Cyber Resilience

CVE-2026-21243

High

Published: 10 February 2026

Published
10 February 2026
Modified
11 February 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0009 25.6th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-21243 is a high-severity NULL Pointer Dereference (CWE-476) vulnerability in Microsoft Windows Server 2019. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 25.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-11 (Error Handling).

Deeper analysis

CVE-2026-21243 is a null pointer dereference vulnerability (CWE-476) in the Windows LDAP (Lightweight Directory Access Protocol) component. Published on 2026-02-10T18:16:25.480, it carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high severity primarily due to its potential for remote denial-of-service impact.

An unauthorized attacker can exploit this vulnerability over a network with low attack complexity, requiring no privileges, user interaction, or special scoping changes. Exploitation triggers a null pointer dereference, enabling the attacker to cause a denial of service, such as service crashes or resource exhaustion, without compromising confidentiality or integrity.

Microsoft's update guide at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21243 details available patches and recommended mitigation steps for affected Windows systems.

EU & UK References

Vulnerability details

Null pointer dereference in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Null pointer dereference in Windows LDAP enables remote exploitation causing service crash or resource exhaustion (T1499.004: Application or System Exploitation).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-32071Same product: Microsoft Windows Server 2019
CVE-2026-21525Same product: Microsoft Windows Server 2019
CVE-2026-40401Same product: Microsoft Windows Server 2019
CVE-2026-40413Same product: Microsoft Windows Server 2019
CVE-2026-40414Same product: Microsoft Windows Server 2019
CVE-2026-20875Same product: Microsoft Windows Server 2019
CVE-2025-21285Same product: Microsoft Windows Server 2019
CVE-2025-21218Same product: Microsoft Windows Server 2019
CVE-2026-40405Same product: Microsoft Windows Server 2025
CVE-2026-26154Same product: Microsoft Windows Server 2019

Affected Assets

microsoft
windows server 2019
≤ 10.0.17763.8389
microsoft
windows server 2022
≤ 10.0.20348.4711
microsoft
windows server 2022 23h2
≤ 10.0.25398.2149
microsoft
windows server 2025
≤ 10.0.26100.32313

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the null pointer dereference flaw in Windows LDAP by establishing processes to identify, test, and install patches from Microsoft.

prevent

Provides denial-of-service protection mechanisms such as rate limiting or traffic filtering to mitigate remote crashes triggered by unauthorized network attackers exploiting the LDAP vulnerability.

prevent

Requires robust error handling in the LDAP component to manage null pointer dereferences without resulting in service crashes or denial of service.

References