CVE-2026-21513

ENISA EUVD: EUVD-2026-7342 ↗

Exploited in the Wild ✓ Confirmed 0-Day ★ Google Project Zero

Triaged: Feb. 18, 2026 23 articles

VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ Advisory ↗ P0 Sheet ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-24

24.67%

probability

This CVE has a 24.67% probability of being exploited in the next 30 days.

0% Top 96.2th percentile of all CVEs 100%

CVSS v3.1

Source: NVD

8.8

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Temporal

Exploit Code Maturity

Unproven

Remediation Level

Official Fix

Report Confidence

Confirmed

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Description

Project Zero

Microsoft Office Security Feature Bypass Vulnerability

Affected Products

Microsoft

Windows Server 2012 (Server Core installation)

6.2.9200.0 <6.2.9200.25923

Microsoft

Windows 10 Version 21H2

10.0.19044.0 <10.0.19044.6937

Microsoft

Windows 10 Version 1607

10.0.14393.0 <10.0.14393.8868

Microsoft

Windows Server 2019 (Server Core installation)

10.0.17763.0 <10.0.17763.8389

Microsoft

Windows Server 2016

10.0.14393.0 <10.0.14393.8868

Microsoft

Windows 11 version 26H1

10.0.28000.0 <10.0.28000.1575

Microsoft

Windows Server 2012

6.2.9200.0 <6.2.9200.25923

Microsoft

Windows Server 2012 R2

6.3.9600.0 <6.3.9600.23022

Microsoft

Windows 11 Version 23H2

10.0.22631.0 <10.0.22631.6649

Microsoft

Windows 10 Version 21H2

10.0.19044.0 <10.0.19044.6937

Microsoft

Windows 10 Version 22H2

10.0.19045.0 <10.0.19045.6937

Microsoft

Windows Server 2019

10.0.17763.0 <10.0.17763.8389

Microsoft

Windows Server 2022, 23H2 Edition (Server Core installation)

10.0.25398.0 <10.0.25398.2149

Microsoft

Windows Server 2022

10.0.20348.0 <10.0.20348.4773

Microsoft

Windows 11 version 22H3

10.0.22631.0 <10.0.22631.6649

Microsoft

Windows Server 2012

6.2.9200.0 <6.2.9200.25923

Microsoft

Windows Server 2022, 23H2 Edition (Server Core installation)

10.0.25398.0 <10.0.25398.2149

Microsoft

Windows Server 2025

10.0.26100.0 <10.0.26100.32370

Microsoft

Windows Server 2022

10.0.20348.0 <10.0.20348.4773

Microsoft

Windows Server 2016 (Server Core installation)

10.0.14393.0 <10.0.14393.8868

Microsoft

Windows 11 Version 24H2

10.0.26100.0 <10.0.26100.7840

Microsoft

Windows Server 2019 (Server Core installation)

10.0.17763.0 <10.0.17763.8389

Microsoft

Windows Server 2019

10.0.17763.0 <10.0.17763.8389

Microsoft

Windows 11 version 26H1

10.0.28000.0 <10.0.28000.1575

Microsoft

Windows Server 2025 (Server Core installation)

10.0.26100.0 <10.0.26100.32370

Microsoft

Windows Server 2012 (Server Core installation)

6.2.9200.0 <6.2.9200.25923

Microsoft

Windows 11 Version 25H2

10.0.26200.0 <10.0.26200.7840

Microsoft

Windows 11 Version 23H2

10.0.22631.0 <10.0.22631.6649

Microsoft

Windows Server 2012 R2 (Server Core installation)

6.3.9600.0 <6.3.9600.23022

Microsoft

Windows Server 2012 R2

6.3.9600.0 <6.3.9600.23022

Microsoft

Windows Server 2016 (Server Core installation)

10.0.14393.0 <10.0.14393.8868

Microsoft

Windows 10 Version 1607

10.0.14393.0 <10.0.14393.8868

Microsoft

Windows 10 Version 1809

10.0.17763.0 <10.0.17763.8389

Microsoft

Windows 10 Version 22H2

10.0.19045.0 <10.0.19045.6937

Microsoft

Windows Server 2016

10.0.14393.0 <10.0.14393.8868

Microsoft

Windows 10 Version 1809

10.0.17763.0 <10.0.17763.8389

Microsoft

Windows Server 2012 R2 (Server Core installation)

6.3.9600.0 <6.3.9600.23022

Microsoft

Windows 11 version 22H3

10.0.22631.0 <10.0.22631.6649

Microsoft

Windows 11 Version 25H2

10.0.26200.0 <10.0.26200.7840

Microsoft

Windows Server 2025

10.0.26100.0 <10.0.26100.32370

Microsoft

Windows 11 Version 24H2

10.0.26100.0 <10.0.26100.7840

Microsoft

Windows 11 version 26H1

10.0.28000.0 <10.0.28000.1575

Microsoft

Windows Server 2025 (Server Core installation)

