CVE-2026-21513

Published Feb 10, 2026

Last updated 16 days ago

Exploit known CVSS high 8.8

Zero-day

Overview

Description: Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network.
Source: secure@microsoft.com
NVD status: Analyzed
Products: windows_10_1607, windows_10_1809, windows_10_21h2, windows_10_22h2, windows_11_23h2, windows_11_24h2, windows_11_25h2, windows_server_2012, windows_server_2016, windows_server_2019, windows_server_2022, windows_server_2022_23h2, windows_server_2025

Risk scores

CVSS 3.1

Type: Secondary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: HIGH

Known exploits

Data from CISA

Vulnerability name: Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability
Exploit added on: Feb 10, 2026
Exploit action due: Mar 3, 2026
Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

secure@microsoft.com: CWE-693

Hype score: Not currently trending

Top 5 Trending CVEs: 1 - CVE-2026-20700 2 - CVE-2025-1234 3 - CVE-2026-21513 4 - CVE-2026-21241 5 - CVE-2025-5959 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
25 Feb 2026
245 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
            "matchCriteriaId": "E78A20FD-B910-43DF-BE89-E971E2FD0049",
            "versionEndExcluding": "10.0.14393.8868",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
            "matchCriteriaId": "B941280B-97F6-4F60-80A3-40482A74488D",
            "versionEndExcluding": "10.0.14393.8868",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
            "matchCriteriaId": "C09C54DA-6AB0-4696-A2F2-C11CFC292EA9",
            "versionEndExcluding": "10.0.17763.8389",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
            "matchCriteriaId": "369B4E41-3895-4CB7-BD37-D2E4A4D52FB9",
            "versionEndExcluding": "10.0.17763.8389",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*",
            "matchCriteriaId": "EDB3FD9A-2786-4EC1-8989-2B0D054E0307",
            "versionEndExcluding": "10.0.19044.6937",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
            "matchCriteriaId": "893DBA65-116B-4AE0-80E1-50458CB5FDAD",
            "versionEndExcluding": "10.0.19044.6937",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*",
            "matchCriteriaId": "37E2BFF1-28C0-4FA0-9A6C-020146E4AD54",
            "versionEndExcluding": "10.0.19044.6937",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
            "matchCriteriaId": "3ABF7E9C-769A-4330-AD97-FE3CD766E577",
            "versionEndExcluding": "10.0.19045.6937",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
            "matchCriteriaId": "F54B0C64-9A1F-470B-9824-322CF362507F",
            "versionEndExcluding": "10.0.19045.6937",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
            "matchCriteriaId": "A5BD3F0C-1E6F-4937-806C-B87CA19C2830",
            "versionEndExcluding": "10.0.19045.6937",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
            "matchCriteriaId": "B273EF5A-3157-4842-AE91-CEC289813902",
            "versionEndExcluding": "10.0.22631.6649",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
            "matchCriteriaId": "CD2513FC-D399-4DBF-921F-13B4D1497127",
            "versionEndExcluding": "10.0.22631.6649",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
            "matchCriteriaId": "B08450A0-0F7E-4A05-8989-900221992766",
            "versionEndExcluding": "10.0.26100.7781",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
            "matchCriteriaId": "9D30B348-DAE7-43EC-85FA-38E1715258A9",
            "versionEndExcluding": "10.0.26100.7781",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:*",
            "matchCriteriaId": "8F23FFCF-9C69-4D27-AF21-D09A6041AA3A",
            "versionEndExcluding": "10.0.26200.7781",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:*",
            "matchCriteriaId": "D1D93202-BDDB-438F-934E-1FE904B3651B",
            "versionEndExcluding": "10.0.26200.7781",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
            "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:-:*:x64:*",
            "matchCriteriaId": "C9801763-02E0-471B-A571-6E9733A5358D",
            "versionEndExcluding": "10.0.14393.8868",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:-:*:x64:*",
            "matchCriteriaId": "5D132B4B-F718-420D-B31D-39390ADB6ABB",
            "versionEndExcluding": "10.0.17763.8389",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:-:*:x64:*",
            "matchCriteriaId": "E1DDF720-A228-412B-BF01-ECD759C35A24",
            "versionEndExcluding": "10.0.20348.4711",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:-:*:x64:*",
            "matchCriteriaId": "40F60E69-9FF7-4613-84D3-1982F357A82E",
            "versionEndExcluding": "10.0.25398.2149",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:x64:*",
            "matchCriteriaId": "62BDF24B-B74A-4F48-A6A5-CA375ECE9B5C",
            "versionEndExcluding": "10.0.26100.32313",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Known exploits

Weaknesses

Social media

Configurations

Related CVEs

References