APT28 Linked to High-Severity MSHTML Security Flaw CVE-2026-21513

A high-severity security flaw, tracked as CVE-2026-21513 with a CVSS score of 8.8, affects the MSHTML Framework and involves a protection mechanism failure enabling unauthorized actions. The Russia-linked state-sponsored threat group APT28 is suspected of exploiting this vulnerability before Microsoft addressed it in the February 2026 Patch Tuesday updates. The flaw is classified as a security feature bypass within the MSHTML component. Akamai researchers identified the connection between APT28 and the exploitation of this zero-day vulnerability. No additional technical details about the attack vector or impact were disclosed in the available content.