Back to KEVs

CVE-2026-21514

Microsoft Word Security Feature Bypass Vulnerability

Basic Information

CVE State
PUBLISHED
Reserved Date
December 30, 2025
Published Date
February 10, 2026
Last Updated
May 11, 2026
Vendor
Microsoft
Product
Microsoft 365 Apps for Enterprise, Microsoft Office LTSC 2021, Microsoft Office LTSC 2024, Microsoft Office LTSC for Mac 2021, Microsoft Office LTSC for Mac 2024
Description
Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally.
Tags
cisa

CVSS Scores

CVSS v3.1

7.8 - HIGH

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C

SSVC Information

Exploitation
active
Technical Impact
total

Exploit Status

Exploited in the Wild
Yes (2026-06-01 10:50:47 UTC) Source

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21514

Known Exploited Vulnerability Information

Source Added Date
CVE 2026-06-01 10:50:47 UTC

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel