CVE-2026-21514

CISA KEV

Published February 10, 2026 · Updated April 3, 2026

high

What This Means

CVE-2026-21514 is a privilege escalation vulnerability in Microsoft Office Word where the application makes security decisions based on untrusted inputs, allowing an authenticated local attacker to gain elevated privileges on the system. An attacker with user-level access can exploit this to execute code with higher permissions, potentially compromising the entire system. **Immediate actions:** Patch Microsoft Office Word as soon as Microsoft releases updates. Restrict local administrative access where possible, monitor for suspicious Word process behavior (especially spawned child processes with elevated tokens), and review access logs for users who have recently escalated privileges.

Official Description+

Microsoft Office Word contains a reliance on untrusted inputs in a security decision vulnerability that could allow an authorized attacker to elevate privileges locally.

Affected Products

Vendor	Product
Microsoft	Office

Patch Status

Patch by 2026-03-03

Recommended Actions

Check if your systems use any of the affected products listed above.
Apply vendor patches immediately if available.
This vulnerability is in CISA's Known Exploited Vulnerabilities catalog — prioritize remediation.
Monitor vendor advisories for updates and additional mitigations.
Review logs for indicators of compromise related to CVE-2026-21514.

Related Coverage

Vvulnerability

CVE-2026-21514: Microsoft Office Word Privilege Escalation Via Untrusted Input Validation Flaw

CVE-2026-21514 is a privilege escalation vulnerability in Microsoft Office Word caused by the application's reliance on untrusted inputs in security decisions. An authenticated local attacker can open a crafted document to escalate from standard user to elevated privileges without additional user interaction. CISA has added this CVE to its Known Exploited Vulnerabilities catalog with a federal patch deadline of March 3, 2026.

CISA KEV·52d ago·4 min read