CVE-2026-21218

High

Published: 10 February 2026

Published

10 February 2026

Modified

12 February 2026

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS Score 0.0004 13.7th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-21218 is a high-severity Improper Handling of Missing Special Element (CWE-166) vulnerability in Microsoft .Net. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 13.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique.

Threat & Defense Details

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1557 Adversary-in-the-Middle Credential Access

Adversaries may attempt to position themselves between two or more networked devices using an adversary-in-the-middle (AiTM) technique to support follow-on behaviors such as [Network Sniffing](https://attack.

attack.mitre.org →

Why these techniques?

Network-exploitable spoofing flaw (no auth/UI) directly enables public app exploitation (T1190) and adversary-in-the-middle spoofing (T1557).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Improper handling of missing special element in .NET allows an unauthorized attacker to perform spoofing over a network.

Deeper analysisAI

CVE-2026-21218 is a vulnerability in .NET stemming from improper handling of a missing special element. This flaw enables an unauthorized attacker to perform spoofing over a network. The issue carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) and is classified under CWE-166.

Any unauthenticated attacker with network access can exploit this vulnerability due to its low attack complexity and lack of required privileges or user interaction. Successful exploitation allows the attacker to achieve spoofing, resulting in a high impact on integrity while causing no impact on confidentiality or availability.

The Microsoft Security Response Center advisory provides details on mitigation and patches at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21218.

Details

CWE(s): CWE-166

Affected Products

microsoft

.net

8.0.0 — 8.0.24 · 9.0.0 — 9.0.13 · 10.0.0 — 10.0.3

CVEs Like This One

CVE-2026-32178Same product: Apple Macos

CVE-2026-26171Same product: Apple Macos

CVE-2026-26127Same product: Apple Macos

CVE-2025-21171Same product: Apple Macos

CVE-2026-32203Same product: Apple Macos

CVE-2025-0502Same product: Apple Macos

CVE-2026-35560Same product: Apple Macos

CVE-2026-3598Same product: Apple Macos

CVE-2025-21172Same product: Apple Macos

CVE-2026-5883Same product: Apple Macos

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21218
Vendor Advisory · secure@microsoft.com