APT28 Tied to CVE-2026-21513 MSHTML 0-Day Exploited Before Feb 2026 Patch Tuesday

A recently disclosed security flaw patched by Microsoft may have been exploited by the Russia-linked state-sponsored threat actor known as APT28, according to new findings from Akamai. The vulnerability in question is CVE-2026-21513 CVSS score: 8.8, a high-severity security feature bypass affecti...

CVE-2026-21513

Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network...

CVE-2026-21513 MSHTML Framework Security Feature Bypass Vulnerability

...

CVE-2026-21513 MSHTML Framework Security Feature Bypass Vulnerability

...

MSHTML Framework Security Feature Bypass Vulnerability

Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network...

VulnCheck KEV: CVE-2026-21513

Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network...

KB5075971: Windows Server 2012 Security Update (February 2026)

The remote Windows host is missing security update 5075971. It is, therefore, affected by multiple vulnerabilities - Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network. CVE-2026-21513 - Heap-based buffer overflow in Microso...