:2.3:a:microsoft:office_macos_2024::::::long_term_servicing_channel::*
Vendors & Products		Microsoft Microsoft 365 Apps Microsoft office 2021 Microsoft office 2024 Microsoft office Macos 2021 Microsoft office Macos 2024
References		https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21514
Metrics		cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C'}`

MITRE

Status: PUBLISHED

Assigner: microsoft

Published: 2026-02-10T17:51:34.153Z

Updated: 2026-02-10T23:20:25.940Z

Reserved: 2025-12-30T18:10:54.845Z

Link: CVE-2026-21514

Vulnrichment

Updated: 2026-02-10T18:24:47.129Z

NVD

Status : Awaiting Analysis

Published: 2026-02-10T18:16:33.803

Modified: 2026-02-10T21:51:48.077

Link: CVE-2026-21514

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Exploitation active

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object