Microsoft Addresses CVE-2026-21513 Zero-Day Exploit in February

Microsoft Addresses CVE-2026-21513 Zero-Day Exploit in February

First seen 2 Mar 2026, 16:11 UTC FacebookPurple-Ops 81% similarity 41.1

Article Content

Browse articles
ThreatCluster

Microsoft has resolved CVE-2026-21513, a vulnerability with a CVSS score of 8.8, after confirming its exploitation in the wild. The flaw, located in the MSHTML component and specifically in ieframe.dll, allowed attackers to bypass security measures. The vulnerability was published on February 10, 2026, and was added to the CISA KEV list on the same day.

ThreatCluster AI

Timeline

2026-02-10
CVE-2026-21513 published
2026-02-10
CVE-2026-21513 added to CISA KEV (active exploitation)
Recent
Microsoft confirmed zero-day exploitation and released a patch

Community

Browse all →