Main Vulnerability Database SB2026021053

SB2026021053 - Security feature bypass vulnerability in Microsoft Word

Published: February 10, 2026

Security Bulletin ID SB2026021053

CSH Severity

Critical

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Reliance on Untrusted Inputs in a Security Decision (CVE-ID: CVE-2026-21514)

CWE-ID: CWE-807 - Reliance on Untrusted Inputs in a Security Decision

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient mitigations for COM/OLE controls. A remote attacker can trick the victim into opening a specially crafted Word file, bypass implemented OLE mitigations and execute arbitrary code on the system.

Note, the vulnerability is being actively exploited in the wild.

Remediation

Install update from vendor's website.

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21514