Security Feature Bypass in MSHTML Framework by Microsoft
CVE-2026-21513
Key Information:
- Vendor
Microsoft
- Vendor
- CVE Published:
- 10 February 2026
Badges
What is CVE-2026-21513?
A protection mechanism failure in the MSHTML Framework allows unauthorized attackers to circumvent a key security feature over a network. This vulnerability could enable malicious actors to exploit this weakness, leading to potential unauthorized access and manipulation of sensitive data.
CISA has reported CVE-2026-21513
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2026-21513 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Windows 10 Version 1607 32-bit Systems 10.0.14393.0 < 10.0.14393.8868
Windows 10 Version 1809 32-bit Systems 10.0.17763.0 < 10.0.17763.8389
Windows 10 Version 21H2 ARM64-based Systems 10.0.19044.0 < 10.0.19044.6937
References
EPSS Score
8% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- ๐พ
Exploit known to exist
- ๐ฆ
CISA Reported
Vulnerability published
Vulnerability Reserved