CVE-2026-21243
Published: 10 February 2026
Summary
CVE-2026-21243 is a high-severity NULL Pointer Dereference (CWE-476) vulnerability in Microsoft Windows Server 2019. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 25.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-11 (Error Handling).
Deeper analysis
CVE-2026-21243 is a null pointer dereference vulnerability (CWE-476) in the Windows LDAP (Lightweight Directory Access Protocol) component. Published on 2026-02-10T18:16:25.480, it carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high severity primarily due to its potential for remote denial-of-service impact.
An unauthorized attacker can exploit this vulnerability over a network with low attack complexity, requiring no privileges, user interaction, or special scoping changes. Exploitation triggers a null pointer dereference, enabling the attacker to cause a denial of service, such as service crashes or resource exhaustion, without compromising confidentiality or integrity.
Microsoft's update guide at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21243 details available patches and recommended mitigation steps for affected Windows systems.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-7317
Vulnerability details
Null pointer dereference in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Null pointer dereference in Windows LDAP enables remote exploitation causing service crash or resource exhaustion (T1499.004: Application or System Exploitation).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the null pointer dereference flaw in Windows LDAP by establishing processes to identify, test, and install patches from Microsoft.
Provides denial-of-service protection mechanisms such as rate limiting or traffic filtering to mitigate remote crashes triggered by unauthorized network attackers exploiting the LDAP vulnerability.
Requires robust error handling in the LDAP component to manage null pointer dereferences without resulting in service crashes or denial of service.