CVE-2026-21218 — Improper Handling of Missing Special Element in Microsoft NET 10.0

CWE-166 — Improper Handling of Missing Special Element9 documents7 sources

Severity

7.5HIGHNVD

EPSS

0.0%

top 86.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft NET 10.0 Microsoft NET 8.0 Microsoft NET 9.0 +1 more

Timeline

PublishedFeb 10

Latest updateFeb 16

Description

Improper handling of missing special element in .NET allows an unauthorized attacker to perform spoofing over a network.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶NVDmicrosoft/net8.0.0 — 8.0.24+2

▶CVEListV5microsoft/net_8.08.0.0 — 8.0.24

▶CVEListV5microsoft/net_9.09.0.0 — 9.0.13

▶CVEListV5microsoft/net_10.010.0.0 — 10.0.3

🔴Vulnerability Details

GHSA

Microsoft Security Advisory CVE-2026-21218 | .NET Security Feature Bypass Vulnerability↗2026-02-10

▶

OSV

CVE-2026-21218: Improper handling of missing special element in↗2026-02-10

▶

OSV

Microsoft Security Advisory CVE-2026-21218 | .NET Security Feature Bypass Vulnerability↗2026-02-10

▶

CVEList

.NET Spoofing Vulnerability↗2026-02-10

▶

📋Vendor Advisories

Ubuntu

.NET vulnerability↗2026-02-16

▶

Ubuntu

.NET vulnerability↗2026-02-11

▶

Microsoft

.NET Spoofing Vulnerability↗2026-02-10

▶

🕵️Threat Intelligence

Wiz

CVE-2026-21218 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