Security Feature Bypass in MSHTML Framework by Microsoft
CVE-2026-21513
Key Information:
- Vendor
Microsoft
- Vendor
- CVE Published:
- 10 February 2026
Badges
What is CVE-2026-21513?
CVE-2026-21513 is a security vulnerability identified within the MSHTML Framework developed by Microsoft. The MSHTML Framework is a core component that facilitates the rendering of HTML content and provides essential functionalities for web applications and browser environments. This particular vulnerability arises due to a breakdown in the protection mechanisms intended to safeguard against unauthorized access. Consequently, attackers may exploit this weakness to bypass security features over a network, potentially compromising the integrity and confidentiality of the information processed by affected systems.
Organizations utilizing software that integrates with or relies upon the MSHTML Framework may find themselves vulnerable to various security threats. The impact of this flaw could involve unauthorized data access, data manipulation, and the possibility of further exploitation, presenting a significant risk to organizations' digital assets.
Potential impact of CVE-2026-21513
-
Unauthorized Data Access: Attackers can exploit this vulnerability to gain unauthorized access to sensitive information, potentially leading to data breaches that jeopardize organizational privacy and regulatory compliance.
-
System Compromise: By bypassing security features, threat actors may obtain control over affected systems, allowing them to deploy additional malicious payloads, conduct lateral movements, or establish persistent access.
-
Increased Risk of Malware Deployment: The exploitation of CVE-2026-21513 can serve as a vector for deploying various types of malware, including ransomware, significantly increasing the threat landscape for organizations and complicating incident response efforts.
CISA has reported CVE-2026-21513
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2026-21513 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.
The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
Windows 10 Version 1607 32-bit Systems 10.0.14393.0 < 10.0.14393.8868
Windows 10 Version 1809 32-bit Systems 10.0.17763.0 < 10.0.17763.8389
Windows 10 Version 21H2 32-bit Systems 10.0.19044.0 < 10.0.19044.6937
News Articles
The Hacker NewsAPT28 Deploys PRISMEX Malware in Campaign Targeting Ukraine and NATO Allies
APT28 deploys PRISMEX using zero-day CVEs since September 2025, targeting Ukraine’s supply chains and NATO partners for espionage and sabotage.
2 weeks ago
Plato Data IntelligenceAPT28 Deploys PRISMEX Malware In Campaign Targeting Ukraine And NATO Allies
The Russian threat actor known as APT28 (aka Forest Blizzard and Pawn Storm) has been linked to a fresh spear-phishing campaign targeting Ukraine and its allies to deploy a previously undocumented malware...
2 weeks ago
References
EPSS Score
31% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 💰
Used in Ransomware
- 📰
First article discovered by Plato Data Intelligence
- 📈
Vulnerability started trending
- 👾
Exploit known to exist
- 🦅
CISA Reported
Vulnerability published
Vulnerability Reserved