CVE-2026-21513

Analyzed Analyzed - Analysis Complete

Security Bypass Vulnerability in MSHTML Framework via Network Attack

Publication date: 2026-02-10

Last updated on: 2026-03-30

Assigner: Microsoft Corporation

Description

Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-02-10

Last Modified

2026-03-30

Generated

2026-06-16

AI Q&A

2026-02-10

EPSS Evaluated

2026-06-15

NVD

CVE-2026-21513

EUVD

EUVD-2026-7342

Affected Vendors & Products

Vendor	Product	Version / Range
microsoft	windows_server_2012	r2
microsoft	windows_server_2012	*
microsoft	windows_10_1607	to 10.0.14393.8868 (exc)
microsoft	windows_10_1607	to 10.0.14393.8868 (exc)
microsoft	windows_10_1809	to 10.0.17763.8389 (exc)
microsoft	windows_11_24h2	to 10.0.26100.7781 (exc)
microsoft	windows_11_24h2	to 10.0.26100.7781 (exc)
microsoft	windows_11_23h2	to 10.0.22631.6649 (exc)
microsoft	windows_11_23h2	to 10.0.22631.6649 (exc)
microsoft	windows_11_25h2	to 10.0.26200.7781 (exc)
microsoft	windows_11_25h2	to 10.0.26200.7781 (exc)
microsoft	windows_10_22h2	to 10.0.19045.6937 (exc)
microsoft	windows_10_22h2	to 10.0.19045.6937 (exc)
microsoft	windows_10_22h2	to 10.0.19045.6937 (exc)
microsoft	windows_10_21h2	to 10.0.19044.6937 (exc)
microsoft	windows_10_21h2	to 10.0.19044.6937 (exc)
microsoft	windows_10_21h2	to 10.0.19044.6937 (exc)
microsoft	windows_10_1809	to 10.0.17763.8389 (exc)
microsoft	windows_server_2016	to 10.0.14393.8868 (exc)
microsoft	windows_server_2019	to 10.0.17763.8389 (exc)
microsoft	windows_server_2022	to 10.0.20348.4711 (exc)
microsoft	windows_server_2022_23h2	to 10.0.25398.2149 (exc)
microsoft	windows_server_2025	to 10.0.26100.32313 (exc)

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-693	The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

Attack-Flow Graph

Executive Summary

This vulnerability is a protection mechanism failure in the MSHTML Framework that allows an unauthorized attacker to bypass a security feature over a network.

Impact Analysis

The vulnerability can have a high impact as it allows an attacker to bypass security features remotely without privileges, potentially leading to high confidentiality, integrity, and availability losses.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Hi! I’m here to help you understand CVE-2026-21513. Ask me anything about the vulnerability, its impact, or mitigation strategies.

0/70

CVE-2026-21513

Security Bypass Vulnerability in MSHTML Framework via Network Attack

Description

CVSS Scores

EPSS Scores

Meta Information

Affected Vendors & Products

Helpful Resources

Exploitability

Attack-Flow Graph

AI Quick Actions

Chat Assistant

EPSS Chart