CVE-2026-21521
Published: 22 January 2026
Summary
CVE-2026-21521 is a high-severity Improper Neutralization of Escape, Meta, or Control Sequences (CWE-150) vulnerability in Microsoft 365 Word Copilot. Its CVSS base score is 7.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 31.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as Enterprise AI Assistants; in the Privacy and Disclosure risk domain.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).
Deeper analysis
CVE-2026-21521 is an improper neutralization of escape, meta, or control sequences vulnerability (CWE-150) affecting Copilot. Published on 2026-01-22, it carries a CVSS v3.1 base score of 7.4 (AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N), indicating high severity due to network accessibility, low attack complexity, and significant confidentiality impact.
An unauthorized attacker with no privileges required can exploit this vulnerability remotely by inducing user interaction, such as clicking a malicious link or input. Successful exploitation changes the scope and enables disclosure of sensitive information over the network, with no impact on integrity or availability.
The Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21521 provides details on mitigation and patches.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-4498
Vulnerability details
Improper neutralization of escape, meta, or control sequences in Copilot allows an unauthorized attacker to disclose information over a network.
- CWE(s)
AI Security AnalysisAI
- AI Category
- Enterprise AI Assistants
- Risk Domain
- Privacy and Disclosure
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: copilot
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Improper neutralization (CWE-150) in public-facing Copilot enables remote exploitation via malicious link/input for info disclosure (T1190); requires user interaction consistent with malicious link execution (T1204.001).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation and sanitization of all inputs to neutralize escape/meta/control sequences before processing in Copilot.
Requires filtering of system outputs to block unauthorized disclosure of sensitive information triggered by malformed sequences.
Enforces information flow policies that can block the network-scope data exfiltration path exploited by this input-neutralization flaw.