Microsoft fixed a total of 58 vulnerabilities during Patch Tuesday in February 2026. That is fewer than in many other months. It is striking that six of these vulnerabilities were already being actively exploited before a security update was available. This means that more than ten percent of the patched vulnerabilities had already been exploited at the time of publication.
The details have been published via the Microsoft Security Response Center and the accompanying Security Update Guide. According to Microsoft, the following zero days were actively exploited:
CVE-2026-21510, a security feature bypass in Windows Shell
CVE-2026-21513, a security feature bypass in the MSHTML framework
CVE-2026-21514, a security feature bypass in Microsoft…