10.0.26100.0 <10.0.26100.32370

Attack Intelligence

CWE-693 · Protection Mechanism Failure

Google Project Zero

Patched

Feb. 10, 2026

Reported by

Google Threat Intelligence Group, Microsoft Threat Intelligence Center (MSTIC), Microsoft Security Response Center (MSRC), and Office Product Group Security Team

CISA Adds Six Known Exploited Vulnerabilities to Catalog

CISA-Advisories Feb 10, 2026

CISA Flags Actively Exploited Wing FTP Vulnerability Leaking Server Paths

TheHackerNews Mar 17, 2026

FAQ on CVE-2026-21514: OLE bypass N-Day in Microsoft Word

Tenable-Research Mar 17, 2026

CVE-2026-20127: Cisco Catalyst SD-WAN Controller/Manager Zero-Day Authentication Bypass Vulnerability Exploited in the Wild

Tenable-Research Feb 25, 2026

CISA Flags Actively Exploited n8n RCE Bug as 24,700 Instances Remain Exposed

TheHackerNews Mar 12, 2026

Apple Fixes WebKit Vulnerability Enabling Same-Origin Policy Bypass on iOS and macOS

TheHackerNews Mar 18, 2026

Google Fixes Two Chrome Zero-Days Exploited in the Wild Affecting Skia and V8

TheHackerNews Mar 13, 2026

Critical Unpatched Telnetd Flaw (CVE-2026-32746) Enables Unauthenticated Root RCE via Port 23

TheHackerNews Mar 18, 2026

Critical n8n Flaws Allow Remote Code Execution and Exposure of Stored Credentials

TheHackerNews Mar 11, 2026

CISA Flags SolarWinds, Ivanti, and Workspace One Vulnerabilities as Actively Exploited

TheHackerNews Mar 10, 2026

Microsoft Patches 59 Vulnerabilities Including Six Actively Exploited Zero-Days

TheHackerNews Feb 11, 2026

Microsoft February 2026 Patch Tuesday fixes 6 zero-days, 58 flaws

BleepingComputer Feb 10, 2026

Inside the customer environment: Where threat actors, vulnerabilities, and exposed assets intersect

Tenable-Research May 27, 2026

Operation Epic Fury: Why exposure data changes everything about Iran's cyber-kinetic campaign

Tenable-Research Mar 17, 2026

Microsoft’s February 2026 Patch Tuesday Addresses 54 CVEs (CVE-2026-21510, CVE-2026-21513)

Tenable-Research Feb 10, 2026

Interlock Ransomware Exploits Cisco FMC Zero-Day CVE-2026-20131 for Root Access

TheHackerNews Mar 18, 2026

Apple Issues Security Updates for Older iOS Devices Targeted by Coruna WebKit Exploit

TheHackerNews Mar 12, 2026

Ubuntu CVE-2026-3888 Bug Lets Attackers Gain Root via systemd Cleanup Timing Exploit

TheHackerNews Mar 18, 2026

Veeam Patches 7 Critical Backup & Replication Flaws Allowing Remote Code Execution

TheHackerNews Mar 13, 2026

Dozens of Vendors Patch Security Flaws Across Enterprise Software and Network Devices

TheHackerNews Mar 11, 2026

Signal Intelligence

Confidenceⓘ

92%

EPSS 24.67%

CVSS v3.1 8.8

Mentions 23

Last Seen May 27, 2026

CNA Information

Analyst Note

CVE-2026-21513 is confirmed as a zero-day actively exploited in the wild, evidenced by inclusion in Microsoft's February 2026 Patch Tuesday addressing six zero-days and coverage across multiple authoritative security sources (Tenable, BleepingComputer, TheHackerNews, CISA). The HIGH severity CVSS score (8.8) combined with a protection mechanism bypass in MSHTML Framework and validation by Google Project Zero strongly supports the confirmed status.

Threat Actors 6

APT 28

apt_group Information theft and espionage 🇷🇺 RU

Ice Fog

apt_group Information theft and espionage 🇨🇳 CN

TAG-28

apt_group Information theft and espionage 🇨🇳 CN

Roaming Tiger

apt_group Information theft and espionage 🇨🇳 CN

White Bear

apt_group Information theft and espionage 🇷🇺 RU

Nomad Panda

apt_group Information theft and espionage 🇨🇳 CN

Triage Info

Decided atFeb 18, 2026