Spoofing Vulnerability in .NET Framework by Microsoft
CVE-2026-21218

7.5HIGH

Key Information:

Vendor: Microsoft
Status: .net 10.0; .net 8.0; .net 9.0
Vendor: CVE Published:; 10 February 2026

What is CVE-2026-21218?

An improper handling of missing special elements in the .NET Framework could allow an unauthorized attacker to spoof identity or data over a network, posing significant risks to application integrity and security. Organizations utilizing affected versions are advised to review their security posture and implement the necessary updates to mitigate potential exploitation.

Affected Version(s)

.NET 10.0 10.0.0 < 10.0.3

.NET 8.0 8.0.0 < 8.0.24

.NET 9.0 9.0.0 < 9.0.13

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisorypatch

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 10, 2026
Vulnerability Reserved
Dec 11, 2025

CVE-2026-21218 Data

JSON