Cyber Resilience

CVE-2026-21521

High

Published: 22 January 2026

Published
22 January 2026
Modified
02 February 2026
KEV Added
Patch
CVSS Score v3.1 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
EPSS Score 0.0012 31.1th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-21521 is a high-severity Improper Neutralization of Escape, Meta, or Control Sequences (CWE-150) vulnerability in Microsoft 365 Word Copilot. Its CVSS base score is 7.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 31.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as Enterprise AI Assistants; in the Privacy and Disclosure risk domain.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).

Deeper analysis

CVE-2026-21521 is an improper neutralization of escape, meta, or control sequences vulnerability (CWE-150) affecting Copilot. Published on 2026-01-22, it carries a CVSS v3.1 base score of 7.4 (AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N), indicating high severity due to network accessibility, low attack complexity, and significant confidentiality impact.

An unauthorized attacker with no privileges required can exploit this vulnerability remotely by inducing user interaction, such as clicking a malicious link or input. Successful exploitation changes the scope and enables disclosure of sensitive information over the network, with no impact on integrity or availability.

The Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21521 provides details on mitigation and patches.

EU & UK References

Vulnerability details

Improper neutralization of escape, meta, or control sequences in Copilot allows an unauthorized attacker to disclose information over a network.

CWE(s)

AI Security AnalysisAI

AI Category
Enterprise AI Assistants
Risk Domain
Privacy and Disclosure
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: copilot

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1204.001 Malicious Link Execution
An adversary may rely upon a user clicking a malicious link in order to gain execution.
Why these techniques?

Improper neutralization (CWE-150) in public-facing Copilot enables remote exploitation via malicious link/input for info disclosure (T1190); requires user interaction consistent with malicious link execution (T1204.001).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-59252Same product: Microsoft 365 Word Copilot
CVE-2026-26164Same vendor: Microsoft
CVE-2026-26129Same vendor: Microsoft
CVE-2026-26149Same vendor: Microsoft
CVE-2026-21520Same vendor: Microsoft
CVE-2026-41109Same vendor: Microsoft
CVE-2026-26133Same vendor: Microsoft
CVE-2026-42893Same vendor: Microsoft
CVE-2025-65037Same vendor: Microsoft
CVE-2025-59287Same vendor: Microsoft

Affected Assets

microsoft
365 word copilot
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation and sanitization of all inputs to neutralize escape/meta/control sequences before processing in Copilot.

prevent

Requires filtering of system outputs to block unauthorized disclosure of sensitive information triggered by malformed sequences.

prevent

Enforces information flow policies that can block the network-scope data exfiltration path exploited by this input-neutralization flaw.

References