• Home
  • cyber
  • Microsoft: MSHTML Framework Zero-Day Vulnerability Lets Attackers Bypass Security Features Over the Network
cyber Vulnerability

Microsoft: MSHTML Framework Zero-Day Vulnerability Lets Attackers Bypass Security Features Over the Network

Feb 10, 2026 2 min read
Microsoft: MSHTML Framework Zero-Day Vulnerability Lets Attackers Bypass Security Features Over the Network

Critical Zero-Day Flaw in MSHTML Framework Exploited in the Wild

On February 10, 2026, Microsoft disclosed a high-severity zero-day vulnerability in the MSHTML Framework, tracked as CVE-2026-21513, which is actively being exploited. The flaw, classified as a security feature bypass (CWE-693), allows attackers to remotely circumvent critical protections in Windows systems.

The vulnerability affects users of Internet Explorer mode in Microsoft Edge and legacy applications that rely on MSHTML for rendering web content. Attackers can exploit it by luring victims into visiting a malicious website or opening a rigged document requiring only a single click. Once triggered, the flaw bypasses defenses like SmartScreen filters and zone protections, granting full system control to the attacker.

Microsoft’s Exploitability Index confirms real-world attacks are underway, with a CVSS score of 8.8 (High) due to its low complexity, network-based attack vector, and impact on confidentiality, integrity, and availability. The company has released a patch via Windows Update, which does not require a system reboot for most users.

Enterprises with legacy dependencies on MSHTML particularly those still using apps incompatible with modern Chromium-based Edge are at heightened risk. The flaw has been linked to nation-state threat actors, underscoring the urgency of patching.

Microsoft has rated the vulnerability as "Important" and recommends disabling Internet Explorer mode unless absolutely necessary, along with auditing applications for MSHTML reliance. The incident highlights the persistent risks of outdated frameworks in enterprise environments.

Source: https://cyberpress.org/mshtml-framework-zero-day-vulnerability/

Microsoft Security Response Center cybersecurity rating report: https://www.rankiteo.com/company/microsoft-security-response-center

"id": "MIC1770825137",
"linkid": "microsoft-security-response-center",
"type": "Vulnerability",
"date": "2/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': 'Enterprises with legacy '
                                              'dependencies on MSHTML, users '
                                              'of Internet Explorer mode in '
                                              'Microsoft Edge',
                        'industry': 'Software',
                        'name': 'Microsoft',
                        'type': 'Technology Company'}],
 'attack_vector': 'Network',
 'date_detected': '2026-02-10',
 'date_publicly_disclosed': '2026-02-10',
 'description': 'Microsoft disclosed a high-severity zero-day vulnerability in '
                'the MSHTML Framework, tracked as CVE-2026-21513, which is '
                'actively being exploited. The flaw allows attackers to '
                'remotely circumvent critical protections in Windows systems, '
                'affecting users of Internet Explorer mode in Microsoft Edge '
                'and legacy applications relying on MSHTML. Attackers can '
                'exploit it via malicious websites or rigged documents, '
                'bypassing defenses like SmartScreen filters and zone '
                'protections to gain full system control.',
 'impact': {'operational_impact': 'Full system control by attackers, bypass of '
                                  'SmartScreen filters and zone protections',
            'systems_affected': 'Windows systems using MSHTML Framework '
                                '(Internet Explorer mode in Microsoft Edge, '
                                'legacy applications)'},
 'initial_access_broker': {'entry_point': 'Malicious websites or rigged '
                                          'documents'},
 'lessons_learned': 'Persistent risks of outdated frameworks in enterprise '
                    'environments',
 'post_incident_analysis': {'corrective_actions': 'Patch deployment, disabling '
                                                  'vulnerable features, '
                                                  'auditing legacy '
                                                  'dependencies',
                            'root_causes': 'Zero-day vulnerability in MSHTML '
                                           'Framework (CVE-2026-21513)'},
 'recommendations': 'Disable Internet Explorer mode unless absolutely '
                    'necessary, audit applications for MSHTML reliance, apply '
                    'Microsoft patch immediately',
 'references': [{'source': 'Microsoft Security Response Center'}],
 'response': {'containment_measures': 'Patch released via Windows Update, '
                                      'recommendation to disable Internet '
                                      'Explorer mode unless necessary, '
                                      'auditing applications for MSHTML '
                                      'reliance',
              'remediation_measures': 'Apply Microsoft patch (CVE-2026-21513)'},
 'threat_actor': 'Nation-state threat actors',
 'title': 'Critical Zero-Day Flaw in MSHTML Framework Exploited in the Wild',
 'type': 'Zero-Day Exploit',
 'vulnerability_exploited': 'CVE-2026-21513 (Security Feature Bypass - '
                            'CWE-693)'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.