CVE-2026-21513HIGH 8.8CISA KEVEPSS p96.4%

CVE-2026-21513Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability

Microsoft / Windows

Description

Microsoft MSHTML Framework contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS15.38% probability of exploitation · percentile 96.4% · 2026-06-18T12:00:27Z
Published2026-02-10
Last modified2026-03-30

CISA KEV entry

Added to KEV: 2026-02-10

Underlying weaknesses· 1

CWE-693

References

  1. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21513
  2. https://www.vicarius.io/vsociety/posts/cve-2026-21513-detection-script-security-feature-bypass-vulnerability-in-mshtml-framework
  3. https://www.vicarius.io/vsociety/posts/cve-2026-21513-mitigation-script-security-feature-bypass-vulnerability-in-mshtml-framework
  4. https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21513

1

TypeTargetConfidenceTier
WeaknessProtection Mechanism Failurecwe-6930%live

(incoming)1

TypeTargetConfidenceTier
KEVEntryMicrosoft MSHTML Framework Protection Mechanism Failure Vulnerabilitykev-cve-2026-215130%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
Microsoft Windows MSHTML Platform Security Feature Bypass Vulnerability
CVE
Microsoft Windows MSHTML Platform Remote Code Execution Vulnerability
CVE
Microsoft MSHTML Remote Code Execution Vulnerability
CVE
Microsoft Windows MSHTML Platform Privilege Escalation Vulnerability
CVE
Microsoft Windows MSHTML Platform Spoofing Vulnerability
CVE
CVE-2026-45595
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.