๐ฅ This vulnerability is being actively exploited in the wild (CISA Known Exploited Vulnerabilities catalog)
CVE-2026-21513: Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability
Summary
Microsoft MSHTML Framework (a component that helps Windows render web content) contains a flaw in its security protection mechanism that could let an attacker bypass security features over a network. This vulnerability is currently being exploited by real attackers in the wild.
Solution / Mitigation
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Due date: 2026-03-03. See https://msrc.microsoft.com/update-guide/advisory/CVE-2026-21513 for details.
Vulnerability Details
EPSS: 4.8%
๐ฅ Actively Exploited
Classification
Taxonomy References
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-21513
First tracked: February 12, 2026 at 02:20 PM
Classified by LLM (prompt v3) ยท confidence: 95%