APT28 Tied to CVE-2026-21513 MSHTML 0-Day Exploited Before Feb 2026 Patch Tuesday
Mar 02, 2026
Vulnerability / Threat Intelligence
A recently disclosed security flaw patched by Microsoft may have been exploited by the Russia-linked state-sponsored threat actor known as APT28 , according to new findings from Akamai. The vulnerability in question is CVE-2026-21513 (CVSS score: 8.8), a high-severity security feature bypass affecting the MSHTML Framework. "Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network," Microsoft noted in its advisory for the flaw. It was fixed by the Windows maker as part of its February 2026 Patch Tuesday update. However, the tech giant also noted that the vulnerability had been exploited as a zero-day in real-world attacks, crediting the Microsoft Threat Intelligence Center (MSTIC), Microsoft Security Response Center (MSRC), and Office Product Group Security Team, along with Google Threat Intelligence Group (GTIG), for reporting it. In a hypothetical attack scenario, a threat actor could weaponize th...
