CVE-2026-21514
Published: 10 February 2026
Summary
CVE-2026-21514 is a high-severity Reliance on Untrusted Inputs in a Security Decision (CWE-807) vulnerability in Microsoft Office Long Term Servicing Channel. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Stealth (T1211); ranked in the top 10.8% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-24 (Access Control Decisions) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates CVE-2026-21514 by requiring timely installation of Microsoft patches as provided in MSRC guidance to remediate the flaw in Word's security decision-making.
Prevents exploitation of the vulnerability by enforcing validation of untrusted inputs prior to their use in security decisions within Microsoft Office Word, directly countering CWE-807.
Ensures access control decisions, such as those bypassed in Word, are made at trusted decision points isolated from untrusted inputs, preventing local security feature bypass.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability explicitly enables bypassing a security feature in Microsoft Office Word via exploitation of untrusted inputs, directly mapping to T1211 (Exploitation for Defense Evasion).
NVD Description
Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally.
Deeper analysisAI
CVE-2026-21514 is a vulnerability in Microsoft Office Word caused by reliance on untrusted inputs in a security decision, corresponding to CWE-807. Published on 2026-02-10, it enables an unauthorized attacker to bypass a security feature locally. The issue carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high severity due to substantial impacts on confidentiality, integrity, and availability.
Exploitation requires local access with low complexity and no privileges, but user interaction is necessary. An unauthorized attacker can leverage this to bypass security protections in Word, potentially leading to high-level compromise of the affected system given the elevated confidentiality, integrity, and availability impacts.
Microsoft's Security Response Center (MSRC) offers update guidance and mitigation details at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21514. The vulnerability is also referenced in CISA's Known Exploited Vulnerabilities Catalog at https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21514.
Details
- CWE(s)
- KEV Date Added
- 10 February 2026