{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-21218", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "state": "PUBLISHED", "assignerShortName": "microsoft", "dateReserved": "2025-12-11T21:02:05.731Z", "datePublished": "2026-02-10T17:51:23.973Z", "dateUpdated": "2026-05-11T21:25:22.663Z"}, "containers": {"cna": {"title": ".NET Spoofing Vulnerability", "datePublic": "2026-02-10T16:00:00.000Z", "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.0.0", "versionEndExcluding": "10.0.3"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.0.0", "versionEndExcluding": "8.0.24"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", "versionStartIncluding": "9.0.0", "versionEndExcluding": "9.0.13"}]}]}], "affected": [{"vendor": "Microsoft", "product": ".NET 10.0", "versions": [{"version": "10.0.0", "lessThan": "10.0.3", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": ".NET 8.0", "versions": [{"version": "8.0.0", "lessThan": "8.0.24", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": ".NET 9.0", "versions": [{"version": "9.0.0", "lessThan": "9.0.13", "versionType": "custom", "status": "affected"}]}], "descriptions": [{"value": "Improper handling of missing special element in .NET allows an unauthorized attacker to perform spoofing over a network.", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "CWE-166: Improper Handling of Missing Special Element", "lang": "en-US", "type": "CWE", "cweId": "CWE-166"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-05-11T21:25:22.663Z"}, "references": [{"name": ".NET Spoofing Vulnerability", "tags": ["vendor-advisory", "patch"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21218"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "HIGH", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-11T15:29:08.823948Z", "id": "CVE-2026-21218", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-11T15:29:32.930Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-21218", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-11T15:29:08.823948Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-11T15:29:15.295Z"}}], "cna": {"title": ".NET Spoofing Vulnerability", "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "Microsoft", "product": ".NET 10.0", "versions": [{"status": "affected", "version": "10.0.0", "lessThan": "10.0.3", "versionType": "custom"}]}, {"vendor": "Microsoft", "product": ".NET 8.0", "versions": [{"status": "affected", "version": "8.0.0", "lessThan": "8.0.24", "versionType": "custom"}]}, {"vendor": "Microsoft", "product": ".NET 9.0", "versions": [{"status": "affected", "version": "9.0.0", "lessThan": "9.0.13", "versionType": "custom"}]}], "datePublic": "2026-02-10T16:00:00.000Z", "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21218", "name": ".NET Spoofing Vulnerability", "tags": ["vendor-advisory", "patch"]}], "descriptions": [{"lang": "en-US", "value": "Improper handling of missing special element in .NET allows an unauthorized attacker to perform spoofing over a network."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-166", "description": "CWE-166: Improper Handling of Missing Special Element"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "10.0.3", "versionStartIncluding": "10.0.0"}, {"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "8.0.24", "versionStartIncluding": "8.0.0"}, {"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "9.0.13", "versionStartIncluding": "9.0.0"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-05-11T18:10:01.409Z"}}}, "cveMetadata": {"cveId": "CVE-2026-21218", "state": "PUBLISHED", "dateUpdated": "2026-05-11T18:10:01.409Z", "dateReserved": "2025-12-11T21:02:05.731Z", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "datePublished": "2026-02-10T17:51:23.973Z", "assignerShortName": "microsoft"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", "matchCriteriaId": "F5602070-E5BB-4528-820B-5B0A9040BAF7", "versionEndExcluding": "8.0.24", "versionStartIncluding": "8.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", "matchCriteriaId": "0F518467-1A4D-44C6-A276-55BF97C04368", "versionEndExcluding": "9.0.13", "versionStartIncluding": "9.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", "matchCriteriaId": "2D24EC6A-A353-476F-ACCF-98AA24E641B9", "versionEndExcluding": "10.0.3", "versionStartIncluding": "10.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E", "vulnerable": false}, {"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper handling of missing special element in .NET allows an unauthorized attacker to perform spoofing over a network."}], "id": "CVE-2026-21218", "lastModified": "2026-02-12T17:35:25.617", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "secure@microsoft.com", "type": "Primary"}]}, "published": "2026-02-10T18:16:22.967", "references": [{"source": "secure@microsoft.com", "tags": ["Vendor Advisory"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21218"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-166"}], "source": "secure@microsoft.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[10.0.0,10.0.3)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[8.0.0,8.0.24)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[9.0.0,9.0.13)"}}], "product": ".net", "vendor": "microsoft"}], "analysis": {"en": {"generated_at": "2026-04-15T16:31:34.953584+00:00", "value": {"mitigation_remediation": ["Contact Microsoft for advisory or patch availability and apply the update as soon as it is released", "Consider adding application\u2011level input validation to flag missing or malformed special elements before processing", "Implement network traffic monitoring or IDS signatures to detect anomalous message patterns that may indicate spoofing attempts"], "summary": {"action": "Assess Impact", "impact": "Spoofing over network causing unauthorized identity forgery"}, "threat_synthesis": {"affected_systems": "The vulnerability affects Microsoft\u2019s .NET framework versions 10.0, 8.0, and 9.0. No additional product version details are supplied, and the attack is driven by missing data elements in network\u2011delivered streams rather than OS or hardware dependencies.", "description_and_impact": "The flaw arises when .NET improperly handles a missing special element during communication. An attacker who can influence the network exchange may craft messages that appear to originate from a legitimate source, enabling spoofing. This compromises the integrity of authenticated interactions and can lead to further attacks such as phishing or unauthorized access. The weakness is identified as CWE\u2011166, which describes improper validation or implementation of data structures.", "risk_and_exploitability": "The CVSS score of 7.5 indicates a high severity of potential impact when the flaw is triggered. The EPSS score of less than 1\u202f% suggests that exploitation attempts are currently rare, and the vulnerability is not yet catalogued by CISA\u2019s KEV list. The likely attack vector is a network\u2011based transmission of crafted data to a .NET application that performs inadequate validation. Because the flaw requires injection of a missing special element, the conditions for exploitation are relatively specific, which limits its immediate threat but still warrants monitoring."}}}}, "created": "2026-02-11T21:52:16.085143+00:00", "updated": "2026-04-15T17:45:10.827932+00:00", "vendors": ["microsoft", "microsoft$PRODUCT$.net"]}