🟢 CVE-2026-21514

Security feature bypass vulnerability in Microsoft Word that allows attackers to bypass security protections when users open malicious documents. Requires local access and user interaction, making it unsuitable for direct internet exploitation despite being in CISA KEV.

← Back to Overview
LOW_RISK
Risk Level
7.8
CVSS Score
LOCAL
Attack Vector
Execution
ATT&CK Tactic
T1203 — Exploitation for Client Execution
ATT&CK Technique
VERY_LOW
Deployment Risk
No
Ransomware

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: USER_INTERACTION

CVE Published: 2026-02-10

Added to CISA KEV: 2026-02-10 0 DAY BETWEEN CVE AND KEV

🎯 Recommendations:

🔍 Web Intelligence (Kagi · 2026-06-04)

CVE-2026-21514 is a high-severity security feature bypass vulnerability in Microsoft Office Word that was disclosed on February 10, 2026?id=CVE-2026-21514?kagi_q=CVE-2026-21514 [3].

Vulnerability Overview
The vulnerability stems from a reliance on untrusted inputs when making security decisions (CWE-807) within Microsoft Word [1] [4]. Specifically, it allows attackers to bypass critical Object Linking and Embedding (OLE) security mitigations [6] [7].
Key Details
FeatureStatus / Description
Active ExploitationYes, the vulnerability was reported as being actively exploited in the wild at the time of its disclosure [5] [3]
Attack MethodLocal exploitation; typically requires a user to open a specially crafted malicious document [1] [4]
ImpactAllows bypassing security features, which can facilitate the execution of code or content that would otherwise be blocked by security policies [4]
CVSS Score7.8 (Base) [3]
Patch StatusAddressed via Microsoft’s February 2026 Patch Tuesday updates [2]
Additional Context
  • Threat Actor Usage: While the vulnerability was actively exploited in the wild, specific details regarding the threat actors or specific ransomware campaigns utilizing this flaw were not widely attributed in public reports at the time of disclosure.
  • Exploitation Requirements: Successful exploitation generally requires the target to interact with a malicious file (e.g., opening a document), making it a common vector for phishing or social engineering attacks.
  • Mitigation: Users and organizations were advised to apply the February 2026 security updates provided by Microsoft to mitigate the risk of exploitation [2].

Sources

  1. February 2026 Patch Tuesday: Updates and Analysis | CrowdStrike

    Actively Exploited and Publicly Disclosed Zero-Day Vulnerability in Microsoft Word. CVE-2026-21514 is an Important security feature bypass ...

  2. CVE-2026-21514 Detail - NVD

    Description. Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally.

  3. Microsoft Office Word 0-day Vulnerability Actively Exploited in the Wild

    A critical zero-day vulnerability in Microsoft Word, tracked as CVE-2026-21514, was disclosed on February 10, 2026, allowing attackers to bypass essential security protections. This flaw has been actively exploited in the wild and carries a CVSS 3.1 base score of 7.8, with a temporal score of 7.2. C…

  4. CVE-2026-21514 - Vulnerability Details - OpenCVE

    The CVE entry describes a flaw in Microsoft Word that arises when the application processes untrusted input in a security decision. The vulnerability allows an attacker with local access to bypass a built‑in security feature, potentially enabling the execution of code or content that would normally…

  5. Microsoft Office Word 0-day Vulnerability Actively Exploited in the ...

    CVE-2026-21514 exploits a weakness in how Microsoft Word handles security decisions based on untrusted inputs, categorized as CWE-807. The ...

  6. MS Word CvE 2026 : r/cybersecurity - Reddit

    A critical zero-day vulnerability in Microsoft Word, CVE-2026-21514, allows attackers to bypass OLE mitigations in Microsoft 365 and Office ...

  7. Trust Issues: The Art of lying to Microsoft Word (CVE-2026-21514)

    CVE-2026-21514 is a prime example of 'tech debt' meeting 'logical fallacy.' This high-severity zero-day vulnerability in Microsoft Word allows attackers to bypass critical Object Linking and Embedding (OLE) security mitigations—essentially the digital equivalent of a 'Beware of Dog' sign that gets t…

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

📄 Download JSON Data | 📡 RSS Feed