PT-2026-7332 · Microsoft+4 · .Net 10.0.2+10
Vcsjones
·
Published
2026-02-10
·
Updated
2026-05-08
·
CVE-2026-21218
CVSS v4.0
8.7
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
.NET versions 8.0.0 through 8.0.22
.NET versions 9.0.0 through 9.0.12
.NET versions 10.0.0 through 10.0.2
Description
The software contains a security feature bypass issue due to improper handling of missing special elements. An attacker could exploit this by crafting a malicious payload that bypasses security checks in the affected System.Security.Cryptography.Cose versions, potentially leading to unauthorized access or data manipulation. If an application does not use System.Security.Cryptography.Cose, it is not affected.
Recommendations
Update the System.Security.Cryptography.Cose NuGet package to version 8.0.24 for .NET 8.0.
Update the System.Security.Cryptography.Cose NuGet package to version 9.0.13 for .NET 9.0.
Update the System.Security.Cryptography.Cose NuGet package to version 10.0.3 for .NET 10.0.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
.Net 10.0.0
.Net 10.0.2
.Net 8.0.0
.Net 8.0.22
.Net 9.0.0
.Net 9.0.12
Linuxmint
Red Os
System.Security.Cryptography.Cose
System.Security.Cryptography.Cose Nuget Package
Ubuntu