CVE-2026-21514

HIGH KEV

Microsoft Office Word - Info Disclosure

Title source: llm

Exploitation Summary

CVE-2026-21514 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added February 10, 2026. EIP tracks 1 public exploit from researchers including ChaitanyaHaritash.

AI-analyzed exploit summary This repository contains functional exploit code for CVE-2026-21514 and CVE-2026-21510, focusing on RTF and LNK file generation to bypass Protected View and achieve RCE. The scripts demonstrate technical details of the exploit chain, including obfuscation and payload delivery mechanisms.

Description

Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally.

Exploits (1)

nomisec WORKING POC

by ChaitanyaHaritash · poc

https://github.com/ChaitanyaHaritash/CVE-2026-21514_CVE-2026-21510

View Code ZIP pw:eip

This repository contains functional exploit code for CVE-2026-21514 and CVE-2026-21510, focusing on RTF and LNK file generation to bypass Protected View and achieve RCE. The scripts demonstrate technical details of the exploit chain, including obfuscation and payload delivery mechanisms.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Microsoft Office (specific version not specified)

No auth needed

Prerequisites: Network access to a controlled server hosting the malicious LNK file · Victim interaction to open the crafted RTF document

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed May 05, 2026 Full analysis →

References (2)

Core 2

Core References

US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21514

Vendor Advisory vendor-advisory patch

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21514

Scores

CVSS v3 7.8

EPSS 0.0533

EPSS Percentile 90.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable no

Technical Impact total

Details

CISA KEV 2026-02-10

VulnCheck KEV 2026-02-10

ENISA EUVD EUVD-2026-7334

CWE

CWE-807

Status published

Products (8)

microsoft/365_apps (2 CPE variants)

Microsoft/Microsoft 365 Apps for Enterprise 16.0.1 - https://aka.ms/OfficeSecurityReleases

Microsoft/Microsoft Office LTSC 2021 16.0.1 - https://aka.ms/OfficeSecurityReleases

Microsoft/Microsoft Office LTSC 2024 16.0.0 - https://aka.ms/OfficeSecurityReleases

Microsoft/Microsoft Office LTSC for Mac 2021 16.0.1 - 16.106.26020821

Microsoft/Microsoft Office LTSC for Mac 2024 16.0.0 - 16.106.26020821

microsoft/office_long_term_servicing_channel 2021 (3 CPE variants)

microsoft/office_long_term_servicing_channel 2024 (3 CPE variants)

Published Feb 10, 2026

KEV Added Feb 10, 2026

Tracked Since Feb 18, 2026