AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

🔥 This vulnerability is being actively exploited in the wild (CISA Known Exploited Vulnerabilities catalog)

CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability

infovulnerability🔥 Actively Exploited

security

Source: CISA Known Exploited VulnerabilitiesFebruary 9, 2026CVE-2026-21514

Summary

Microsoft Office Word has a vulnerability where it trusts user inputs when making security decisions, allowing an authorized attacker to gain elevated privileges (higher access level) on a local computer. This vulnerability is currently being exploited by attackers in real-world attacks.

Solution / Mitigation

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Due date: 2026-03-03. See https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21514 for specific vendor instructions.

Vulnerability Details

EPSS (30-day exploit probability)

EPSS: 5.1%

Exploit Maturity

🔥 Actively Exploited

Classification

Attack SophisticationModerate

Taxonomy References

CWE (Weakness Type)

CWE-807

Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-21514

First tracked: February 12, 2026 at 02:20 PM

Classified by LLM (prompt v3) · confidence: 95%