CVE-2026-21514
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Summary
Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Microsoft | Microsoft 365 Apps for Enterprise | 16.0.1 < https://aka.ms/OfficeSecurityReleases | affected |
| Microsoft | Microsoft Office LTSC 2021 | 16.0.1 < https://aka.ms/OfficeSecurityReleases | affected |
| Microsoft | Microsoft Office LTSC 2024 | 16.0.0 < https://aka.ms/OfficeSecurityReleases | affected |
| Microsoft | Microsoft Office LTSC for Mac 2021 | 16.0.1 < 16.106.26020821 | affected |
| Microsoft | Microsoft Office LTSC for Mac 2024 | 16.0.0 < 16.106.26020821 | affected |
Weaknesses
- CWE-807: CWE-807: Reliance on Untrusted Inputs in a Security Decision
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: active
- Automatable: no
- Technical Impact: total
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.