CVE-2026-21513
Published Feb 10, 2026
Last updated 15 days ago
- Description
- Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network.
- Source
- secure@microsoft.com
- NVD status
- Analyzed
- Products
- windows_10_1607, windows_10_1809, windows_10_21h2, windows_10_22h2, windows_11_23h2, windows_11_24h2, windows_11_25h2, windows_server_2012, windows_server_2016, windows_server_2019, windows_server_2022, windows_server_2022_23h2, windows_server_2025
CVSS 3.1
- Type
- Secondary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability
- Exploit added on
- Feb 10, 2026
- Exploit action due
- Mar 3, 2026
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- secure@microsoft.com
- CWE-693
- Hype score
- Not currently trending
TrendAI™ Research tracked Pawn Storm's activities across three distinct but interconnected campaigns. This evolution spans from the NotDoor campaign in 2025 to the current PRISMEX wave, which weaponizes a Windows zero-day (CVE-2026-21513). Read more: https://t.co/ZlQ7vq3zds ht
@trendai_RSRCH
29 Mar 2026
343 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
TrendAI™ Research tracked Pawn Storm's activities across three distinct but interconnected campaigns. This evolution spans from the NotDoor campaign in 2025 to the current PRISMEX wave, which weaponizes a Windows zero-day (CVE-2026-21513). Read more: https://t.co/ZlQ7vq3zds htt
@trendai_RSRCH
26 Mar 2026
247 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2025-54236 2 - CVE-2025-38617 3 - CVE-2026-21513 4 - CVE-2026-3102 5 - CVE-2017-7921 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
10 Mar 2026
173 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2026-21513 2 - CVE-2025-14500 3 - CVE-2026-21236 4 - CVE-2026-2441 5 - CVE-2026-3223 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
3 Mar 2026
164 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2026-20700 2 - CVE-2025-1234 3 - CVE-2026-21513 4 - CVE-2026-21241 5 - CVE-2025-5959 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
25 Feb 2026
245 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "E78A20FD-B910-43DF-BE89-E971E2FD0049",
"versionEndExcluding": "10.0.14393.8868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "B941280B-97F6-4F60-80A3-40482A74488D",
"versionEndExcluding": "10.0.14393.8868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "C09C54DA-6AB0-4696-A2F2-C11CFC292EA9",
"versionEndExcluding": "10.0.17763.8389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "369B4E41-3895-4CB7-BD37-D2E4A4D52FB9",
"versionEndExcluding": "10.0.17763.8389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "EDB3FD9A-2786-4EC1-8989-2B0D054E0307",
"versionEndExcluding": "10.0.19044.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "893DBA65-116B-4AE0-80E1-50458CB5FDAD",
"versionEndExcluding": "10.0.19044.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "37E2BFF1-28C0-4FA0-9A6C-020146E4AD54",
"versionEndExcluding": "10.0.19044.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "3ABF7E9C-769A-4330-AD97-FE3CD766E577",
"versionEndExcluding": "10.0.19045.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "F54B0C64-9A1F-470B-9824-322CF362507F",
"versionEndExcluding": "10.0.19045.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "A5BD3F0C-1E6F-4937-806C-B87CA19C2830",
"versionEndExcluding": "10.0.19045.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "B273EF5A-3157-4842-AE91-CEC289813902",
"versionEndExcluding": "10.0.22631.6649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "CD2513FC-D399-4DBF-921F-13B4D1497127",
"versionEndExcluding": "10.0.22631.6649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "B08450A0-0F7E-4A05-8989-900221992766",
"versionEndExcluding": "10.0.26100.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "9D30B348-DAE7-43EC-85FA-38E1715258A9",
"versionEndExcluding": "10.0.26100.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "8F23FFCF-9C69-4D27-AF21-D09A6041AA3A",
"versionEndExcluding": "10.0.26200.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "D1D93202-BDDB-438F-934E-1FE904B3651B",
"versionEndExcluding": "10.0.26200.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:-:*:x64:*",
"matchCriteriaId": "C9801763-02E0-471B-A571-6E9733A5358D",
"versionEndExcluding": "10.0.14393.8868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:-:*:x64:*",
"matchCriteriaId": "5D132B4B-F718-420D-B31D-39390ADB6ABB",
"versionEndExcluding": "10.0.17763.8389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:-:*:x64:*",
"matchCriteriaId": "E1DDF720-A228-412B-BF01-ECD759C35A24",
"versionEndExcluding": "10.0.20348.4711",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:-:*:x64:*",
"matchCriteriaId": "40F60E69-9FF7-4613-84D3-1982F357A82E",
"versionEndExcluding": "10.0.25398.2149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "62BDF24B-B74A-4F48-A6A5-CA375ECE9B5C",
"versionEndExcluding": "10.0.26100.32313",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]