CVE-2026-21513 - PatchNow

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: USER_INTERACTION

CVE Published: 2026-02-10

Added to CISA KEV: 2026-02-10 0 DAY BETWEEN CVE AND KEV

⚠️ CRITICAL: Check for indicators of compromise - this vulnerability is in CISA KEV indicating active exploitation in the wild. Review logs, check for unauthorized access, verify system integrity before patching
Apply Microsoft security updates for February 2026 Patch Tuesday
Educate users about risks of opening untrusted HTML content or visiting suspicious websites
Implement application control policies to restrict execution of potentially malicious content
Medium priority patching - while high CVSS score, requires user interaction and is not directly internet-exploitable

Regarding CVE-2026-21513, here's what is known about its exploitation:

Affected Applications/Services: The vulnerability is associated with MSHTML Framework ^[2]^[5].

Evidence of Active Exploitation: There is no direct evidence in the provided search results indicating that CVE-2026-21513 has been actively exploited in the wild. However, Microsoft has released security updates for it, suggesting it is a vulnerability of concern ^[2]^[4]. Some sources mention that Microsoft attaches its standard report-confidence indicator to the advisory for this CVE, which typically means it's a confirmed vulnerability ^[2].

Attack Vectors and Exploitation Methods: The vulnerability is classified as a Security Feature Bypass ^[2]^[5]. This means an attacker could potentially bypass security features implemented in the MSHTML Framework. The exact technical details of how this bypass is achieved are not elaborated upon in the provided information, but it is described as a "protection mechanism failure" ^[1].

Use in Targeted Attacks: There is no specific information available in the provided search results detailing whether CVE-2026-21513 has been used in targeted attacks.

CISA Known Exploited Vulnerabilities (KEV) Status: CVE-2026-21513 is not listed on CISA's Known Exploited Vulnerabilities (KEV) catalog based on the provided search results. CISA's KEV catalog is a resource of vulnerabilities that have been actively exploited in the wild ^[3]^[6].

Technical Details about Internet Exploitability: The provided information indicates that the vulnerability allows an unauthorized attacker to bypass a security feature over a network ^[1]. This suggests potential for remote exploitation, but specific details on how it affects internet-facing applications or services are not detailed. The vulnerability is in MSHTML, which is a component used in various Microsoft products, and security feature bypasses can often be triggered through specially crafted content, potentially over a network.

February 2026 Patch Tuesday: 10 Critical Vulnerabilities Amid 59 CVEs
CVE-2026-21513 Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21513 MSHTML Security Feature Bypass: Patch and Harden Now
What Microsoft’s advisory actually tells us The vendor entry for CVE‑2026‑21513 in the Microsoft Security Update Guide confirms three short, authoritative facts: the affected product surface is MSHTML, the classification is Security Feature Bypass, and Microsoft attaches its standard report‑confiden…
Known Exploited Vulnerabilities Catalog - CISA
For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catal…
Microsoft February 2026 Patch Tuesday fixes 6 zero-days, 58 flaws
As no details have been released, it is unclear if CVE-2026-21510, CVE-2026-21513, and CVE-2026-21514 were exploited in the same campaign. ... Of ...
Microsoft Patch Tuesday February 2026 – 54 Vulnerabilities Fixed ...
These include: CVE-2026-21514: Security feature bypass in Microsoft Office Word. CVE-2026-21513: Security feature bypass in MSHTML Framework.

🟢 CVE-2026-21513