Inside The Fix: Analysis Of In-The-Wild Exploit Of CVE-2026-21513
Akamai Technologies, Friday, February 20th, 2026
Microsoft's February 2026 Patch Tuesday addressed 59 vulnerabilities, including six actively exploited zero-days. CVE-2026-21513 stands out because of its active exploitation, high impact, and ability to bypass browser security boundaries and trigger arbitrary file execution.
On February 2026's Patch Tuesday, Microsoft patched CVE-2026-21513, a security features bypass vulnerability within MSHTML framework.
The vulnerability affects all Windows versions, is actively exploited in the wild, and carries a CVSS score of 8.8.
Using PatchDiff-AI, Akamai researchers performed automated root cause analysis of the patch and correlated it with an observed in-the-wild exploit attributed to the Russian state-sponsored threat actor APT28.
This blog post provides a technical breakdown of CVE-2026-21513, a description of its root cause, and an analysis of its exploitation.
We have included a list of indicators of compromise (IOCs) in this blog post to assist in defense against this threat.