Описание
.NET Spoofing Vulnerability
Improper handling of missing special element in .NET allows an unauthorized attacker to perform spoofing over a network.
FAQ
According to the CVSS metric, the privileges required is none (PR:N). What does that mean for this vulnerability?
The score is based on no user account is needed to perform the attack.
According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N) and availability (A:L), but could lead to major loss of integrity (I:H). What does that mean for this vulnerability?
An attacker who successfully exploited this vulnerability could bypass critical-header validation and the service may accept a message it should reject.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| .NET 8.0 installed on Windows | ||
| .NET 8.0 installed on Linux | ||
| .NET 8.0 installed on Mac OS | ||
| .NET 9.0 installed on Linux | ||
| .NET 9.0 installed on Mac OS | ||
| .NET 9.0 installed on Windows | ||
| .NET 10.0 installed on Windows | ||
| .NET 10.0 installed on Mac OS | ||
| .NET 10.0 installed on Linux |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
EPSS
7.5 High
CVSS3
Связанные уязвимости
Improper handling of missing special element in .NET allows an unauthorized attacker to perform spoofing over a network.
Improper handling of missing special element in .NET allows an unauthorized attacker to perform spoofing over a network.
Microsoft Security Advisory CVE-2026-21218 | .NET Security Feature Bypass Vulnerability
Уязвимость программной платформы .NET, связанная с некорректной обработкой отсутствующего специального элемента, позволяющая нарушителю проводить спуфинг-атаки
EPSS
7.5 High
CVSS3