CVE-2026-21514: Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally.

high7.8CVSS 3.1

AVLACLPRNUIRSUCHIHAH

KEV

CISA Known Exploited Vulnerabilitydue 2026-03-03

Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally.

15 ranges

Vendor	Product	Version range	Fixed in
microsoft	microsoft_365_apps_for_enterprise	>= 16.0.1 < https://aka.ms/OfficeSecurityReleases	https://aka.ms/OfficeSecurityReleases
microsoft	microsoft_office_ltsc_2021	>= 16.0.1 < https://aka.ms/OfficeSecurityReleases	https://aka.ms/OfficeSecurityReleases
microsoft	microsoft_office_ltsc_2024	>= 16.0.0 < https://aka.ms/OfficeSecurityReleases	https://aka.ms/OfficeSecurityReleases
microsoft	microsoft_office_ltsc_for_mac_2021	>= 16.0.1 < 16.106.26020821	16.106.26020821
microsoft	microsoft_office_ltsc_for_mac_2024	>= 16.0.0 < 16.106.26020821	16.106.26020821
microsoft	office_long_term_servicing_channel	—	—
microsoft	office_long_term_servicing_channel	—	—
msrc	microsoft_365_apps_for_enterprise_for_32-bit_systems	—	—
msrc	microsoft_365_apps_for_enterprise_for_64-bit_systems	—	—
msrc	microsoft_office_ltsc_2021_for_32-bit_editions	—	—
msrc	microsoft_office_ltsc_2021_for_64-bit_editions	—	—
msrc	microsoft_office_ltsc_2024_for_32-bit_editions	—	—
msrc	microsoft_office_ltsc_2024_for_64-bit_editions	—	—
msrc	microsoft_office_ltsc_for_mac_2021	—	—
msrc	microsoft_office_ltsc_for_mac_2024	—	—

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

vulncheck7.8HIGH

cisa7.8HIGH