CVE-2026-21243
Published: 10 February 2026
Summary
CVE-2026-21243 is a high-severity NULL Pointer Dereference (CWE-476) vulnerability in Microsoft Windows Server 2019. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 25.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
Threat & Defense at a Glance
Threat & Defense Details
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Null pointer dereference in Windows LDAP enables remote exploitation causing service crash or resource exhaustion (T1499.004: Application or System Exploitation).
NVD Description
Null pointer dereference in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network.
Deeper analysisAI
CVE-2026-21243 is a null pointer dereference vulnerability (CWE-476) in the Windows LDAP (Lightweight Directory Access Protocol) component. Published on 2026-02-10T18:16:25.480, it carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high severity primarily due to its potential for remote denial-of-service impact.
An unauthorized attacker can exploit this vulnerability over a network with low attack complexity, requiring no privileges, user interaction, or special scoping changes. Exploitation triggers a null pointer dereference, enabling the attacker to cause a denial of service, such as service crashes or resource exhaustion, without compromising confidentiality or integrity.
Microsoft's update guide at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21243 details available patches and recommended mitigation steps for affected Windows systems.
Details
- CWE(s)