#VU122547 Protection Mechanism Failure in Microsoft products - CVE-2026-21513
Published: February 10, 2026 / Updated: February 27, 2026
Vulnerability identifier: #VU122547
Vulnerability risk: Critical
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red
CVE-ID: CVE-2026-21513
CWE-ID: CWE-693
Exploitation vector: Remote access
Exploit availability:
The vulnerability is being exploited in the wild
Vulnerable software:
Windows
Windows Server
Microsoft Internet Explorer
Windows
Windows Server
Microsoft Internet Explorer
Software vendor:
Microsoft
Microsoft
Description
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient implementation of security measures within the ieframe.dll component when handling hyperlinks. An attacker can trick the the victim into clicking on a specially crafted link or on a shortcut (.lnk) file and execute arbitrary code on the system.
Note, the vulnerability is being actively exploited in the wild.
Remediation
Install updates from vendor's website.