Description
Improper handling of missing special element in .NET allows an unauthorized attacker to perform spoofing over a network.
Published: 2026-02-10
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Spoofing over network causing unauthorized identity forgery
Action: Assess Impact
AI Analysis

Impact

The flaw arises when .NET improperly handles a missing special element during communication. An attacker who can influence the network exchange may craft messages that appear to originate from a legitimate source, enabling spoofing. This compromises the integrity of authenticated interactions and can lead to further attacks such as phishing or unauthorized access. The weakness is identified as CWE‑166, which describes improper validation or implementation of data structures.

Affected Systems

The vulnerability affects Microsoft’s .NET framework versions 10.0, 8.0, and 9.0. No additional product version details are supplied, and the attack is driven by missing data elements in network‑delivered streams rather than OS or hardware dependencies.

Risk and Exploitability

The CVSS score of 7.5 indicates a high severity of potential impact when the flaw is triggered. The EPSS score of less than 1 % suggests that exploitation attempts are currently rare, and the vulnerability is not yet catalogued by CISA’s KEV list. The likely attack vector is a network‑based transmission of crafted data to a .NET application that performs inadequate validation. Because the flaw requires injection of a missing special element, the conditions for exploitation are relatively specific, which limits its immediate threat but still warrants monitoring.

Generated by OpenCVE AI on April 15, 2026 at 16:31 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Contact Microsoft for advisory or patch availability and apply the update as soon as it is released
  • Consider adding application‑level input validation to flag missing or malformed special elements before processing
  • Implement network traffic monitoring or IDS signatures to detect anomalous message patterns that may indicate spoofing attempts

Generated by OpenCVE AI on April 15, 2026 at 16:31 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-qvhc-9v3j-5rfw Microsoft Security Advisory CVE-2026-21218 | .NET Security Feature Bypass Vulnerability
History

Thu, 12 Feb 2026 17:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Linux
Linux linux Kernel
Microsoft windows
CPEs cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos
Linux
Linux linux Kernel
Microsoft windows

Wed, 11 Feb 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 10 Feb 2026 18:15:00 +0000

Type Values Removed Values Added
Description Improper handling of missing special element in .NET allows an unauthorized attacker to perform spoofing over a network.
Title .NET Spoofing Vulnerability
First Time appeared Microsoft
Microsoft .net
Weaknesses CWE-166
CPEs cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft .net
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C'}

Subscriptions

Apple Macos
Linux Linux Kernel
Microsoft .net Windows
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-04-10T13:21:10.988Z

Reserved: 2025-12-11T21:02:05.731Z

Link: CVE-2026-21218

cve-icon Vulnrichment

Updated: 2026-02-11T15:29:15.295Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-10T18:16:22.967

Modified: 2026-02-12T17:35:25.617

Link: CVE-2026-21218

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T17:45:10Z

Weaknesses