CVE-2026-21513

Q: What is the severity of CVE-2026-21513?

CVE-2026-21513 has a CVSS score of 8.8 (HIGH). This vulnerability in the MSHTML Framework allows attackers to bypass security protections remotely, potentially enabling unauthorized access or code execution. It affects systems running vulnerable versions of Microsoft software that use this framework, primarily Windows-based environments.

8.8 HIGH CISA KEV

Authentication Bypass

📋 TL;DR

This vulnerability in the MSHTML Framework allows attackers to bypass security protections remotely, potentially enabling unauthorized access or code execution. It affects systems running vulnerable versions of Microsoft software that use this framework, primarily Windows-based environments.

💻 Affected Systems

Products:

Microsoft Windows
Microsoft Edge
Internet Explorer
Office applications using MSHTML

Versions: Specific versions not detailed in provided references; check Microsoft advisory for exact ranges

Operating Systems: Windows 10, Windows 11, Windows Server 2016/2019/2022

Default Config Vulnerable: ⚠️ Yes

Notes: Systems with MSHTML Framework enabled are vulnerable; exact product versions require checking Microsoft's advisory.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to full system compromise, data theft, or ransomware deployment across the network.

🟠

Likely Case

Unauthorized access to sensitive information or limited system control through the bypassed security feature.

🟢

If Mitigated

Limited impact with proper network segmentation, endpoint protection, and least privilege controls in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Network-based exploitation possible; CISA lists it as known exploited, indicating active weaponization.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Microsoft's monthly security updates for specific KB numbers

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21513

Restart Required: Yes

Instructions:

1. Apply latest Microsoft security updates via Windows Update or WSUS. 2. Restart affected systems. 3. Verify patch installation using version checks.

🔧 Temporary Workarounds

Disable MSHTML in Internet Explorer

windows

Prevents exploitation via Internet Explorer by disabling the vulnerable component

Set registry key: HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DISABLE_MSHTML to 1

Network Segmentation

all

Limit exposure by restricting network access to vulnerable systems

🧯 If You Can't Patch

Implement strict network access controls and segmentation to isolate vulnerable systems
Deploy endpoint detection and response (EDR) solutions to monitor for exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check system for affected Microsoft software versions; use Microsoft's security update guide to compare versions.

Check Version:

wmic os get caption, version (Windows) or systeminfo (Windows)

Verify Fix Applied:

Verify that latest security updates are installed and system restarted; check version numbers against patched versions in Microsoft advisory.

📡 Detection & Monitoring

Log Indicators:

Unexpected process creation from MSHTML-related executables
Security event logs showing bypass attempts

Network Indicators:

Unusual network traffic to/from systems using MSHTML Framework
Anomalous HTTP/HTTPS requests triggering the vulnerability

SIEM Query:

Example: EventID=4688 AND ProcessName LIKE '%mshtml%' OR CommandLine CONTAINS 'mshtml'

📊 Metadata

CVE ID: CVE-2026-21513

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-693

EPSS Score: 3.77% exploit probability (87.8th percentile)

CISA KEV: Actively Exploited added Feb 10, 2026

Published: February 10, 2026

Last Updated: February 11, 2026

🔗 References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21513 Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21513 US Government Resource

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Windows 10 1607 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 21h2 by Microsoft

Windows 10 21h2 by Microsoft

Windows 10 21h2 by Microsoft

Windows 10 22h2 by Microsoft

Windows 10 22h2 by Microsoft

Windows 10 22h2 by Microsoft

Windows 11 23h2 by Microsoft

Windows 11 23h2 by Microsoft

Windows 11 24h2 by Microsoft

Windows 11 24h2 by Microsoft

Windows 11 25h2 by Microsoft

Windows 11 25h2 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2019 by Microsoft

Windows Server 2022 by Microsoft

Windows Server 2022 23h2 by Microsoft

Windows Server 2025 by Microsoft

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable MSHTML in Internet Explorer

Network Segmentation

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities