Back Issues This Week → Calendar → Current Issue → Popular →

All issuesVolume 335, Issue 3IT Vendor NewsAkamai Technologies

Inside The Fix: Analysis Of In-The-Wild Exploit Of CVE-2026-21513

Akamai Technologies, Friday, February 20th, 2026

Microsoft's February 2026 Patch Tuesday addressed 59 vulnerabilities, including six actively exploited zero-days. CVE-2026-21513 stands out because of its active exploitation, high impact, and ability to bypass browser security boundaries and trigger arbitrary file execution.

On February 2026's Patch Tuesday, Microsoft patched CVE-2026-21513, a security features bypass vulnerability within MSHTML framework.

The vulnerability affects all Windows versions, is actively exploited in the wild, and carries a CVSS score of 8.8.

Using PatchDiff-AI, Akamai researchers performed automated root cause analysis of the patch and correlated it with an observed in-the-wild exploit attributed to the Russian state-sponsored threat actor APT28.

This blog post provides a technical breakdown of CVE-2026-21513, a description of its root cause, and an analysis of its exploitation.

We have included a list of indicators of compromise (IOCs) in this blog post to assist in defense against this threat.

more →  ·  More from Akamai Technologies →