CVE-2026-21513

Name of the Vulnerable Software and Affected Versions Microsoft Windows 10 1607 versions prior to 10.0.14393.8868 Microsoft Windows 10 1809 versions prior to 10.0.17763.8389 Microsoft Windows 10 21H2 versions prior to 10.0.19044.6937 Microsoft Windows 10 22H2 versions prior to 10.0.19045.6937

Description A protection mechanism failure in the MSHTML framework allows an unauthorized attacker to bypass security features over a network. The issue stems from a logic flaw in the ieframe.dll component responsible for hyperlink navigation, where insufficient validation of target URLs allows attacker-controlled input to reach execution paths that call the ShellExecuteExW() function. This can be exploited by invoking Internet Explorer using ActiveX forms to execute local or remote resources outside the browser's intended security context. Real-world exploitation has been observed by the threat actor APT28 (Fancy Bear), utilizing malicious .LNK files to bypass the Mark of the Web (MotW) and Internet Explorer Enhanced Security Configuration (IE ESC).

Recommendations Update Microsoft Windows 10 1607 to version 10.0.14393.8868 or later. Update Microsoft Windows 10 1809 to version 10.0.17763.8389 or later. Update Microsoft Windows 10 21H2 to version 10.0.19044.6937 or later. Update Microsoft Windows 10 22H2 to version 10.0.19045.6937 or later.