Summary

A high-severity security flaw in the MSHTML Framework, identified as CVE-2026-21513, was exploited by the Russian state-sponsored group APT28 before being patched by Microsoft in February 2026.

Key Points

• CVE-2026-21513 is a high-severity vulnerability with a CVSS score of 8.8.
• The flaw is a security feature bypass in the MSHTML Framework.
• APT28, a Russia-linked threat actor, is reported to have exploited this vulnerability.
• The issue was patched by Microsoft in February 2026.
• Akamai provided the findings linking APT28 to the exploitation.

Analysis

The exploitation of CVE-2026-21513 by APT28 highlights the persistent threat posed by state-sponsored actors and the importance of timely patching. The vulnerability's high CVSS score underscores its potential impact, particularly as it involves a security feature bypass in a widely used framework like MSHTML. Organizations must remain vigilant and prioritize updates to mitigate such risks.

Conclusion

IT professionals should ensure that all systems are updated with the latest patches from Microsoft to protect against CVE-2026-21513. Continuous monitoring and threat intelligence are crucial to defend against sophisticated threat actors like APT28.