FAQ on CVE-2026-21514: OLE bypass N-Day in Microsoft Word

**Executive Summary:** Tenable identifies CVE-2026-21514 as a Microsoft Word security-feature-bypass actively exploited in the wild that circumvents OLE and Mark-of-the-Web protections to execute payloads silently; their exposure analysis finds ~13.99 million affected assets (predominantly in the U.S.), links the flaw to Iranian APT phishing tradecraft within Operation Epic Fury, and urges immediate patching, email-gateway OLE/COM blocking, ASR rules, and EDR monitoring.